Three Main Forms of Gaining Unauthorized Access to Computer Systems
Hacking refers to the process of gaining unauthorized access to computer systems, typically across a network. Hacking can take different forms. Hacking for monetary gain is usually aimed at identity theft where the personal details and credit card details are accessed for the purpose of fraud.
Hacking could also occur with malicious intent. For example, a former employee might gain access to a network with a view to deleting files or passing information on to a competitor.
Hacking may not be directly related to theft or damage, rather gaining access to a system may be perceived by the hacker as a technical challenge. The term ‘hacking’ traditionally refers to process of creating program code, another form of technical challenge. This can almost be considered as a pastime, albeit an unethical one.
Three main forms of gaining unauthorized access to computer systems:
1. Normal Entry Points to Systems Through Usernames and Passwords
First, the normal entry points to systems through usernames and pass-words can be used. For example, many system log-ins have a username of ‘administrator’ by default. Sometimes the password will be the same. Other common passwords are days of the week or children’s names.
Tools are available to try different alternative log-ins although most modern systems will refuse access after several attempts. Hacking can be combined with identity theft to gain an idea of the passwords used.
2. Exploits Known Vulnerabilities in Systems
The second form of hacking exploits known vulnerabilities in systems. Although these vulnerabilities in operating systems such as Windows or Linux or web browsers such as Internet Explorer are publicly known and will be posted on the vendor’s Website and specialist security websites, there will be many system administrators who have not updated their systems with the latest security update or ‘patch’.
This is partly because there are many security vulnerabilities with new ones being announced every week.
3. Social Engineering
Thirdly, Kevin Mitnick refers to ‘social engineering’ which typically involves impersonating employees of an organization to access security details. One example, given in Mitnick and Simon (2002) is when the attacker contacts a new employee and advises them of the need to comply with security policies.
They then ask the user for their password to check it is in line with the policy of choosing a difficult-to-guess password. Once the user reveals their password, the caller makes recommendations to construct future passwords in such a way that the attacker will be able to guess it.
|BizEducator is a leading source of articles and tutorials on latest Business, Finance, Management, Technology, Social Media, Startup, E-commerce and more, which influence the people around the world.|