Tuesday, May 5, 2020
Online Security
Question: Hardly a week seems to go by without media reports of another computer system being hacked for financial gain, to cause disruption or just to show it is possible. Identify the common ways hackers use to gain access to systems and analyse and evaluate the methods and systems that are being used to block the attacks and defend the systems? Answer: Introduction Online security is protection measure for all online activities like online shopping, e banking and other online activities. On the other hand information management system is used to identify the relationship between technology, organization and people of the organization. Online security is used method which protects system from authorized attack or hackers attack (Pineiro, 2002). Now a day, hacking is done easily as few people forget using the security actions for securing their systems and data. The individual or groups of people who perform the hacking activity are known as hackers (Mooney, 2012). There are different methods used for hacking like social engineering, password cracking and others. On the other hand, to protect one system form hacking activity various steps, methods and software are present like protection of password for systems, e transaction and other online activities (Erickson, 2008). Hacking activity helps once to get unauthorized access on ones data, informa tion and systems which they can misuse also. Hackers are in group or individual by using different methods they hack or get unauthorized access on the system of other. Sometimes hacking is done for monetary benefit and some time it is done for getting unauthorized access on information (Network, Network, Network, 2012). Hacking activity is done sometimes intentionally and sometime unknowingly to harm one data and information. The main point on which organization are working presently are protection of their data and information from hacker attack (Erickson, 2008). The report is having an in - depth discussion about the different ways which and hacker adopt to get an unauthorized access over the system to retrieve confidential information (Anon, 2015). Hacking if done in a ethical way it will not harm other but if hacking is done in unethical manner it will affect the user data and information. The measures which one should take for protection of their information against the hackers attack are as use of strong password for their system and online process and others. Hackers use different methods for getting unauthorized access over the systems like they crack password, develop simple code for cracking the password and getting access over system without the knowledge of user. As found in research (Anon, 2015) mainly hacking is done to retrieve confidential data regarding the transaction process and transfer amount from the user account without his/her knowledge. Many hackers do fake calls to the victim to know about their card number and security pin for financial transaction (Mooney, 2012). Many organization organize different events to make their customers aware of these kind fake call hacking. Different ways used by Hackers to gain access to systems The most common ways used by hackers to gain access on others systems are Cracking password This is the most common technique used by hackers to gain access on systems and information. There is several software available in market that helps in cracking passward (Sloan and Warner, n.d.). Hackers guess the main sources of weakness in password that is one family surname or family member name (Anon, 2015). Many websites and social media always give update to their service user to change the login password and transaction passwords so that no one can guess it easily. Develop Security weakness which is known There are two main security weaknesses which hackers use for getting access over the system as configuration error and security bugs. Configuration error in system arises when system is set up for unwanted contact of any legitimate actions (Armor2net.com, 2015). Security bugs or errors arises when one allows unauthorized access on its system, that is system is allowed to be used by many people without any protection like screen security lock or face recognition lock. Network spooking When hackers try to get access on system with the help of Internet protocol address, that is, IP address of the user (Covaleski, 2013), the hackers perform the unauthorized access process by the help of internet protocol address it can harm online process completely. Network Sniffing Hacker when, monitor or keep an eye on the transfer or exchange process of users data among server and user to get access (Anon, 2015). If individual is transferring information or data with the help of internet server hackers by cracking the password or IP address can get unauthorized access to users information. Fake callers Sometimes hackers act as any company agent or employee and try to get access over all the personal information of the user like their account number, security code or other security code (Network, Network, Network, 2012). Many hackers try to get users confidential information by making fake calls suppose they make customers predict that they are from the card company, customers sometime provide them with their confidential data also (Csrc.nist.gov, 2015). Social engineering or business In comparison of attacks social business process is easy for getting access on someones personal and confidential data. Social engineering is done by two ways as human based and computer based (Curtin, 2002). In human based social business, hacker interacts with the targeted person to retrieves confidential data. In contrast to this, computer based social business is done by using various software which are designed for retrieving confidential data in unethical manner (Armor2net.com, 2015). Social business hacking is also done by retrieving information from the various social networking sites. Trojan horse Trojan horse is also one type of social engineering process used by hackers to retrieve confidential information without user knowledge (Erickson, 2008). By the help of Trojan horse program hackers can change configuration of victim systems as per their requirement and spoil computer by infecting it by various unwanted viruses. Remote administration and other related programs Systems having windows operating system have various administration programs as Net bus, Sub Seven and etc which help hacker in getting access of systems (Gorman, 2007). These types of administration programs are also known as back door programs. Denial of service attack Denial of service attack programs help hacker to crash the system or make it busy while it is processing data (IEEE Network [cover], 2012). Denial of attack is used by attacker to disturb all the processing of system and retrieve access of system. Email hacking Suppose a hacker sends fraud monetary claim to anyone and if the person reply back as per the required information mentioned by them, then the hacker will get easily all the details required for further financial transaction from the victim account (Covaleski, 2013). Sharing process without any protection Sharing data or information without any protection like firewall, antivirus software and etc can help hacker to retrieve access on information or system without user knowledge (InfoSec Institute, 2013). Sharing of Mobile code insecurely There are various mobile code languages like Java Script, Java and ActiveX which make easy for hacker to retrieve access on system by just writing few codes (InfoSec Institute, 2013). Methods used for protecting systems against hackers attack Different security methods used by system user for protecting their system from hackers attack are as Firewall - Firewall should be installed in every system so that it protects system from unwanted access of information via internet (Mankell, 2002). Firewall is a bridge between user and other programs which stop hacker form retrieving confidential data or getting unauthorized access on system. Two Way authorizations User of system should try to keep their system protected in two ways, that is by password an other methods like face identification process, finger expression detector, pin number or others so that it is not an easy task for any known to track the password and get unauthorized access over system (Montague, 2011). Reinstallation of operating system Once the system is attacked by different viruses or worm user should immediately reinstall the operating system (Csrc.nist.gov, 2015). Reinstallation of operating system deletes all the spam files and folders present in the system. Use of strong password in system Strong password should be used by user for their system and other online based functions like e transaction, e banking and others (Mooney, 2012). Regular update password and other security protection After every online transaction and other internet based activities password should be changed so that no one can track the information. By updating passwords and security measures chance of hacking decrease (Mooney, 2012) . Encryption of programs File transfer and other information should be done by using secure way. Password and other security questions should be in encrypted form so that no one can track it (Network, Network, Network, 2012). The sender sends its data in an encryption form so that no one in middle path can access it. Analysis and evaluation of methods and systems used for blocking hackers attack The most important method used for blocking hackers attack in any system is firewall. The system having firewall configured, it is secured from unauthorized access of it. Firewall is used in system to control the inflow and outflow of data within any network. Suppose a hacker wants to get an unauthorized access over the system so that they can retrieve confidential information and data, if system is having firewall configured in it system will be secured from hackers attack but if firewall is not there hacker can easily get access over the system without the knowledge of user (Sloan and Warner, n.d.). Firewall works as a barrier between secures internet network and other public network. It is found in research (Network, Network, Network, 2012) that mostly systems are attacked by online process , that is when system is in use of internet unwanted programs can be used for retrieving information. In contrast to this the primary methods which can be used by user for blocking the hackers attack are use of strong password, update regularly all the passwords and security measures used for online activities, update and reinstall the operating system once unwanted worm or other program attack is found. Reinstallation of operating system helps user to delete or remove the entire unwanted and unauthorized program which may be installed automatically. It also helps in removing the administration programs which harm the security of the system. As stated in (Pineiro, 2002) hackers found easy in getting unauthorized access over any system via internet in comparison of offline programs and viruses attack . The best methods which anyone can use for protecting their system from hackers attack are firewall configuration and installation of good antivirus program. This program helps user to secure their system as it automatically remove and block the unauthorized programs, files and folders. Now a days, organizations (Referenceforbusiness.com, 2015) to protect their data are avoid using other social network rather they prefer using their own server for transferring information and data which help them in protecting their data from unauthorized use and it also help in maintaining proper database of all data (Sloan and Warner, n.d.). Sharing of information should always be done under the protected and secure network so that no one can get unauthorized access over it. Role of Information system in organization against hacker Information system is the backbone of all organization as mentioned by (Russinovich, 2012). Information system helps organization against the hacker attack by different programs like firewall, antivirus programs and other programs. Information system in organization plays an important role in protecting and preventing information and data from hackers attacks. As discussed in (Russinovich, 2012) hacker like and sometime found easy in breaking the organizational data protection system for breaking down the process of organization (Mankell, 2002). Now a day, organizations are focusing more on their confidential data security from hackers attack by using different technologies and programs. Information system helps in maintain the communication, operation and other related functions. By the help of information system organization transfer their data securely, keep backup of their information and confidential data before updating the system. Organization can keep proper record of their p asswords and other records in a private server which make difficult for hacker (Mankell, 2002). Currently by a research (Shinder) it was found that organization has started adopting the private server network so that chance of attack on their data is reduced. Organization always updates their password so that any unauthorized attack is avoided and they also transfer and share data on private server network in an encrypted form so that unknown access of their information is not done. Every organization is try to perform under the security measure so that the information and data is secured but a single mistake or mistake can give chance to hacker for getting unauthorized access over the system . Whether the organization is financial or IT, the main feature on which maximum organization is working is security of their data information from hackers attack (Csrc.nist.gov, 2015). Information technology plays an important role in protection and prevention measure which are taken against t he hackers attack. Conclusion Online security is the main issue faced by every organization. To protect their data organization are started using their private server network for sharing data within the organization and with other organization. In this modern world as mentioned in (Sloan and Warner, n.d.) organization are working on protection and prevention measure regarding online data security. The report is having an in depth discussion about the hackers attack and the protection measures taken against it. There is a discussion on the methods adopted by organization and individual for protecting their systems against the hackers attack. There are different ways which hackers adopt to get access over the system for retrieving confidential data. Hackers are the person or group of person who retrieves others confidential and private information for destroying the system or use their information without their use. The main methods which are adopted for protecting systems from hackers attack are as configuration o f firewall, installation of anti viruses and other programs. Firewall is a program which help systems information from hackers attack and it also work as a barrier between the private and public network. Hacking is two types ethical and unethical. Ethical hacking is not done for harming systems and information but on the other hand unethical hacking is done to harm the system and information without the knowledge of user. Hacking is done to get unethical access over the system and information present in the system. Hacking can be done via internet and offline. There are different methods used by hacker for getting access over system and information via internet as by cracking password and other security measures, by using different administration programs and also by creating code on Java, Java Script and ActiveX which are known as mobile code. These codes help hackers to create simple codes and programs for retrieving the information. Now a day, internet is the backbone of everyone s life but using internet in an unethical manner can harm information of the user. Mainly hacker retrieves confidential information for just doing financial transfer from user account to their account without the knowledge of user. As mentioned in (Referenceforbusiness.com, 2015) internet is main factor of everyones life but using internet without any protection and security can give chance to hacker to get access over the system easily. Bibliography Anon, (2015). [online] Available at: https://www.tech-faq.com/responding-to-network-attacks-and-security-incidents.html [Accessed 16 Mar. 2015]. Anon, (2015). [online] Available at: https://www.istf.jucc.edu.hk/newsletter/IT_11/IT-11_Hacking.pdf [Accessed 16 Mar. 2015]. Anon, (2015). [online] Available at: https://ito.hkbu.edu.hk/eng/publication/newsletter/is_newsletter/professional/Issue_11_HackingProtection/JUCC%20Newsletter-IT-11%20HackingProtection.pdf [Accessed 16 Mar. 2015]. Armor2net.com, (2015).The most common methods used by Hackers.. [online] Available at: https://www.armor2net.com/knowledge/hackers_methods.htm [Accessed 16 Mar. 2015]. Covaleski, J. (2013).Hacking. San Diego, CA: ReferencePoint Press. Csrc.nist.gov, (2015).Hackers. [online] Available at: https://csrc.nist.gov/publications/nistir/threats/subsection3_4_2.html [Accessed 16 Mar. 2015]. Curtin, M. (2002).Developing trust. Berkeley, CA: Apress. Erickson, J. (2008).Hacking. San Francisco, Calif.: No Starch Press. Gorman, G. (2007).Issues in online security. Bradford: Emerald Insight. IEEE Network [cover]. (2012).IEEE Network, 26(5). InfoSec Institute, (2013).Social Engineering: A Hacking Story - InfoSec Institute. [online] Available at: https://resources.infosecinstitute.com/social-engineering-a-hacking-story/ [Accessed 16 Mar. 2015]. Mankell, H. (2002).Firewall. New York: New Press. Montague, D. (2011).Essentials of online payment security and fraud prevention. Hoboken, N.J.: Wiley. Mooney, C. (2012).Online security. San Diego, CA: ReferencePoint Press. Network, Network, Network. (2012).Science, 337(6090), pp.10-10. Pineiro, R. (2002).Firewall. New York: Forge. Referenceforbusiness.com, (2015).Internet Security - advantage, benefits, Common security problems. [online] Available at: https://www.referenceforbusiness.com/small/Inc-Mail/Internet-Security.html [Accessed 16 Mar. 2015]. Russinovich, M. (2012).Trojan horse. New York: Thomas Dunne Books. Shinder, D. (2006).10 things you can do to protect your data. [online] TechRepublic. Available at: https://www.techrepublic.com/article/10-things-you-can-do-to-protect-your-data/ [Accessed 16 Mar. 2015]. Sloan, R. and Warner, R. (n.d.).Unauthorized access.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment