Information Systems Management The Term Hacking

Questions: Discuss the following points..1. Online security and hacking2. Techniques used by hackers3. Hackers and their activities4. Reasons for hacking5. Preventive measures taken by companies Answers: Introduction: The term hacking is often misinterpreted. Sverdlove (2014) stated that the incident of using a system in unpredictable or unintended way can be considered as hacking. Bodhani, (2012) suggested that use of hacking is effective for finding the shortcomings of a system. Although hacking can be used for assessing a system, the term mainly stands for breach of security in a system. However, recently use of hacking is increasing for accessing a system without authorization. Bradbury (2014) opined that gaining unauthorized access to a system can be considered as cracking. As the use of internet increased in past few years , incidents of hacking also increased. Currently users of internet services face severe challenges for protecting their information from hackers. Although the traditional hacking techniques are changed significantly, incidents regarding security loss due to use of conventional hacking methods has not been reduced. However evolution in hacking techniques makes the process o f protecting information more difficult. In this essay, both the traditional and modern hacking techniques are discussed. The essay also contains analysis on hacking purposes and preventive measures of hacking. 1. Online security and hacking: Figure 1: Hacking process (Source: Broad and Bindner, 2014,pp. 67) With the increase in internet services, incidents of hacking are also increasing. The hackers at the first stage scan the computers which are connected using internet. Hackers use several methods such as using credentials for getting access to a computer. Once the hackers get access to the computer they modify the data. Analysis on the hacking process indicates that the chances of being hacked are more for the computers which are connected using internet. 2. Techniques used by hackers: Viruses: Hacking attacks using viruses affect the functionality of a system. Finkbeiner, (2013) stated that that viruses are special programs which can replicate themselves. According to Broad and Bindner (2014) viruses have abilities to attach themselves with other programs or machine. Whenever the infected program or machine runs, virus is replicated and attached with new programs. Sverdlove (2014) opined that use of virus in hacking cause flow of unwanted traffic into a system. However the viruses can be classified according to their effect on system. Resident viruses: The viruses which reside into the memory of computer can interrupt the process of running a program. The effects of using resident viruses for hacking purpose are seen while executing programs. The viruses residing into RAM also impacts on the process of opening or reading files. File infectors: Hercheui (2012)stated that the operations of files are not only affected due to presence of memory resident viruses, but use of file infectors also restrict an user from accessing required files. Kizza, (2013) found that most of the viruses which are used for hacking falls in to the category of file infectors. Use of file infector enables a hacker to damage the functionality of any program while executing it. Direct action viruses: Direct action viruses have the ability of replicating themselves while being executed. Joe and Ramakrishan (2014) suggest that these viruses affect the files which are residing into the main directory of a computer. It observed that direct action viruses become operative during booting process. Boot viruses: Kizza, (2013) stated that use of boot viruses in hacking enables a hacker to damage the booting ability of a system. However Sverdlove (2014)opined that boot viruses can infect a system if it starts using an unknown disk drive. Overwrite viruses: Hacking techniques are not only used for stealing secret information it may be used for resulting information loss. Hackers can delete information contained in a file by using overwrite viruses. These viruses continue operating until the infected file is deleted. Macro viruses: Analysis on the current hacking trends indicates that the use of macro viruses is increasing. Use of macro virus impacts on the internet activities which are being conducted using the infected system. Joe and Ramakrishan (2014) state that use of macro virus results automatic execution of some processes. Use of macro viruses for hacking changes the browser settings or search settings of the infected system. Kizza, (2013) opines that the original search setting is impossible to be retrieved of a system is infected due to use of macro virus. However, Hercheui (2012) suggests that the chances of being affected by macro virus increase while downloading free programs such as computer games or free wall papers. Key Logging: Password stealing is one of the most common ways for gaining unauthorized access to a system .In case of business organizations user id or password loss can lead to loss of important data. Use of key logging techniques enables hackers for accessing information about the password. Hackers can use both software and hardware key logging systems for staking information regarding the password. However, (AS) states that use of software key loggers provides the hackers with more flexibility for installing and controlling the system. The hackers using software key logger get information on each stroke on the key board. Kizza, (2013) opined that the key logger software is able to identify the activities on key board and stores the information into software log. According to Sverdlove (2014), it is difficult to determine whether key logger software is present in a system is difficult as these programs execute at the backend. Hackers also prefer to use key logging software as it no t only can be installed quickly into a system, it does not reveal the identity of hacker also. Although the software key logger systems are used more, chance for losing secret information is high due to use of hardware key loggers also. Although the hardware key loggers can be installed using the USB port of system within negligible time, the hackers require accessing a computer physically for installing the device. Kramer (2012) opined that need of getting physical access to a software reduces the use of hardware key logger for hacking. Sniffing and spoofing: As the use of internet is increasing rapidly, the traditional hacking techniques are also changing. Although the use of online hacking methods such as spoofing and sniffing are comparatively new, the number of victims due to use of these hacking techniques are increasing. Use of sniffing provides the hacker with opportunity of accessing data which is being transmitted over a network. Kramer (2012) stated that snuffing can be used for monitoring important data over a network. However, sniffing can lead to loss of security if it is used by hackers. Kizza, (2013) suggested that the chance of being attacked by spoofing techniques is more among e-mail users. Hackers who are using spoofing methods send emails to internet users. In most of the cases receivers of these emails fail to distinguish between emails coming from authentic users and emails sent by hackers. If the emails sent for spoofing purposes are read, hackers can access control over the users system. Denial of service (DoS) attacks: Sverdlove (2014) stated that denial of service attacks are used for terminating functionality of a system by generating high traffic within it. Use of DoS attacks enables hackers for sending huge amount of data to the target machine from different computers. As huge amount of traffic is directed to a system by using denial of service attacks, it stops its required functions. Instead of executing intended operations, the infected system deals with the unnecessary data flow within it. According to Joe and Ramakrishan, (2014) DoS methods are also one of the emerging trends of hacking. Kizza, (2013) stated that use of DoS attacks can affect the functionality of a system for long term by terminating the internet services. Social engineering: Social engineering techniques can be implemented by using either manual efforts or computer based techniques (Jacobson, 2013). As stated by Hercheui (2012) machine based social engineering techniques include phishing, online scams and baiting. Chances of being victim of baiting are high among those users who use internet for downloading games of movies. Hackers use e-mail services for implementing phishing techniques (Joe and Ramakrishan, 2014). According to Kramer, (2012) the number of victims of online scam is increasing due to lack of awareness on safe practices of e-mail handling among users. 3. Hackers and their activities: Hackers can be classified as white hat hacker, grey hat hacker and black hat hackers on basis of their activities (Jacobson, 2013). Although the term hacking is used for indicating incidents on accessing a system without authorization, hackers also aim at finding bugs into a system (Joe and Ramakrishan, 2014). White hat hackers: As stated by Hercheui, (2012) hackers have the ability to modify computer systems. Although the functioning of white hat hackers is almost same with that of other hackers, white hat hackers aim at improving a system. White hat hackers access a system for finding its short comings (Zdziarski, 2012). Black hat hackers: Black hat hackers use their abilities of accessing computer systems for conducting criminal activities. Grey hat hackers: Grey hat hackers can use their abilities for either conducting criminal activities or examining a system. The hackers who do not use their abilities for personal profit can be referred as grey hat hackers (Sverdlove, 2014). 4. Reasons for hacking: Analysis on the recent trends of hacking activities indicates that most of the hacking activities are conducted for accessing secret information without authorization (Stallings, 2013). Often hackers aim at degrading the performance of a system instead of only accessing information. Hacking can also be used for assessing strength of a system (Michael, 2012). 5. Preventive measures taken by companies: Analysis on the hacking techniques which are being used currently indicates that the threat of losing confidential data is increasing due to evolution of traditional hacking techniques. Sverdlove (2014) stated that the incidents of important data loss can be prevented by increasing security of the system. Loss of confidential data not only causes huge financial loss for a business, it also impacts on the future activities of the organization in market. However the organizations can use protective measures such as antivirus and firewalls for preventing unauthorized users from accessing a system. Bradbury (2014) states that use of tools only does not makes the systems secured, users also require developing safe internet practices for avoiding private data loss. Use of firewalls: Use of internet is increasing for executing the tasks related with business. As a result, the organizations are facing difficulties for protecting data from unauthorized users. Use of firewall can enable the organizations to increase network securities. According to Hercheui, (2012) firewalls scan both the incoming as well as outgoing data while two networks are communicating. On basis of the scanning process, suspected actions are prevented. Sverdlove (2014) stated that firewalls follow some rules for controlling traffic in a network. As these rules can be set by network administrators, use of firewalls can enable organizations to prevent unwanted communications among networks. However, use of firewalls does not ensure that the system is completely protected. As the firewalls scans both incoming and outgoing traffic, it can prevent a system from communicating with other networks. Apart from this security of system also varies according to the nature of firewall. Ap plication firewalls check the content of each incoming and outgoing packets. Then these firewalls take decision whether a particular packet will be allowed to communicate with other networks or not. Although use of application firewall provides better security than using packet firewalls, often these firewalls restrict some specific sources from communicating. Apart from this, high cost of implementing firewalls also reduces its effectiveness. Use of antivirus: Although the incidents of online scams are increasing, hackers can access data due to presence of virus and worm into a computer. Presence of virus not only increase the chances of hacking but it also prevents the machines from executing normal functions. Use of antivirus not only increases security of the system but also makes it more efficient. However the antivirus requires being updated regularly for protecting new hacking methods. Often computers contain spyware or adware software. Although presence of such software does not increase security threats directly, presence of such programs can create pop-ups while a user is using internet. Kramer, (2012) states that speed of a computer reduces significantly due to presence of adware or spyware programs. According to Kizza (2013) strength of a system is an important factor for reducing the number of hacking attacks. It also indicates that presence of spyware or cookies reduces strength of a system and thus number of hacking attacks into such systems increases. Hercheui, (2012) opines that installation of anti-adware or anti-spyware programs in a computer reduces the number of unwanted software. Thus the strength of system increases and the process of protecting system from unauthorized access become easier. Hackers implement innovation in their existing techniques and thus the task of avoiding such activities become more difficult. It indicates that this anti- spyw are software require being updated regularly so that these programs can execute their tasks effectively. Using strong passwords: Use of strong passwords reduces the chance of hacking. Use of longer and complex passwords increases the number of possible combinations and thus it increases difficulty for guessing passwords. However the organizations also can implement two stage authentication policies to make their systems secure. Regularly updating OS and software: Most of the operating systems provide users with opportunities for implementing security techniques. As the natures of hacking techniques are being changed continuously, software manufacturers are also updating their products to reduce the number of bugs. Use of updated software strengthens the system and thus the system becomes more secured. According to Sverdlove (2014) use of updated operating system reduces the chance of being hacked by fixing potential security issues. Implementing safe internet practices: Although the availability of tools for preventing hacking attacks increased, the importance of using safe internet practices is also increasing. The organizations which require using internet services extensively, provides employees with guidelines for using internet safely. As the number of phishing attacks is increasing rapidly, employees are also provided with guidelines for safe e-mail handling practices (Kramer, 2012). The current trends of hacking activities indicate that often the hackers aim at deleting data instead of accessing it. Organizations require protecting their data by creating back up files. Creation of back up file reduces the chances of data loss even if a system is infected. Conclusion: Analysis on the hacking trends indicates that the hackers are using new techniques for accessing secured systems. Although the use of new techniques is increasing, risks caused by old hacking techniques are not reduced. Hacking attacks not only causes data loss for a system but also affect long term activities. However hacking attacks can be prevented by using firewall and antivirus programs. Awareness among users regarding safe practices for internet using can also reduce hacking attacks. References Bodhani, A. (2012). Bad... in a good way [ethical hacking]. Engineering Technology, 7(12), pp.64-68. Bradbury, D. (2014). Unveiling the dark web. Network Security, 2014(4), pp.14-17. Broad, J. and Bindner, A. (2014). Hacking with Kali. Waltham, MA: Elsevier Science. Finkbeiner, A. (2013). Researchers split over NSA hacking. Nature, 502(7470), pp.152-152. Hercheui, M. (2012). ICT critical infrastructures and society. Berlin: Springer. Jacobson, M. (2013). Applied cryptography and network security. Berlin: Springer. Joe, M. and Ramakrishan, B. (2014). Enhancing Security Module to Prevent Data Hacking in Online Social Networks. Journal of Emerging Technologies in Web Intelligence, 6(2). Kizza, J. (2013). Guide to computer network security. London: Springer. Kramer, J. (2012). Hacking the Kinect. [New York]: Apress. Lopez, J., Huang, X. and Sandhu, R. (2013). Network and system security. Berlin: Springer. Michael, K. (2012). Hacking: The Next Generation. Computers Security, 31(6), p.799. Stallings, W. (2013). Cryptography and network security. Upper Saddle River, N.J.: Prentice Hall. Sverdlove, H. (2014). The Java vulnerability landscape. Network Security, 2014(4), pp.9-14. Zdziarski, J. (2012). Hacking and securing iOS applications. Sebastopol: O'Reilly Media. Often computers contain spyware or adware software. Altho