January 18, 2005

Vamsi Chemitiganti talked about network security from a hacker's perspective Jan. 13 in University Crossings. Chemitiganti has been working in the field for over six years as a programmer and network administrator for Siemens.

Currently he is designing a Hospital Information System for Siemens. These are impressive credentials that led to a terse discussion of hardening a computer network.

The term hacker may or may not conjure up the false connotation of a bad guy trying to hijack a computer; that definition actually belongs to a cracker.

Search Engine Optimization and Search Engine Marketing by experts

A hacker is someone who would rather test an operating system for security holes so that they can be fixed, rather than commit any malicious acts. The reason for the confusion lies in the media and movies calling criminals hackers.

Misnomers aside, crackers exist because they like the challenge and because computers are insecure.

What leads to this insecurity? Lack of education and bad design are the cause of the problem, according to Chemitiganti. People are simply unaware how vulnerable their computers are and as a result don't take the time to harden their computers.

Also, new vulnerabilities open up all the time and it is tough to keep up with them. He also noted that poor software design leads to holes in programs.

It is important that software developers take responsibility for their own products and make security a top issue. He joked that "Security is an extra feature in Microsoft products." Security should be as fundamental to the design of software as functionality.

He then went over some mass-mailing programs and described the steps that someone would go through to take over a weak system. First they scan their target and enumerate information about what programs the computer is running. Direct access can be obtained through password cracking or social engineering. Once in, they give themselves full access so that they can gather more passwords and information about the system. Then, just before they would get caught, they leave backdoors on the computer so they can control it whenever they want, from wherever they want.

Popular tools that crackers use are scanners, like Nessus, that will give up information about the system. This includes which operating system it is running and which ports are vulnerable. They also try to crack passwords with password crackers and use Trojans which hide little malicious programs in legitimate programs such as Notepad.

These open up a backdoor, letting the attacker get onto the infected system whenever they want.

In order to protect against such attacks, defensive measure like firewalls and intrusion detection systems (IDS's) can be implemented.

Firewalls block unwanted connections and IDs are proactive programs that can tell when an attacker is on a system and take a specified action against the attacker.

Leasing links to your website will boost your search engine visibility

Of course, an IDS is overkill for a home machine, but firewalls are valuable tools for the home as well as the office.

If you find yourself on a computer that has already been compromised, there are a few things to keep in mind.

Don't bother patching or running a virus scanner. If you are already infected, it is already too late. It is suggested that you rebuild your computer and start anew.

Source: The Triangle.org

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

        

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.