Saturday, May 2, 2020
Information Systems Management Management
Question: Identify the common ways hackers use to gain access to systems and SECONDLY to analyse and evaluate the methods and systems that are being used to block the attacks and defend the systems. Answer: Information Systems security is pretty important these days since all of the information is stored on computer systems and networks which are accessed by many people who make changes to the saved information and add or modify or delete the information. Information Systems of businesses and corporates are of crucial importance since they contain all of the companys data regarding the employees, employees details, business deals, strategies etc., and if the information system gets compromised then all of the information of the company will get leaked and thus pose a risk for the companys future (Bosworth and Kabay, 2002). There may be several purposes of hacking into information systems. Lets take a look at them one by one: Hacking to disrupt the companys working or to steal data: Often rival companies and business hire hackers to hack into other companys information systems and get vital information about their strategies and plan of actions etc (Schifreen, 1994). Hacking for fun: Sometimes there are some hackers who do it just for fun, they will hack into an information system and play with the content and then leave them. Though there is less risk of data loss in this case but there is a significant modification done by hackers which then results in risks for the future developments to be taking place in the company. Hacking to Prove: There are also hackers who do hacking to show some top organizations who claim their security systems to be unhackable that their systems can be hacked. Though this does less to no harm to the organisation since the organisations pay the hacker later on to let the organisation about the vulnerability he/she exploited and the ways to fix it (Nf, 2001). Therefore, some hackers make an earning from it. Sometimes, hackers amongst themselves bet on who will hack a particular organisations information system. And thus the information systems get hacked. Hacking to steal money: In some cases where the information systems of banks are hacked, the hacker not only wants to get access the information system but also tries to steal money by transferring them into his / her account. Hackers may also hack an organisations information systems to sell that information to the companys rivals and earn money through it (Orlov, 2012). Hacking for status: Some hackers may also hack information system to get a status and position among the fellow hackers. Hacking in competition / war: Sometimes, the rivalry of two nations or regions also comes into the hacking arena, where hackers from two countries try to hack into the systems and destroy data of the other country. One such example is the hacking war which was prevalent in Indian and Pakistanis hackers in the year 2013 where hackers from both the nations would hack into the websites and information systems of the other nation and then would leave a mark of their group or country on the hacked website or the system. Above mentioned were the main reasons why hacking of information takes place and it also highlights the potential threats that the victims may face after the hacking takes place. In some cases it is good since the hacker lets the organisation know about its information systems weakness while in other cases it is pretty harmful since the hacker may use the information for his / her own personal benefits or may sell the data to earn money from it. Based on the reasons of hacking mentioned above. The hackers can be divided among three basic categories: Black Hat hackers: Black hat hackers are the ones who hack into information systems to harm the organisation and steal data or money from the information system. White Hat hackers: White hat hackers are the hackers, which some large organisations employ in their organisation to protect their information systems from outside hackers. White hat hackers try to make the information systems security foolproof so that no black hat hacker can gain unauthorized access to the information system and steal data or money (Joe and Ramakrishan, 2014). Grey Hat hackers: Grey hat hackers are the ones which lie somewhere between the black hat hackers and the white hat hackers. They hack into the systems without the permission of the administrator but do not steal any data. They do it mostly for fun or if they want they would ask the organisation to pay them money to tell the organisation about a potential exploit which helped them to hack into the system. Some recent hacking attempts and hackings: Operation Aurora: Operation Aurora which happened in the year 2009 was a cyber-attack series on top IT organisations in the world including the likes of Google, Yahoo, Adobe, Rackspace etc from June 2009 to December 2009. This attack was done by a group of hackers called the Elderwood Group based in Beijing (China). It is said to have been supported by the Peoples Liberation Army in China. After the hacking attempts stopped Google quit the Chinese market and later revealed about the attacks in a blog post. Truecaller Hack: Truecaller which is a mobile application which gets the information of an unknown number which calls on your mobile phone so that you know if you want to pick up a particular call or not was hacked in the year 2013 (Agwu, 2013). The database of true caller was hacked due to which the private information of thousands of customers was compromised. Truecaller was hacked by a group of hackers called the Syrian Electronic Army or SEA. Ebay Hack: In February-March 2014, Ebay was hacked by some unknown hackers due to which the records of over 233 million customers and users was stolen including usernames, phone numbers, passwords and even physical addresses of the users. Sony Pictures Entertainment: On November 14, 2014, Sony Pictures Entertainments data was hacked by a group of hackers who called themselves Guardians of Peace also called GoP and asked the banning of the movie The Interview which was based on the assassination of a leader from North Korea named Kim Jong-un. And it was alleged that the North Korean government sponsored the attack, but the North Korean government denied from taking any responsibility of the attacks (Fischetti, 2011). The attacks compromised private of Sony, including its employees details, details about the employees families etc. The above mentioned hacks were some of the largest hacks of Information Systems to have been taken place in the past few years in which a large amount of data and information was compromised. And as seen from the above examples that whenever a hacking of large scale is planned, it never happens that only a single person is behind the hack, there is always a group of hackers who denote themselves by some name who are behind hacks involving large scale data. Now lets take a look at the ways the hackers adopt / use to hack into information systems of organizations (Anon, 2000). There are several ways and exploits and every day some or the other new exploit comes out into the open and then get fixed, so it would not be possible to cover all the hacking methods into a single paper. But we will cover the most commonly used ways of hacking into this paper. Also other hacking methods are most of the times some variations of the common ways of hacking. Reasons for Information System getting hacked There are several reasons due to which an information system may get hacked. Below are some of them Web Applications which are vulnerable: The information system may be running applications which are vulnerable for use on the web. Some administrators may not be security aware. Security patches which are out of date. Every day new threats arise on the web, thus it is necessary that the organisation applies security patches which are up-to-date (Ghosh, 2004). Missing passwords or easily guessable passwords: Use of passwords which can be easily guessed or no passwords for privileged accounts are also a reason for information system getting hacked. Methods used for Hacking I. Using privileged accounts In many It companies there are many privileged accounts which are very powerful in terms of the authority they have as compared to other accounts. The first hack mentioned above, Operation Aurora, took place due to the privileged accounts of the companies not being secured. And these accounts are not often recognized by Identity Access Management systems (IAM). Thus no automated way is there to control and manage the privileged accounts. Some examples of privileged accounts are: Service Accounts: The service accounts have privilege login usernames / IDs and passwords. Super-user / Admin login accounts: These are the account of the users who have the highest authority and are used to make significant changes into the system, install applications, remove applications, add users etc (Wilson, 2004). Application to application: Some information systems sun applications which need to interact with some other application either on the same system or on some application outside the home system, in such cases, the IDs and passwords can be stolen while the data is being transferred from one application to the other. If privileged accounts are hacked then there is nothing more the hacker needs to do in order to gain access to the system. All he / she needs to do is to login and steal data or make changes to the data, add users, install bots, or Trojans etc. and gain full access to the system. To stop compromising privileged accounts the following steps can be taken: Finding Keys: These involve carrying a thorough audit and analysis of the whole network and information system and get the exact location where the privileged accounts reside in the system (Lewis, 2012). And then keeping a check that the security of these accounts is maintained by changing the passwords on regular intervals and that sufficient number of checks are there so as to login into these accounts. Closing Security holes: Any security hole should be fixed immediately without any delay so that the hackers do not get any chance to get into the system. Securing the External Entities: Making sure that the external entities are well secured. Ensuring that the systems outside the home organisation with which the home system is connected or connects timely to get data or transfer data such as cloud partners etc. are secured and they follow the security guidelines. II. Trojan Horse / Virus / Worms Trojan horse are programs which dont do the harm themselves but they open the doors or vulnerabilities for the hackers to install ad run some virus or external application such as spywares or malwares into an information system. Trojan horses allow the hackers to gain access to an information system and then make changes to the system. Trojan horses are propagated through .exe files (Ghosh, 2004). Most of the developers of Trojan horses send the .exe file attached to mails to the targets which when clicked install the Trojan on the target computer and then the computer on which the Trojan is installed also works as a server and spreads the Trojan to other computers on the network called botnets. Some ways to protect a system from Trojans are as follows: Do not open mails from unknown senders or mails from weird email ids, especially the ones which contain link to some external application program or have an attached .exe file with them (Joe and Ramakrishan, 2014). Do not use pen drives or flash drives which have come from some other systems in the information system, since they may contain Trojans. III. Distributed Denial of Service (DDoS) Distributed Denial of Service or DDoS is a superset of Denial of Service attack. In distributed denial of service, a web server or the information system is flooded with many number of pings within a single second on some open ports and after several minutes or hours the web server or the information system gets down due to the heavy amount of traffic it receives due to the pings and requests (Gupta, Joshi and Misra, 2010). In most of the cases big and large systems recover easily from such DDoS attacks. Ways to secure the information system from DDoS attacks: Do not keep unused ports open on the web server or on the information system. Since hackers use the open ports to launch a DDoS attacks, thus it is advisable to close any open ports which are not used on the system. Use not-so-used ports. There are several ports which are common to several applications and thus the hacker knows that those ports will be open. One way to secure a system from DDoS is to use non-conventional ports so that the hackers are not able to find out opne ports easily. Use some scripts in python which will filter out the bad traffic and only let the legit traffic reach to the ports (Gupta, Joshi and Misra, 2010). Specialized DDoS mitigation appliances: There are dedicated DDoS appliances available which help a system from getting down from DDoS attacks. On the ISP level: There are several ISPs which themselves block the illegitimate traffic (bad traffic) and thus prevent the systems from DDoS attacks. Cloud Provider: There are several cloud based hosts which do not let the illegitimate traffic to reach the system as they filter out the bad traffic at their servers only. Examples of such a cloud host is Cloudflare, Maxfront CDN etc. III. Packet Sniffing There are programs and applications called packet sniffers which steal the data travelling over a network (Rupam, Verma and Singh, 2013). Often the usernames and passwords etc. travel over the network which can be sniffed by packet sniffers used by hackers. Ways to protect system and network from Packet Sniffing: Change default passwords and use WPA2 encryption always since WPA2 is almost next to impossible to hack. Use long passwords and passwords which cannot be easily guessed for the routers and modems (Ansari, Rajeev and Chandrashekar, 2002). Use SSL i.e. Secure Socket Layer for all the data transfers taking place on the network. Use VPNs i.e. Virtual Private Network. When using VPN the data can be seen only at the receiving end and the senders end and thus no one can sniff the data travelling in between the two ends. IV. Cross Site Scripting / SQL Injection In cross site scripting the user or the hacker inserts some malicious code which maybe java/ JavaScript code from the client side which upon reaching the server application runs on the server side and sends the information back to the hacker. One way to submit codes to the server is through comments on sites or through contact forms on the websites which are directly connected to the information system servers (Fox, 2012). This way the attacker gets information about the server and then hacks into the server. SQL injection also works the same way as XSS. IN SQL injection the user / client injects an SQL code which then executes on the server side and sends the results back to the hacker. The only way to prevent XSS and SSL injection attacks is by doing proper sanitization of all the users submitted comments and queries to ensure that none of them contains any code which may run on the server side and send back the data to the user / hacker (Singh, 2012). In this paper we have covered a lot of the aspects of Security and Hacking of Information systems but there have been many a things which have gone unreported since Information Systems security is a very vast topic. References Agwu, E., 2013. Cyber Criminals on the Internet Super Highways.International Journal of Online Marketing, 3(2), pp.56-74. Anon, 2000. Protect against Internet intruders and hackers.Network Security, 2000(1), p.3. Ansari, S., Rajeev, S. and Chandrashekar, H., 2002. Packet sniffing: a brief introduction.IEEE Potentials, 21(5), pp.17-19. Bergeron, B., 2000. It may be fast but is it safe? Ways to protect your DSL system from hackers.Postgraduate Medicine, 108(1). Bosworth, S. and Kabay, M., 2002.Computer security handbook. New York: John Wiley Sons. Descy, D., 2006. Protecting your Computer from Viruses.TechTrends, 50(4), pp.3-4. Fischetti, M., 2011. Data Theft: Hackers Attack.Sci Am, 305(4), pp.100-100. Fox, D., 2012. Cross Site Scripting (XSS).Datenschutz Datensich, 36(11), pp.840-840. Ghosh, S., 2004. The Nature of Cyber-attacks in the Future: A Position Paper.Information Systems Security, 13(1), pp.18-33. Joe, M. and Ramakrishan, B., 2014. Enhancing Security Module to Prevent Data Hacking in Online Social Networks.Journal of Emerging Technologies in Web Intelligence, 6(2). Lewis, N., 2012. Access rights protect access to your data or lose it: serious misconceptions about information security.Computer Fraud Security, 2012(11), pp.8-10. Nf, M., 2001. Ubiquitous Insecurity? How to Hack IT Systems.Information Security: An International Journal, 7, pp.104-118. Orlov, V., 2012. CYBER CRIME: A THREAT TO INFORMATION SECURITY.Security Index: A Russian Journal on International Security, 18(1), pp.1-4. Rupam, Verma, A. and Singh, A., 2013. An Approach to Detect Packets Using Packet Sniffing.International Journal of Computer Science Engineering Survey, 4(3), pp.21-33. Schifreen, R., 1994. How hackers do it.Network Security, 1994(10), pp.17-19. Singh, T., 2012. Detecting and Prevention Cross Site Scripting Techniques.IOSRJEN, 02(04), pp.854-857. Wilson, P., 2004. Tips to stop your users from being phished.Network Security, 2004(9), pp.5-9.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.