Home | Site Map | Search | Contacts
About Us
News
Events
Services
Resources
Report Incidents
Incident Statistics
Security FAQS
Training
Vacancies
Links

Search NISER
  NISER > Security FAQS
  1. Is hacking normal?
  2. Why does it happen?
  3. Even school boys are able to do it. Why?
  4. How do you track hackers?
  5. Is recovery possible? How fast is recovery?
  6. What are the immediate measures to take?
  7. What kind of consistent measures that can be implemented?
  8. "Firewall protection" - what is this?
  9. Even Pentagon website have been hacked - does this mean hackers are even more proficient than the so-called computer experts?
  10. Who are the people who like to hack into websites and why do they do so? Do you think the problem will become worse in the near future?
  11. What kinds of websites do the hackers target and why?
  12. What should you do as soon as you know a website has been hacked?
  13. What kind of security measures are there available at present and can these prevent hacking all together?
  14. Is it difficult to trace a hacker? How is the tracing done?
  15. Can we also have the latest statistics on Internet Abuse?
  16. Other comments and views.

1. Is hacking normal?

    If you mean normal is common - YES. If you ask if it is sane - I guess yes, too.

    There has been discussions at various avenues on the terminology used - hackers vs crackers. Hackers are defined as individuals who have strong interest in the workings of any computers. They have grown to have a certain code of ethics - they don't damage systems or data. They are good programmers and their activities are productive and creative. Crackers on the other hand, are definitely not bound to any ethics. They break into systems with malicious intent or profit and destroy data and system. Crackers rarely write their own program. They rely on tools made available by others - another term for them are script kiddies. Their efforts are destructive in nature. However, even among the hackers there are now emerging those without ethics. They are termed as the black hat hackers and the ethical hackers are termed white hat hackers.

    I believe the local media needs to correct these terminology so as crackers do not feel like they have their status lifted to becoming a hacker, through their destructive activities.

    Top

2. Why does it happen?

    There are various internal as well as external factors to why intrusions happen.

    Internal factors:

    1. Lack of control and poor management in computer administration.
    2. Lack of knowledge and exposure in aspects of computer security.
    3. Low priority given by the top management for example, lack of top level security policy that are communicated and executed effectively.
    4. Poor or haphazard computer network and system design that are unsafe, ill equipped with security components and misconfigured systems and application.
    5. Outdated software, lack of maintenance.

    External factors:
    1. There are thousands free exploit tools or programs made available over the Internet.
    2. Vulnerable computer systems and application.
    3. Motivation, i.e. from peers, for establishing status quo, or monetary gain.
    4. Lack of ethics and professionalism among budding technologists, either in school or higher learning institution.

    Top

3. Even school boys are able to do it. Why?

    Cracking as I have explained just now are made simple. This is so, especially when more user friendly (point and click) cracking tools are made available in 1999, and such releases has not stopped till now. These tools which was released by some "black hat" hackers initially claim those tools were for system administrators to maintain their remote system, turned out to be an effective spying tools - especially when system administrators are the last to obtain and try out the tools on their network. Cracking has been made simple.

    Top

4. How do you track hackers?

    There are various ways of tracking a cracker or a hacker. However, often times, a hacker would have done a better job at removing their traces than a cracker. In tracking such activities, care must be given to preservation of evidence to ensure that no evidences are lost or tampered with.

    Top

5. Is recovery possible? How fast is recovery?

    Recovery is possible if dealt with care. MyCERT had dealt with incidents in which action taken by the administrator was slow and careless, thus causing more damage to their system when the crackers find that their activities are known. The period of recovery depends on the resources available. Having the following mechanisms in place would speed up recovery:- incident response procedures, recovery procedures, backed-up data, standby unit for replacement and full control and access to the network.

    Top

6. What are the immediate measures to take?

    In handling incidents involving intrusions, there are two options on methods of response. One is to disconnect and prosecute, which basically means disconnecting the target host from the network and analyze the traces for possible prosecution and recover the services immediately through machine replacement. The second option is to continue and track the intruder, by allowing the intruder to continuously use the system, in which the important data are already being backed up and the system compromised is a decoy. Access will continue until the administrators manage to identify the perpetrator.

    Top

7. What kind of consistent measures that can be implemented?

    There are various measures that can be implemented however they are often neglected due to misconception of priorities or just plain ignorance. Network equipment, although self running, requires monitoring and maintenance, not only for performance but also for security purposes.

    Computer security needs to be applied at all levels of network and application implementation, including, planning, risk assessment, design, audit, testing, and maintenance. Computer security responsibility must be shouldered by various level of personnel in an organization, from the level of CEO, Information Security Officers, IT managers, system developers, system integrators, network and system administrators until the users. Policy and procedures must be applied and measured for effectiveness. Monitoring of network and system activities is key in detecting anomalies that may be due to security breach.

    Top

8. "Firewall protection" - what is this?

    Firewall is a type of network perimeter defense. It protects the network from external threats however it does not help in deterring internal threats. There are two types of firewall, one which functions like a packet filter, and one that functions like a proxy. Depending on the needs of the network, any one of these types of firewall, if applied correctly would be effective in deterring external threats. However, there are attacks that can bypass the firewall, since firewalls may not be intelligent enough to block attacks that seem like genuine traffic request.

    Top

9. Even Pentagon website have been hacked - does this mean hackers are even more proficient than the so-called computer experts?

    Web servers, mail servers and Domain Name servers are prime targets of attacks. Reason being these services need to be publicly accessible in order to function. It is a challenge to protect these servers from penetration. However, it does not mean that they are impossible to be protected. Sometimes, it is not so much of expertise, but it is a matter of procedures that are undefined or not adhered to, human error in maintenance causing exposure or loophole, and many other possible reasons that sometimes appear to be too unimportant that they are dismissed unnecessarily. In large organization especially, such quality for security must be controlled and communicated to all levels of implementations, and that can be a challenge on its own.

    Top

10. Who are the people who like to hack into websites and why do they do so? Do you think the problem will become worse in the near future?

    The crackers and hackers range from students (drop-out) to ex-employee. Normally professional hackers would not hack web sites, they would rather go for more sensitive information, i.e. your financial systems. Web defacing has been termed similar to grafity in our real world.

    It may become worse if network and system administrators are still not competent in managing the security of their network, systems and applications.

    Top

11. What kinds of websites do the hackers target and why?

    Any websites that could serve their purpose. Web servers, mail servers and Domain Name servers are prime targets of attacks. Reason being these services need to be publicly accessible in order to function. It is a challenge to protect these servers from penetration. However, it does not mean that they are impossible to be protected. Sometimes, it is not so much of expertise, but it is a matter of procedures that are undefined or not adhered to, human error in maintenance causing exposure or loophole, and many other possible reasons that sometimes appear to be too unimportant that they are dismissed unnecessarily. In large organization especially, such quality for security must be controlled and communicated at all levels of implementations, and that can be a challenge on its own.

    Top

12. What should you do as soon as you know a website has been hacked?

    In handling incidents involving intrusions, there are two options on methods of response. One is to disconnect and prosecute, which basically means disconnecting the target host from the network and analyze the traces for possible prosecution and recover the services immediately through machine replacement. The second option is to continue and track the intruder, by allowing the intruder to continuously use the system, in which the important data are already being backed up and the system compromised is a decoy. Access will continue until the administrators manage to identify the perpetrator.

    Top

13. What kind of security measures are there available at present and can these prevent hacking all together?

    Hackers are not the actual threat, ignorance is.

    There are various measures that can be implemented however they are often neglected due to misconception of priorities or just plain ignorance. Network equipment, although self running, requires monitoring and maintenance, not only for performance but also for security purposes. There are many IT personnel who are not aware on how to configure and maintain the security of their computers, thus, continuous ICT Security education should be given top priority by the organization.

    Computer security needs to be applied at all levels of network and application implementation, including, planning, risk assessment, design, audit, testing, and maintenance. Computer security responsibility must be shouldered by various level of personnel in an organization, from the level of CEO, Information Security Officers, IT managers, system developers, system integrators, network and system administrators until the users. Policy and procedures must be enforced and measured for effectiveness. Monitoring of network and system activities is key in detecting anomalies that may be due to security breach.

    Top

14. Is it difficult to trace a hacker? How is the tracing done?

    There are various ways of tracking a cracker or a hacker. However, often times, a hacker would have done a better job at removing their traces than a cracker. In tracking such activities, care must be given to preservation of evidence to ensure that no evidences are lost or tampered with.

    Top

15. Can we also have the latest statistics on Internet Abuse?

 16. Other comments and views.

    Computer security has always been perceived as a specialized area that only those in the line of computer security would have to have a grip on. However, we would like to correct that perception. Organizations need to realize that security is very much the responsibility of all levels of IT implementers, including, but not limited to, system and application developers, system integrators, and network and system administrators. If these people are unfit to carry out the task effectively, they need to be trained. As we depend more on technology to carry out our more critical tasks, we will have to put security at the forefront as one of the first requirement to build that element of trust and faith in Information and Communication Technology (ICT).

    Anyone working in computer industry will appreciate the sheer velocity of change and evolution, however, end user products, i.e. PC and network devices, needs improved security and someday product developers will realize that computer security is an important element that is a standard requirement, not an optional accessory or luxury.

    Like a car, you really do not want to buy a car that has the same ignition key as a few thousand other cars, which raises the chances of your car being stolen. The same goes with buying a car that has a hole that allows anyone to unlock the doors by inserting a metal rod into it. This same line of thinking goes for computer and network devices.

    Top
Disclaimers and copyright information
Last Update March 11, 2001