Defend Your Computer From Hackers Essay, Research Paper
How to Shield Your Computer from Internet Crime
When you connect to the Internet, you are allowing you computer to communicate with millions of people who are also on the Internet. Suddenly, your hard drive is fair game. Some people called by various names: hackers, whackers, crackers, and some other more colorful names if your data is being destroyed. These people make it their business to find and make use of exposed hard drives. Sometimes, they just take an innocent look around; sometimes they delete files or even deposit a virus of nature. However, hope is not lost, with the steps outline in this paper you will be able effectively shield your computer from those who wish to make mischief.
When you connect to the Internet, especially through a broadband connection any open ports, or shared file files and services are like a beacon for hackers’ automatic scanners. You see, along with granting you extremely fast downloads and browsing capabilities broadband connection also leave you computer wide open to the world since it an always-on connection. The risk is greater for those people that have static IP address. Since this address never changes hackers can come back whenever they wish.
One way to see how vulnerable your computer is would be to have it tested by one the various websites that specialize in security. One very good website is hosted by the Gibson Research Corporation and has several helpful feature like “Shields Up”, the address for this site is www.grc.com. Another popular site with many useful utilities would be www.dslreports.com. If these sites show you some holes in your security they will recommend several actions. One of the easiest and most effective would be to turn off file and print sharing for your computer. The second thing you could do would be to obtain a personal firewall. In this area you have two options, hardware or software. If you want an inexpensive route then you can download a software firewall.
Firewall? Just what is that? Well, it either a software program of hardware device that effectively blocks outsiders from entering your computer. Software firewalls just need to be installed onto your computer and can be either automatically configured of manually. Hardware involves connecting your computer into another device. Two of the more popular software firewalls are Zone Alarm (www.zonelabs.com) and Norton Personal Firewall (www.symantec.com). Using Zone Alarm, the above sites could find no exposed ports or even that this computer even was on; Zone Alarm completely cloaks your computer.
Before I go further, the motives and history if the hacker should be discussed. It usually begins with contempt; most virus writers and hackers feel left out of mainstream society. They are usually at least mildly smart, but don’t want to get a regular job. They sometimes want to be famous, or to at least be recognized. Money, however, is not the motivation in most cases. Hackers often complain that information should be free. However, one cannot purchase groceries for free. If someone generates useful information they usually expect to be able to feed and house themselves because of their effort. The hacker theory of free information also ignores the huge amount of work that preceded the hackers’ access to the Internet and computers. All to often, a hacker is the intellectual version of those spray-painting teens. Feeling powerless, they can at least break into someone else’s computer; leave a mark of some kind, thus, letting the world know that they exist. Of course, you cannot stereotype a whole group of people with a single portrait. I’m sure that not all hackers are socially inept and nerdy; there are undoubtedly handsome, popular, athletic hackers. Perhaps, one or two. When these hackers grow up, those that are actually talented often join the other side. They end up working for the government of business that they once despised. Kevin Mitenick, probably one of the most famous hackers recently testified before congress. Large corporations have hired hackers as security specialists. Some hackers have even banded together to form security consultant companies.
Perhaps you have heard that there is a distinction drawn between the merely curious (the true hacker) and the destructive (the black hats, whacker or cracker). This distinction is a bit self-serving, there is however some truth to it. A pure hacker is only interested in decryption, seeing if they can breach security, or learning all that they can about networks and systems. The just watch, never do any harm to the subject. This definition fits many people, in fact it a pretty good description of anyone who is interested in learning. However, the media and the public ignore this distinction. To be fair, hackers do not always stay pure.
So what exactly is the distinction between hackers? There are sub categories within the hacker community, defined by how they apply the hacker ethic. The hackers who seek only to break into systems and see what information is there and do no damage, and whose primary goal is to ensure the freedom of information are called samurai. Whackers are defined as would-be hackers who merely investigate systems, without attempting to create security breaches. Crackers are hackers who for lack of a better word have gone over to the dark side. Crackers are interested in actually stealing information, and doing damage. Crackers are look down on by hackers, because they give hacking a bad name. Though some are clever, most are just persistent and use the code of others to the work for them.
Now for the interesting part, just how exactly does a hacker gain access to your system? The first step involves getting a password. One way that this can be accomplished is with a password-harvesting virus. A hacker merely sends the virus onto someone’s network, which then attaches itself to the networks logon procedure and then sends the information back to the hacker. This information is of course sent to bogus e-mail or a newsgroup where the hacker is waiting to snatch it up. There are numerous ways to cloak your e-mail and create ghost accounts but that is beyond the scope of this paper. It is only important to know that it can be done. One of the programs used by hackers is called a “mockingbird”. This is a small program that automatically intercepts name/password combinations as they are entered and send them back to the hacker. Another method may arise from some consultation work. While working on site the hacking may create a back door. Having done this he has a way to access the network and full access to everything he wants. Also, while on site the hacker may spy a yellow sticky note on someone’s computer with his or her password written on it. One clever method of obtaining password is called “spoofing”. The hacker sends e-mail to someone claiming to be a boss, or more often, a worker in the IT department. The hacker asks the user to type in their password and send it so it can be authenticated. This works better than one might think; most people are trained to polite and responsive to their superiors.
However, for every hacker trying to break in, there is a system administrator on the other side trying to build walls strong enough to keep data secure. One method companies use to fight back against hackers is known as bait and trace. There are several other names that are interchangeable, most notable being: iron box and Venus flytrap. These are all names for special traps set up to catch a cracker who is logging in over a remote connection. The idea is to provide the cracker with limited access to your network and also offer interesting information (known as bait files) to keep the user on the system long enough to be traced. An iron box is sometimes made up of an imitation operating system, a false shell that appears to be complete, but restricts the intruder in ways that are not easily noticed. Bait files are often included in the false shell. Sometimes an iron box is set to intercept certain types of behavior, ID’s or passwords. The whole idea is to detect, then delay the intruder. A business may also hire a security firm to monitor their network.
So, what topics have been discussed? Vulnerabilities and how to detect them, the motives and history of a hacker, the classification hackers sub groups, how a hacker infiltrates a computer or network, and measures that can be taken to stop them. As a result, we can now be more adequately prepared and more aware of what can be done to us and what we do about it. Remember, knowledge is indeed power.