The Ultimate Security Measures

May 22
08:08

2008

Sandra Prior

Sandra Prior

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

A hacker views an open screen in the same way a car thief looks at an unattended car with the keys left in the ignition. Always use some form of password protection.

mediaimage

Scare stories. We’ve all heard them and we’ve all passed on a few,The Ultimate Security Measures Articles especially the tale of hawk-like hackers who can swoop on any data that’s sent across the Internet. If you use the Net, you’re asking for trouble. It’s as simple as that, isn’t it? No!

Before a thief can crack your encrypted data, they have to capture it. The process can be incredibly complicated or unbelievably simple. The professional hacker must have the patience of Job melded with the dexterity of the Artful Dodger; the survival instincts of a cornered leopard; not to mention the encyclopaedic knowledge of the security weaknesses inherent in all networks, computer systems and cryptographic algorithms. Combine all this and you have a combination of mechanical skills, mental intensity, drive and intelligence that, in a nutshell, means that if the hacker wants your information badly enough, the hacker will find a way to get it.

The only thing saving most of us from becoming victims is that the professional hacker is not interested in the average person. The professional hacker is driven by political and moral agendas, financial gain and personal glory within their own trusted community of fellow hackers. There’s not much the average person owns that can satisfy any of these needs.

The problem for the average person is that hackers have to crawl before they can walk. And when this happens, the amateur hacker is going to attempt to crawl over us. As a side note, before we start ‘you are wrong’ email from hacker purists, we are well aware that there is a difference between a hacker and a cracker. A hacker accesses a system strictly for the challenge and traditionally leaves everything the way they found it. A cracker uses their skills to damage the system or for personal gain.

However, the line is becoming increasingly blurred when it comes to the activities of hackers with agendas other than simply testing their hacking skills. Private information made public has been known to cause at least as much damage as the malicious activities of a cracker. As unfortunate as it may be to lump these two elements together, it is no longer inappropriate.

When a target piques the interest of a hacker, they can use any number of tools that have proven to be highly successful. Although encryption can be a powerful deterrent, the ultimate security measure is to take steps to ensure the hacker never gets the chance to look at your data in the first place.

Whether at home, in the office, or traveling, vigilance is the key to success. Here are a few examples of the tricks you might encounter.

Man in the Middle

The hacker positions himself so that their computer sits between you and the location waiting for your data. When you send your message, it is intercepted by the hacker. The data can then be modified and forwarded to its original destination. This can be especially effective when payment authorizations are the target. The original intention of spending a few bob on a new toy could potentially empty your bank account. Strong encryption coupled with identity verification, are effective in combating this type of attack.

Social Engineering

No technology can compensate for the human element. The simplest method of gaining access to a system is to ask users for their login names and passwords. This tactic has been successful on IRC and other chat rooms.

The hacker, masquerading as an official of the company providing your Internet access, informs you that your account has been compromised and says they require verification of your password so your security can be restored. You might also be asked for the information on the pretext that they’re doing a random audit of accounts and need to verify your details. Once the password is handed to the hacker, they are in your account and you’re in for a world of hurt. Never hand out your account details to anyone without taking the appropriate steps to verify their identity and purpose.

Trojan Monitoring

You have downloaded a piece of software from an unfamiliar site or newsgroup. The software is advertised as providing monitoring and reporting of your time online, so you can exercise control over your monthly charges. The software works well and you continue to run it because it is freeware. Unknown to you, the software contains a Trojan Horse – a software routine that works in the background and silently performs certain un announced, but normally destructive functions. This particular Trojan is designed to send copies of your user id, password and email messages to the software author each time you logon. Because the Trojan does nothing to alert you to its activities, you could be supplying this information to the author for a long, long time.

System Theft

They steal your computer. They read your data. Enough said. This is especially popular with unattended laptops and unsecured docking stations. Never leave your laptop unattended in a public place. Never use a docking station without employing a mechanical device to secure it to the station. Always lock and encrypt sensitive files.

Network Sniffing

Using a network protocol analyzer (sniffer), the hacker monitors and analyses network traffic for recurring activities that provide clues about the type of data being transmitted. Once a pattern develops, the hacker captures any data that meets their criteria. If the same data is transmitted every time you logon to the network, chances are it’s your user id and password. Successfully capturing this information enables the hacker to carry out a ‘replay attack’, in which they resend the stolen authentication data to access the system.

Monitoring network traffic requires a physical connection to the network. However, if the hacker is using a legally connected device to perform their illegal activities, there’s little chance of discovery. Other than requesting that your system administrator perform regular, unannounced audits for illegal sniffers, there isn’t much you can do to avoid this type of attack. 

Shoulder Surfing

One of the simplest methods because it is so passive, the hacker simply watches you enter your user id and password. They might be standing right behind you, or even monitoring from a distance using binoculars. Never position your screen or keyboard so it can be seen by a casual observer. Never keep your password where someone can see it.

Trespassing

An unattended computer is a joy forever for a hacker. This is especially true if you store your passwords in a file on an open computer. Even a short time on a network can provide the hacker with enough information to enable them to continue accessing the network using stolen user ids and passwords. A hacker views an open screen in the same way as a car thief looks at an unattended car with the keys in the ignition. Always use some form of password protection to restrict access to your computer and never leave your computer unattended without activating it.

Security holes can be caused by a lack of vigilance on the part of system administrators. Many server operating systems come with default passwords and directories that are well known to hackers. Leaving these defaults in place is an invitation to disaster.

Dictionary Attacks

Are you using a standard English word as your password? Any hacker with a spellchecker, encyclopedia, thesaurus and knowledge of your encryption method can crack your password like an egg. By encrypting their English language references and running the encrypted words through your account login, it’s only a matter of time before they’re in and you’re out.

System administrators often use a blacklist utility to fight this kind of attack. After a number of failed logins (usually 4 or 5) further attempts are blocked.

Don’t Panic

Faced with these myriad ways in which you can lose your data, how can you possibly keep your information to yourself? By encrypting your data of course.