Editor's note
Editor's note
Editor's note
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
and nonsense information displayed. This attack uses<br />
password cracking to penetrate websites that the<br />
attacker wants to deface. Some of the common ways<br />
to get into a website is by dictionary attack. A dictionary<br />
file (a text file full of dictionary words) is loaded into<br />
a cracking application, which is run against common<br />
user accounts used by the application or website login.<br />
Because the majority of passwords are often simplistic,<br />
running a dictionary attack is often sufficient to do the<br />
job.<br />
Packet Sniffing<br />
Packet sniffer is an application that captures data<br />
packets, which can be used to capture passwords and<br />
other data in transit over the network.<br />
Key Loggers<br />
These are programs that record keystrokes made by a<br />
user, allowing crackers to discover passwords and login<br />
codes.<br />
Rootkits and Backdoors<br />
Rootkits are a collection of programs that permits<br />
administrator-level control of a computer. Hackers<br />
use rootkits to control computers and evade detection.<br />
Backdoors are methods of circumventing the normal<br />
operating-system procedures, allowing a cracker to<br />
access information on another computer.<br />
Spoong attack (Phishing)<br />
A spoofing attack usually involves a program, system, or<br />
website masquerading as another thereby being treated<br />
as a trusted system by a user or another program. The<br />
purpose of this is usually to fool programs, systems, or<br />
users into revealing confidential information, such as<br />
user names and passwords, to the attacker.<br />
Vulnerability Scanner<br />
A vulnerability scanner is a tool used to check computers<br />
and networks for known weaknesses. Hackers also<br />
commonly use port scanners. These softwares check<br />
to see which ports on a specified computer are open<br />
or available to access the computer. Once open ports<br />
are discovered smart programmers can access the<br />
computer or network and cause havoc.<br />
So how do you protect your organization from such<br />
attacks? The simple answer of avoiding the internet<br />
is not a feasible answer because the global economy<br />
now depends on the internet, and you cannot opt<br />
out of it. Hence, customers, businessmen and<br />
governments need additional confidence that their<br />
money, confidential documents, military secrets,<br />
starterkit 02/2011(2)<br />
SOLUTIONS<br />
etc., are not compromised by pranksters and<br />
enemies. Providing this additional confidence lies<br />
in implementing a proper cyber security system to<br />
prevent unauthorized entry into a computer network.<br />
However, an important question that arises in all<br />
these discussions is – who are the owners of cyber<br />
security in an organization? Most would immediately<br />
say the owners would (or should) be the person(s)<br />
supporting the IT equipment. After all, you might<br />
argue those techies are the ones babysitting the<br />
computer systems. But this is an incorrect assumption.<br />
Actually, the true owners of cyber security are the<br />
business managers of your organization. Though your<br />
organization may have hired some IT staff or external<br />
vendors to manage the IT infrastructure, but from a<br />
business perspective they are not the owners of your<br />
cyber security. For example, if your server gets hacked<br />
and funds stolen from customer accounts the techies<br />
cannot be solely blamed for the crime and reputation<br />
damage. They may technically operate the system, but<br />
it is your business managers who should understand<br />
the potential loss in terms of financial, reputation or<br />
legal aspects of cyber attacks. In most organizations<br />
business managers do not understand (or try to<br />
understand) the technical department’s work and<br />
constraints, and technical people do not understand (or<br />
try to understand) the business people’s needs. While<br />
this does not mean the business manager become<br />
techies themselves, they can assist in implementing<br />
cyber security by doing the following good deeds for<br />
their techies.<br />
Knowledge<br />
The advancement and easy availability of new and<br />
useful technologies today have enabled thousands<br />
of organizations worldwide to implement and become<br />
heavily dependent on technology for running their<br />
businesses. Today, it is not possible to run any<br />
organization, small or big, without the use of some<br />
computer- or telecom-related technology. With so much<br />
proliferation of hardware, software and networking<br />
equipment, it is necessary for business managers<br />
to be aware of the advantages and disadvantages<br />
of using technology. While it does not mean they<br />
start operating the computers themselves, business<br />
managers must understand what the loss is in terms of<br />
financial, reputation, regulatory or legal consequences<br />
for disasters related to cyber threats.<br />
Financial Support<br />
Provide necessary budgets for comprehensive<br />
maintenance of hardware, software, telecom equipment,<br />
spares, backup devices, etc. For example, suppose<br />
Page 42 http://pentestmag.com