Tag Archives: information security
Hacking – A Fullstop on E-system (Page 1 of 3)
Passion or Madness: Now days, it has become a passion to learn about hacking and information security. Sometimes I do not understand that whether it is a passion or a kind of madness. This passion has resulted due to several news articles, media stories and the excitement showing hacking related thrills in films. But, on the other hand there is a fact also that very few peoples know anything in-depth about the topic of hacking and information security. So, I would suggest that without adequate knowledge please do not get mad behind passion. Sometimes this passion may become dangerous from the legal point of view. There is nothing wrong to gain expertise, but there is need to realize a fact about incorrect issues behind hacking. I will come to this topic in depth, later in the same chapter. Be Alert and Aware: Do you think that hacking is an expert level work? Do you think that information security and hacking are one and same things? If yes! Then you are absolutely wrong. Many children in the age group of 14-16 years are having sufficient knowledge to hack any website or collect important data facts from the internet. So, internet being the big source of information it’s a child game to perform hacking related activities. Many hackers whose aim is to just earn money from you, they give seminars and workshops along with misguide you that, “learn hacking in an ethical way for a brilliant career”. But, I am not going to explain in this way, to any of you. Instead, I would like to explain the fact in a positive way with a positive attitude. A teacher’s task is to show right path to students and not misguide them for gaining their personal benefits. So I would suggest that instead of going for the knowledge of hacking, gain the knowledge by learning something, which is said to be an expert level job. And this expert level job is known as information security expertise in technical terms. Hope you might have understood the difference between hacking (not expert level job) and information security (expert level job) from this topic. So, be alert from such misguidance.
Other then passion, one more side of coin also exists. Many institutes and independent peoples call themselves hacker and/or information security experts. But the reality behind their expertise and skills gets displayed in front of non-technical peoples and the victims who undergo for training, courses, certifications, seminars and workshop with such types of self-claimed hackers or institutes, when such victims and non-technical peoples realize that they are not satisfied for which they have spent time and money. The actual reality behind fooling is that the peoples who undergo for such seminars, workshops, courses, etc. most probably undergo through a psychology that, “the person or institute from which we will receive knowledge during the training sessions is an expert or is providing quality education as he was published by media agencies or that it’s a branded name in market for related subject talent or that he is an author of any book”. I believe in practical, official and those tasks or actions for which evidence lies in front of my eyes. Thus, I am trying to explain to everyone that always be alert and aware, so that your hardly earned income does not get spend in such unnecessary waste of time.
Corporate Data Security
Corporate data is one of the prized trophies in the circles of information underground. Despite the fact that there are elaborate corporate data security policies in place, new threats keep on emerging every once in a while. While most of the threats are easily contained if you follow a proactive approach to corporate information security, the process of management of information security is not an easy one and you must be aware of new threats to deploy countermeasures in time.
The main threat in these new generation issues is the emergence of Botnets. Botnets use the power of distributed computing and connectivity provided by the internet. It is mainly used for attacks like distributed denial of service. They are something of an evolution of run of the mill computer virus or a worm. They are something like a set of interconnected computer worms working in tandem.
The process of deployment of a Botnet is simple. Anyone who can write a computer virus can easily modify it to take orders from a precoded computer over an IP connection. Every computer that gets infected with the said virus and is not healed in time becomes a part of the Botnet. As of now, Storm Worm has been the widest spread Botnet. It has since been contained but the worst of Botnet is yet to come.
Phishing attacks are another form of emergent threats to data security management. In fact phishing is turning into the worst nightmare every information security manager. The concept behind phishing emerged on AOL network. The main reason that phishing is becoming a very critical threat is because the attacker poses as the official entity. People find it really hard to differentiate between what is real and what is unreal. The result is that social engineering becomes ridiculously easy.
In most of the cases, the phishing attacks have been launched against banking institutions. Phishers would lure customers of these banks to reveal their account information by present a page which is designed in such a manner that it looks as realistic as can be. In the recent times there has been a wave of phishing attacks where the attackers pose as the Internal Revenue Service. They are known to attack people for procuring their social security numbers and other taxation related data.
Another threat to corporate data security is Pharming. This attack works on the principle of DNS poisoning which allows the attacker to divert the traffic coming to a corporate web site to any other web site. The main victims of Pharming are again banking institutions but they are also known to be used for intra organizational social engineering to steal crucial company data.
A number of technologies are in development to prevent the damage dealt by these corporate data security threats. The best solution as of now is to educate the users and make sure that they do not fall victim to social engineering.
Corporate Data Security
Corporate data is one of the prized trophies in the circles of information underground. Despite the fact that there are elaborate corporate data security policies in place, new threats keep on emerging every once in a while. While most of the threats are easily contained if you follow a proactive approach to corporate information security, the process of management of information security is not an easy one and you must be aware of new threats to deploy countermeasures in time.
The main threat in these new generation issues is the emergence of Botnets. Botnets use the power of distributed computing and connectivity provided by the internet. It is mainly used for attacks like distributed denial of service. They are something of an evolution of run of the mill computer virus or a worm. They are something like a set of interconnected computer worms working in tandem.
The process of deployment of a Botnet is simple. Anyone who can write a computer virus can easily modify it to take orders from a precoded computer over an IP connection. Every computer that gets infected with the said virus and is not healed in time becomes a part of the Botnet. As of now, Storm Worm has been the widest spread Botnet. It has since been contained but the worst of Botnet is yet to come.
Phishing attacks are another form of emergent threats to data security management. In fact phishing is turning into the worst nightmare every information security manager. The concept behind phishing emerged on AOL network. The main reason that phishing is becoming a very critical threat is because the attacker poses as the official entity. People find it really hard to differentiate between what is real and what is unreal. The result is that social engineering becomes ridiculously easy.
In most of the cases, the phishing attacks have been launched against banking institutions. Phishers would lure customers of these banks to reveal their account information by present a page which is designed in such a manner that it looks as realistic as can be. In the recent times there has been a wave of phishing attacks where the attackers pose as the Internal Revenue Service. They are known to attack people for procuring their social security numbers and other taxation related data.
Another threat to corporate data security is Pharming. This attack works on the principle of DNS poisoning which allows the attacker to divert the traffic coming to a corporate web site to any other web site. The main victims of Pharming are again banking institutions but they are also known to be used for intra organizational social engineering to steal crucial company data.
A number of technologies are in development to prevent the damage dealt by these corporate data security threats. The best solution as of now is to educate the users and make sure that they do not fall victim to social engineering.