NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary

  
nowtKnowledge,Data,informationValue of InformationControl of informationLimits of InformationSocial ImpactCommunicationsProfessionalsCrimeThe LawHealth and Safetynowt
endMalpracticefraudtheftpriacyhackingblue publishingvirus life cycleviruses or nottypes of virushoaxesquizquestionsend
 

Hacking

There are a variety of meanings to the word hacking. In the context of computer crime it is generally used to mean the unauthorised access to a computer system, usually via telecommunications link. It is possible that the hacker will access the system to commit fraud or to steal commercially valuable data.

However a large number of hackers appear to break into systems simply to prove that they can do it. They may do no more than leave a message to prove that they have hacked the system. More malicious hackers can cause damage that will potentially put a company out of business. Such hackers tend either to have a grudge against the company or society in general or else they may be acting as techno-terrorists by attacking computer systems of targeted companies. Underlying all this is the hacker who gains unauthorised access for straightforward criminal purpose

The less malicious hacker will generally be young and technically competent. The malicious or criminal hacker may also be technically competent but there is also the possibility that he or she is an ex-employee with a grudge or a criminal who has obtained passwords and log in procedures from an employee by subterfuge or bribery.

The first level of defence against hacking is to insist on proper password discipline. Employees should be made aware of the need to regularly change passwords. They should also avoid obvious passwords such as their post-code, telephone number, name or partner's name. Other standard passwords like FRED, PASS, SECRET etc. should also be avoided. The password should incorporate characters other than letters - such as $ or % characters, it should not be too short and it should be changed on a regular basis. They should be discouraged from writing their passwords down, particularly if they leave the paper with it on in their desk drawer.

Currently picture based 'password' systems are being developed. The user learns to recognise three or four photographs of strangers. When requesting log in the system displays these photographs in random positions for a very short time as part of a matrix of pictures. The user then keys in the sequence according to where the photographs were displayed within the matrix. This utilises the power of the human brain to recognise pictures of people. It is difficult for a hacker to acquire the log in code because it is never the same sequence and even if the photographs were described in detail it would not be sufficient to allow them to be recognised when they were briefly displayed on the screen.

Terminals should be logged off when not needed. If the terminal is left logged on while unattended then the system is vulnerable

Within the system, the password should give the employee access only to those areas that he or she needs. Access to more sensitive areas should require additional passwords to be entered.

Hacking can be detected by having all access monitored. The monitoring program should be able to spot unusual activity, for example files accessed at a peculiar time or a large volume of data being downloaded to a remote terminal.

The principal vulnerability of most on line systems is through the modem connection to the outside world. Since the system is on line it is impracticable to disconnect it from the modem. One solution to this is to intercept user log ins. Once the user has identified him or herself the system terminates the connection and then dials the user at their authorised telephone number.

Other anti hacking measures would include off line storage of data and software to allow the system to be restored after malicious damage and setting write-protect - if possible mechanically - on files that do not need to be changed.

One other area of vulnerability is the electromagnetic radiation given off by computer equipment. If you place a portable radio near to a computer it will pick up the signals that the computer is giving off. The signals vary according to what the computer is doing. Similar signals can be picked up near to network cables if electrical rather than optical cable is used. These electromagnetic emanations can be collected and decoded. Sensitive computer installations can be shielded to reduce the risk of such signals being picked up outside the system. The emission of decodable electromagnetic radiation from computer systems is referred to as TEMPEST.

   

© LEV