Hack Attack
Before you can implement web-security solutions, you first must understand potential problems. David Dumas, GTE Laboratories principal member of technical staff, said passive attacks are when hackers listen and collect data, often as a prelude to an active attack. Active attacks are when they change, delete, alter or add to your data.
Dumas explained the various ways people can hack into your billing records and data through the World Wide Web. Social engineering is a common, non-technical way to access system passwords, and sometimes all too easy. The attacker socializes with company personnel to find out people's names and the departments in which they work, then he name-drops in conversations with other employees to learn user names and passwords as a front end to an electronic attack. Once he has that information, he can break through firewalls to look at customer records, credit-card numbers and security PINs.
Other hackers will pose as employees. They might make an authentic-looking company badge and walk into your building or apply to the company as a janitor. Sometimes a hacker will install a sniffer while he is there. Dumas said a sniffer, which is commonly available from various Internet sites, plugs into a network jack and collects user names and passwords.
"It could be on your box today," Dumas said. "You can't detect it."
Some hackers don't even have to install a device because they find Post-It notes in plain view with passwords written on them.
Hackers have other means to get at your passwords. One is through simple trial and error. If they know you have security in place, hackers actually will slow down attacks to avoid setting off bells and whistles, Dumas added. Password-guessing software, such as Cracker, also facilitates attacks. Some can listen to your system, capture passwords and then knock the legitimate user off the system so the hacker becomes the user.
Attacks known as man-in-the-middle, spoofing and Trojan horse also can capture passwords and PINs. A "man-in-the-middle" attack is when a hacker appears to the server as if he were the legitimate remote agent. To the end user, he looks like the server. The user unknowingly sends credit-card information to the hacker. Spoofing occurs when a user logs in to a remote system. The workstation is not actually connected to the remote system, but it generates the log-in banner and prompts the user to input his user ID and password. Software captures the information and kicks the end user off the system. In a Trojan horse attack, the hacker alters the local system to allow a later entry. He may use a bogus code to bypass system controls to hide the existence or current status of an account.
More: http://web.ebscohost.com/ehost/detail?sid=1fff7848-8fc8-464a-8ccc-fd71bf9a203d%40sessionmgr11&vid=5&hid=14&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN0001858715-3
No comments:
Post a Comment