Computer Security

Computer hacking can involve a group, an individual, government agency, or private agency that looks for exploits in computer systems or networks.

Individuals, companies, or government agencies (who use privately funded groups) can gain remote access to machines without seeking permission; providing they have the right tools and know-how.

Vulnerable systems include computers, mobile phones, websites, gaming systems, new cars (built after 2013, using the CAN bus network), and web servers.

If you’re not thinking about security you should as it’s as important as every other aspect of your business.

Why hack a system or more to the point, what’s the point?

There are a few things to consider here for example; the main reason for gaining access to a system and how you go about gaining access to a system.

If someone gained access to your systems today what could they do with the information they collect? Let’s setup an XP machine without any security on it, if I left the firewall open, this system would be compromised within a few hours of going online. How would a hacker get in and why would they want to get in? Read on as I will explain this in more detail.

It’s your responsibility to make sure your mobile, network, and computers have strong security policies

Don’t make excuses when it comes to security for example; budget, license costs, servers, hardware firewalls, the costs of an IT company that will look after your business, and taking the time to layout local system policies. Make sure you record everything that happens on your network, create a record system of everyone who logs onto your computer systems. Backup all your systems monthly, you should setup remote backup systems for every device you have, this type of backup is known as off-site storage, speak with your data center about this, or your web hosting company or IT company.

Networks Diagram

Let’s create a fictitious person called John. John has never been online before; he bought a cheap system with an outdated operating system and goes online for the first time. What John does is create a footprint online, he goes from site to site where IP addresses are stored more importantly John’s IP address is recorded. Not only that, his computer has software programs installed on it, these programs make requests to servers without his knowledge. John should have read his terms of use when or before installing any software, try to understand for a moment what you’re agreeing to.

Installing software on your computer system can lead to security vulnerabilities in that software package

Within the first few hours of going online, John could have hundreds of requests made to his system without him really knowing what is going on within his system.

His IP address will be on a range where 100 other people have a similar number or IP address as John does.

By this time a lot of information has been collected just by going online, and that’s before John registers on any other website, such as infamous social channels. Anyway, I hope you get the big picture, I have kept this brief just to enlighten you in relation to what happens online.

Acquiring data is big business, the more accurate the data, the more valuable the data

There is a good utility (program) called (TCP View) this allows you to see, close and open connections on your system in real-time (this is FREE). On your computer each service that is in use uses a PID number to identify each service running on your system, by identifying this service you can close this service down right away or investigate this further.

An overlooked area, something that people don’t pay attention to, and you should, read your terms of use when installing software or agreeing to get access to a website, you might surprise yourself with what you are agreeing to.

When it comes to running software on your computer, software developers state they need to support their software by allowing updates to take place, how do they know their software is out of date? Do they call you or send you an email? Isn’t this open to abuse?

How do you gain access to a system: why would you want to?

The easiest way to gain access to a system is to walk up to a system and control it from that point, the only issue here is gaining access to that system without anyone seeing you, this could be a difficult task. You have the other issue of distance, how long will it take you to get to the target location.

The other way is to remote into a system via another system; this is the common way in which attacks occur.

You can gain access to a system in a property or business which has low security, use this computer/system to access another system while using a proxy server. One thing to consider when doing this, you will leave a trail no matter how good you are. Think about your patterns, how you move around the web, what sites you visit, are you going to the same sites each time?

Do you use content or phases which make you unique, do you have a handle, think about your online profile, try hunting yourself down based on words you use and sites you visit.

Security, firewalls, and virus protection

Without a firewall or virus protection on your system and leaving your system on 24/7, you will find your computer is being accessed a lot via requests; it can even be accessed more than 600 times a month by different systems.

Does this frighten you? It should, because this is what happens, think about when you log into your bank account, social media channels and access your email accounts, these people will have access to everything on your network.

What can I/we do to protect ourselves?

  1. You can hire network security professionals.
  2. You can invest in a good software firewall, antivirus protection, scumware protection, and malware protection.
  3. You can invest in a good hardware firewall; double up on your security.
  4. Stay away from certain websites which can harm your computer, if you’re a company have a website policy in place specifying websites that can be used by people in your business.
  5. Get your system checked over regularly with a system health check, if you’re a business hire a network specialist to come into your business each month and make sure all your systems have up-to-date software installed on them, make sure your network is protected.
  6. Have a password policy that is being updated all the time, at least once or twice a month.
  7. If you’re a business or have a business computer or network at home have a disaster recovery plan in place.
  8. Make sure you have a backup policy in relation to your email, websites, company files, and personal files and folders.
  9. Last of all, ask yourself if you lost all your system files today, or personal files what would you do? Invest in your security today and make sure you have backups of everything.

This is a start and gives you a heads up on what you should be thinking about in relation to looking after your personal computer or network.

Encryption – securing your data packets

Put simply, you encrypt or secure data sent between two points when sending messages, performing transactions, sharing information, and protecting your search profile online.

Microsoft, Google, and Facebook spend tremendous amounts of money to make sure their systems are secure. What do I mean by secure? Simply data sent between point A to point B and from point B back to point A. This is one area of online security you should start to look at.

You can overcome encryption by hacking directly into a system or looking for exploits, an example; search for the POODLE attack method or click here for a wiki reference.

Examples that should use encryption

  • Credit card transactions
  • Passing data over a form
  • Communication in the form of messenger services
  • Email; sending and receiving
  • Online banking
  • Mobile communications
  • Web and server communications

Unsecure, unencrypted network

Let’s look at this a little closer. If we say A is going to send information to B without encryption then packets can be intercepted and read. Not only can these packets be read by a third party, but they can also include new attachments that could be harmful to your computer, network, and mobile device.

Secure, encrypted network

Securing your communication through SSL adds layers of security to your line of communication. Deterring hackers is about all you can do.

Hacking your own system: test, test, and test again

The point of hacking your own systems is to test the security of your systems, (if you know how to do this), and believe me other developers know how to do this. If you’re anything like me, you like to test your own security policies and wish it was as amazing as the old hacking movies.

I love the classic hacking movies such as HackersSwordfish, and Wargames. In real life, it’s not really like the movies! Maintaining your system security is about hard work and keeping up to date with the latest security exploits. So there you go.