Explosive growth of the Internet Essay Example
Explosive growth of the Internet Essay Example

Explosive growth of the Internet Essay Example

Available Only on StudyHippo
  • Pages: 10 (2704 words)
  • Published: April 9, 2017
View Entire Sample
Text preview

The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers.

Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help.

ETHICAL HACKING:

Information security is the fastest growing area in the Information Techno

...

logy (IT) sector. Security would be an easy process if all that had to be done is to install a fire wall and anti-virus software, but the reality is that securing information requires a multi-layered approach. Obtaining this requires adopting measures to prevent the unauthorized use, misuse, modification or denial of use of knowledge, facts, data, or capabilities and it requires taking a proactive approach to manage the risk. This is where ethical hackers come into real play.

Ethical hacking is an "art" in the sense that the "artist" must possess the skills and knowledge of a potential attacker (to imitate an attack) and the resources with which they mitigate the vulnerabilities used by attackers. Ethical hacking is the process of analyzing the imposed threat on a given system or network by modeling the actions of an adversary. This paper describes ethical hackers: their skills,

View entire sample
Join StudyHippo to see entire essay

their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained in detail.Succesful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.

The ethical hacker often holds the " keys to the company," Modern security efforts have to plan for the unplanned and anticipate attacks before they occur. Ethical Hacking is in the boom and it''s high time every company recognizes the need of a potential professional ethical hacker. Ethical hacking is not just necessary; it is inevitable.

INTRODUCTION: OLD SCHOOL HACKERS HISTORY OF HACKING: PREHISTORY 1960s:

The Dawn of HackingOriginal meaning of the word "hack" started at MIT; meant elegant, witty or inspired way of doing almost anything; hacks were programming shortcuts ELDER DAYS (1970-1979) : Phone Phreaks and Cap'n Crunch THE GOLDEN AGE (1980-1991) 1980: Hacker Message Boards and Groups 1983:Kids'Games, Movie "War Games" introduces the public to hacking. THE GREAT HACKER WAR Legion of Doom vs Masters of Deception; online warfare; jamming phone lines.

CRACKDOWN (1986-1994) 1986:

Congress passes Computer Fraud and Abuse Act; crime to break into computer systems. ¦ 1988: The Morris Worm Robert T. Morris, Jr. , launches self-replicating worm on ARPAnet. 1989: The Germans, the KGB and Kevin Mitnick. ¦ German Hackers arrested for breaking into U.

S. computers; sold information to Soviet KGB. ¦ Hacker "The Mentor“ arrested; publishes Hacker's Manifesto. ¦ Kevin Mitnick convicted; first person convicted under law against gaining access to interstate network for criminal purposes.

A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the

minimum amount necessary.  One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. This complimentary description was often extended to the verb form "hacking" which was used to describe the rapid crafting of a new program or the making of - changes to existing, usually complicated software.As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed the computers to play games, draw pictures, or to help them with the more mundane aspects of their daily work, once computers were available for use, there was never a lack of individuals wanting to use them.

Because of this increasing popularity of computers and their continued high cost, access to them was usually restricted.When refused access to the computers, some users would challenge the access controls that had been put in place. They would steal passwords or account numbers by looking over someone's shoulder, explore the system for bugs that might get them past the rules, or even take control of the whole system. They would do these things in order to be able to run the programs of their choice, or just to change the limitations under which their programs were running.  Old School Hackers: 1960s style Stanford or MIT hackers.

Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.  Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; the intent is to

vandalize or disrupt systems.  Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.  Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet.

ETHICAL HACKING:

Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments. ” ¦ With the growth of the Internet, computer security has become a major concern for businesses and governments. ¦ In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.

WHO ARE ETHICAL HACKERS ?

“One of the best ways to evaluate the intruder threat is to have independent computer security professionals attempt to break their computer systems” hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client's systems, the ethical hacker may discover information about the client that should remain secret.

In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the "keys to the company," and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being

employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years.

They are also adept at installing and maintaining systems that use the more popular operating systemsused on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing but are equally important when preparing the report for the client after the test.

Finally, good candidates for ethical hacking have more drive and patience than most people. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity. A typical evaluation may require several days of tedious work that is difficult to automate.

Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at "live" targets or to simulate the timing of a real attack.When they encounter a system with

which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review.

FUNCTIONS OF ETHICAL HACKERS:

An ethical hacker's evaluation of a system's security seeks answers to three basic questions:

  •  What can an intruder see on the target systems
  •  What can an intruder do with that information Does anyone at the target notice the intruder's attempts or successes

While the first and second of these are clearly important, the third is even more important: If the owners or operators of the target systems do not notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and will usually eventually succeed. When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client's answers to questions similar to those posed by Garfinkel and Spafford:

  1. What are you trying to protect
  2. What are you trying to protect against
  3.  How much time, effort, and money are you willing to expend to obtain adequate protection

The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods

as a Hacker. The most important point is that an Ethical Hacker has authorization to probe the target.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

ANOTAMY OF HACKING:

Reconnaissance – attacker gathers information; can include social engineering. Scanning – searches for open ports (port scan) probes target for vulnerabilities. Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP.

Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.

MINIMUM SECURITY AN ORGANIZATION SHOULD POSSESS:

Information policy, Security policy, Computer user, User management, System administration procedures, Incident response procedures, Configuration management, Design methodology, Disaster methodology and Disaster recovery plans.

ETHICAL HACK PROCESS: MODES OF HACKING:

Insider attack  Outsider attack  Stolen equipment attack  Physical entry  Bypassed authentication attack (wireless access points) ¦ Social engineering attackKINDS OF TESTING: There are several kinds of testing. Any combination of the following may be called for:

  • Remote network. This test simulates the intruder launching an attack across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
  •  Remote dial-up network. This test simulates the

intruder launching an attack against the client's modem pools. The primary defenses that must be defeated here are user authentication schemes. These kinds of tests should be coordinated with the local telephone company.

  •  Local network.This test simulates an employee or other authorized person who has a legal connection to the organization's network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems.
  •  Stolen laptop computer. In this test, the laptop computer of a key employee, such as an upper-level manager or strategist, is taken by the c,;ent without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software and corporate information.
  • DENIAL OF SERVICE:

    Some hackers hack your websites just because they can. They try to do something spectacular to exhibit their talents. Their comes the denial of service attack. During the attacks, customers were unable to reach the websites, resulting in loss of revenue and “mind share”. On January 17, 2000, a U. S. library of congress website was attacked.

    SOCIAL ENGINEERING ATTACK:

    It is an art of using influence and persuasion to deceive people for the purpose of obtaining information or to perform some action. Even with all firewalls, authentication processes, VPN companies are still wide open to attacks. Humans are the weakest link in the security chain.It is the hardest form of attack to defend against.

    TOOLS AND TECHNIQUES:

    There are several techniques applicable for hacking and various tools are introduced for the purpose of implementing these techniques. Some of the techniques and tools are shown below:

    •  Footprinting and reconnaissance – whois, sam spade and traceroute.
    •  Scanning and enumeration – nmap,

    superscan, hyena and retina.

  •  System hacking – telnet, snadboy, key logger.
  •  Trojans and backdoors – net bus, sub seven.
  •  Sniffers – spoofed mac, ethered, iris and snort.
  •  Web-based password cracking – cain and abel, legion and Brutus. Covering tracks – Imagehide, clear logs.
  • Google hacking and sql injection – google cheat sheet, common database queries and unvalidated input.
  • CONFLICTS OF INTEREST:

    "Ethical Hacking" has been widely marketed as an essential tool in information security but there are obvious conflicts of interest. Security firms have an incentive to hype threats and invent threats. Testing itself poses some risk to the client. Criminal hacker monitoring the transmissions of ethical hackers could trap the information. Best approach is to maintain several addresses around the internet from hich ethical hackers originate. Additional intrusion monitoring software can be deployed at the target.

    CONCLUSION:

    Never underestimate the attacker or overestimate our existing posture. We cannot eliminate cracking through solely technical or legal means but until the future solution what are we to do in the meantime security used to be a private matter. Until recently information security had been left largely in the hands of a few specially trained professionals. The paradigm shift of technologically enabled crime has now made security everyone's business. Ethical hackers see this clearly and are responding to actual threats to themselves and in the process also acting in the common good.

    The consequences of a security breach are so large that this volunteer proactive activity should not only be encouraged but also rewarded and some companies are being paid handsomely for doing this as a business. At present, the tactical objective is to stay one step ahead of the crackers. We

    must think more strategically for the future. Social behavior, as it relates to computers and information technology, goes beyond merely adhering to the law since the law often lags technological advances.

    The physical activity of ethical hacking is sometimes hard to differentiate from cracking - it is hard to discern intent and predict future action - the main difference is that while an ethical hacker identifies vulnerabilities (often using the same scanning tools as a cracker) the ethical hacker does not exploit the vulnerabilities while a cracker does. Until a social framework is developed to discern the good guys (white hats) from the bad guys (black hats), we should be slow to codify into law or condemn ethical hacking -or we may risk eliminating our last thin line of stabilizing defense and not realize it until it is too late.

    Get an explanation on any task
    Get unstuck with the help of our AI assistant in seconds
    New