Computer hacking can involve a group, an individual, government agency or private agency who looks for exploits in computer systems or networks.
Individuals, companies or government agencies (who use privately funded groups) can gain remote access to machines without seeking permission; providing they have the right tools and know how.
Vulnerable systems include: computers, mobile phones, websites, gaming systems, new cars (built after 2013, using the CAN bus network) and web servers.
If you’re not thinking about security you should as it’s as important as every other aspect of your business.
Why hack a system or more to the point, what’s the point?
There are a few things to consider here for example; the main reason for gaining access to a system and how you go about gaining access to a system.
If someone gained access to your systems today what could they do with the information they collect? Let’s setup an XP machine without any security on it, if I left the firewall open, this system would be compromised within a few hours of going online. How would a hacker get in and why would they want to get in? Read on as I will explain this in more detail.
It’s your responsibility to make sure your mobile, network and computers have strong security policies
Don’t make excuses when it comes to security for example; budget, license costs, servers, hardware firewalls, the costs of an IT company that will look after your business, and taking the time to layout local system policies. Make sure you record everything that happens on your network, create a record system of everyone who logs onto your computer systems. Backup all your systems monthly, you should setup remote backup systems for every device you have, this type of backup is known as off-site storage, speak with your data center about this, or your web hosting company or IT company.
Installing software on your computer system can lead to security vulnerabilities in that software package
Within the first few hours of going online John could have hundreds of requests made to his system without him really knowing what is going on within his system.
His IP address will be on a range where 100 other people have a similar number or IP address as John does.
By this time a lot of information has been collected just by going online, and that’s before John registers on any other website, such as infamous social channels. Anyway, I hope you get the big picture, I have kept this brief just to enlighten you in relation to what happens online.
Acquiring data is big business, the more accurate the data, the more valuable the data
There is a good utility (program) called (TCP View) this allows you to see, close and open connections on your system in real-time (this is FREE). On your computer each service that is in use uses a PID number to identify each service running on your system, by identifying this service you can close this service down right away or investigate this further.
When it comes to running software on your computer, software developer’s state they need to support their software by allowing updates to take place, how do they know their software is out of date? Do they call you or send you an email? Isn’t this open to abuse?
How do you gain access to a system: why would you want to?
The easiest way to gain access to a system is to walk up to a system and control it from that point, the only issue here is gaining access to that system without anyone seeing you, this could be a difficult task. You have the other issue of distance, how long will it take you to get to the target location.
The other way is too remote into a system via another system; this is the common way in which attacks occur.
You can gain access to a system in a property or business which has low security, use this computer/system to access another system while using a proxy server. One thing to consider when doing this, you will leave a trail no matter how good you are. Think about your patterns, how you move around the web, what sites you visit, are you going to the same sites each time?
Do you use content or phases which make you unique, do you have a handle, think about your online profile, try hunting yourself down based on words you use and sites you visit.
Security, firewalls and virus protection
Without a firewall or virus protection on your system and leaving your system on 24/7, you will find your computer is being accessed a lot via requests; it can even be accessed more than 600 times a month by different systems.
Does this frighten you? It should, because this is what happens, think about when you log into your bank account, social media channels and access your email accounts, these people will have access to everything on your network.
What can I/we do to protect ourselves?
- You can hire a network security professional.
- You can invest in a good software firewall, antivirus protection, scumware protection and malware protection.
- You can invest in a good hardware firewall; double up on your security.
- Stay away from certain websites which can harm your computer, if you’re a company have a website policy in place specifying websites which can be used by people in your business.
- Get your system checked over regularly with a system health check, if you’re a business hire a network specialist to come into your business each month and make sure all your systems have up to date software installed on them, make sure your network is protected.
- Have a password policy which is being updated all the time, at least once or twice a month.
- If you’re a business or have a business computer or network at home have a disaster recovery plan in place.
- Make sure you have a backup policy in relation to your email, websites, company files, and personal files and folders.
- Last of all, ask yourself, if you lost all your system files today, or personal files what would you do? Invest in your security today and make sure you have backups of everything.
This is a start, and gives you a heads up on what you should be thinking about in relation to looking after your personal computer or network.
Encryption – securing your data packets
Put simply, you encrypt or secure data sent between two points when sending messages, performing transactions, sharing information and protecting your search profile online.
Microsoft, Google and Facebook spend tremendous amounts of money to make sure there systems are secure. What do I mean by secure? Simply data sent between point A to point B and from point B back to point A. This is one area of online security you should start to look at.
You can overcome encryption by hacking directly into a system or looking for exploits, an example; search for the POODLE attack method or click here for a wiki reference.
Examples that should use encryption
- Credit card transactions
- Passing data over a form
- Communication in the form of messenger services
- Email; sending and receiving
- Online banking
- Mobile communications
- Web and server communications
Unsecure, unencrypted network
Let’s look at this a little closer. If we say A is going to send information to B without encryption then packets can be intercepted and read. Not only can these packets be read by a third-party, they can include new attachments that could be harmful to your computer, network and mobile device.
Secure, encrypted network
By securing your communication through SSL adds layers of security to your line of communication. Deterring hackers is about all you can do.
Hacking your own system: test, test and test again
The point of hacking your own systems is to test the security of your systems, (if you know how to do this), and believe me other developers know how to do this. If you’re anything like me, you like to test your own security policies and wish it was as amazing as the old hacking movies.
I love the classic hacking movies such as Hackers, Swordfish and Wargames. In real-life, it’s not really like the movies! Maintaining your system security is about hard work and keeping up to date with the latest security exploits. So there you go.