Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Transcription

1 Software Engineering 4C03 Class Project Computer Networks and Computer Security COMBATING HACKERS Done By: Ratinder Ricky Gill Student Number: Due: Tuesday April 5,

2 Introduction When the word Hacker comes to mind, one usually visualizes a nerdy looking teenaged boy sitting behind a computer with evil thoughts of shutting down computer systems, stealing money, or confidential information. This definition typically describes one particular type of hacker. Others choose to become hackers not for criminal purposes but in order to gain a better understanding of how computer systems work and at the same time, helping improve the computer community with the information that they gain from their experiences. [1] Nevertheless, the conclusion that can be made is that any type of hacking whether done with criminal intent or not is still a crime because it does violate the laws of privacy and must be taken very seriously. This paper will investigate methods users can use to help thwart off threats to their computer systems. We begin by first investigating the motives off criminal hackers in targeting computer systems. A Hacker s Strategy Some hackers think of themselves as Joy riders, hackers who only access systems just for the challenge thinking that it is harmless because they usually don t do anything besides go in and look around. But what these hackers fail to realize is that they could be causing damage inadvertently since by their presence they are using valuable system resources. [2] Not long ago the motivations of hacking could be described as just plain curiosity and knowledge. But as the Information Technology industry has taken huge strides over the years, money has taken to the forefront as the main objective of many hackers across the globe. For example, Denial-of-service and macro-viruses have become the most popular hacking activities. In a Denial-of-service attack, a company s website may be made unavailable by a hacker halting all transactions. [3] This may lead to serious monetary losses for an organization. Hackers can also seep into the computers of home users and can use programs such as keystroke recorders to get a copy of someone s credit card number. With the number of people buying goods and services from the internet on the rise, it makes it easier for a hacker to connect to an insecure system and monitor the activities of individuals. Corporations also find threats, but these threats mostly come from within whatever firewalls they may have set up. There have been many reports of employees purposely sending proprietary information outside the company to other companies, perhaps just before they themselves move from that company. [4] The greater connectivity that employees have today also leads them to inadvertent leaks via . [5] An unfortunate side effect of all these encounters is that people end up thinking that securing their computer systems is difficult and almost impossible. This could be further from the truth and as we shall see it is not difficult at all. It may take some time to master the art of computer security, but all that training is necessary in order to stay one step ahead of harmful computer hackers. Hacking Tools One tactic a hacker can employ is to send out a Trojan horse into a computer system. A Trojan horse is essentially a program that infects the computer and allows the hacker to run tasks without the user ever knowing about it. One way in which Trojan horses are spread is through . A hacker may send a file attachment that looks like something that they are not and lure users into downloading them. One of the cleverest ways in which a hacker can send a Trojan horse is to attach it to a legitimate file so that 2

3 when it runs the program runs normally except that now the Trojan horse has been secretly attached in the background waiting for the hacker to make his/her presence. A hacker may also send out internet worms or viruses to attack a computer system. An internet worm infects a computer system by finding holes in the network and then spreads like bacteria until it causes the entire system to crash. A computer virus is an executable file designed to replicate itself while avoiding detection. [6] A virus may disguise itself as a legitimate program. Viruses are often rewritten and adjusted so that they will not be detected. Anti-virus programs must be updated continuously to look for new and modified viruses. These are some of the more popular tools used by hackers. Next we present a discussion on how users can defend themselves against these attacks. We first begin with a talk on Intrusion Detection Systems (IDS). Intrusion Detection Systems Intrusion Detection Systems (IDS) are used by many companies to monitor network traffic for suspicious behaviour. [7] There are many types of Intrusion Detection Systems. A Passive IDS will detect and alert either the system administrator or the user whenever malicious behaviour is detected and it will be up to them to determine the action that is to be taken on the matter. A Reactive IDS takes the process one step further. Not only will it detect unlawful behaviour, but it will also take pre-defined proactive actions to respond to the threat. Typically this means blocking any further network traffic from the source IP address or user. An IDS can be a great tool to protect a network, but it must continually be upgraded to define what actually constitutes normal behaviour and what is considered abnormal behaviour but the benefits far out weigh the set-backs. Next we take a look at some of the virus detection system which can further secure corporate networks and provide home users with enhanced protection. Antivirus Protection If a user is not equipped with an anti virus software package then the probability of the user acquiring a virus is almost certain. Antivirus software protection programs are largely based on what is known as signature files. Signatures files are created when a virus is first detected. The virus then has its contents examined and an inoculation for the virus is added to the virus definitions database. [8] The signature files are used to detect the presence of virus when the antivirus software scans the computer for viruses that match those in the database. If a match is made during the scanning process, the virus is then destroyed. A new movement in antivirus implementation that is more robust than simply creating signature files is in using search heuristics to eliminate viruses. Search heuristics monitor all activity on your computer and if a program is "acting" like a virus, then a red flag is raised and it is destroyed or contained and reported. [9] There are a few problems in heuristics which entail determining exactly what defines bad behaviour. As a result some valid files which have similar behaviour (i.e. replication) as viruses may be lost when they shouldn t have been. The most popular commercial anti-virus software packages are Norton System Works and McAfee Virus Definitions. Either one of these packages would be worth the price for they provide the user with a great deal of comfort, but not total protection. Next we talk about several new age programs which provide further protection in the war against hackers. 3

4 Spyware Detection and Removal Spyware is relatively new in the hacking domain but it has sinister motives. It has been said that spyware will soon surpass viruses as the number one cause of computer disruption in the near future. [10] Therefore preventative steps must be taken now before it gets even worse. Spyware can be used by hackers and even corporations to gather information about users without their knowledge or consent. Spyware or Adware as it is commonly known as is usually found in an internet cookie which allows the cookie writer to gain information about the user s internet activities. As a result, spyware is a great cause for public concern in relation to public privacy on the internet. It should be noted that spyware is different from viruses and worms. Where viruses and worms can cause serious harm to your system, spyware is mainly used for tracking purposes which are related more to user privacy where the former affects more on computer performance. Several products have been made available to protect users from spyware. One such package is provided by Webroot and is called Spy Sweeper. Spy Sweeper works as follows: The software eliminates spyware programs by scanning through a constantly updated database of known threats, if any files match the threat definitions then the file is immediately disabled. [11] Anti-spyware programs work in the same manner as many anti-virus packages work. You might be wondering, if both anti-virus and anti-spyware work in a similar manner then why not create a package to handle both viruses and spyware. Both Norton and McAfee are now in development of a complete home computer security system that will handle both of these threats. Finally we end the discussion by providing a brief discussion on internet firewalls. Firewall Protection A firewall is a barrier that is designed to keep destructive forces like hackers away from your computer. A firewall is made up of software and/or hardware and its main purpose is to filter incoming information from the internet to your private network. If an incoming packet of information is flagged by a filter then it is not allowed to pass through. Firewalls are very dynamic and customizable. Filters can be added and removed on several conditions based on: IP Addresses, domain names (URL address), protocols, ports and even specific words or phrases. [12] Firewalls are very efficient and provide the user protection from viruses, worms, denial-of-service, spyware, spam, Trojan horses and many other threats. Firewalls are a must for large corporations as and they become easier to set-up, they can be a valuable asset to home users as well. Conclusion Therefore, it can be seen that the actions hackers employ whether criminal or not, impose a major threat to the health and security of our computer systems. These threats are directed to both major companies and home users. Fortunately, all is not lost. There are a variety of packages that are available for our defence including Intrusion Detection Systems, Anti-virus software, Anti-Spyware software and Firewalls. As our reliance on computers in our daily lives continues to grow, there are ever more opportunities for hackers to attack users, which can seem very scary. However with the advent of these technologies and further development of new strategies in the war against hackers, users can better prepare themselves for whatever threats or challenges may come their way. 4

5 REFERENCES [1] Exploratory Essays Research Papers Internet Hackers and Crackers [Online] Address (March 20, [2] CNN In-Depth Specials Hackers Two Views of Hacking [Online] Address (March 20, [3] CNN In-Depth Specials Hackers Q&A with IBM s Charles Palmer [Online] [4] CNN In-Depth Specials Hackers Q&A with IBM s Charles Palmer [Online] [5] CNN In-Depth Specials Hackers Q&A with IBM s Charles Palmer [Online] [6] Antivirus Software what is a computer virus Norton antivirus downloads [Online] [7] Introduction to Intrusion Detection Systems (IDS) [Online] Address [8] Antivirus Software what is a computer virus Norton antivirus downloads [Online] [9] Antivirus Software what is a computer virus Norton antivirus downloads [Online] [10] Spy Sweeper Spyware Removal Software and Spyware Protection by Webroot Software [Online] Address [11] Spy Sweeper Spyware Removal Software and Spyware Protection by Webroot Software [Online] Address [12] Howstuffworks How Firewalls Work [Online] Address 5