General discussion

Locked

Prepare a manuscript titled "Protecting your network as an ethical hacker"

By Aldanatech ·
I am working on a research project on ethical hacking as part of my requirements to complete my Bachelor of Science degree with a concentration on Network Technology. The purpose of this project is to make a study on two important aspects of Information Technology security. One is ethical and unethical hacking. The other aspect is the methods for counter-hacking. Ethical and unethical hacking will focus on the differences between them, at what point is hacking considered ethical, and what is considered to be an ethical way of protecting yourself, and your network. The counter-hacking methods study will include preventive measures against common hacking methods, but not specific details on how the attack is actually performed. Details on the latest protection features and products from Cisco, Microsoft, Novell, and Symantec will also be featured. I might also include some details on the current laws that support network security.

This project is expected to be completed in two months. What I would like from you is to review my progress (about once a week or so) and provide with feedback such as corrections, additions, and clarifications. I would also like your opinion on my research topics. Do you believe any of them are irrelevant or unnecessary?

The URL of my project is:

http://www.aldanaweb.com/capella/

Moreover, I will keep track of my notes and progress in:

http://www.aldanaweb.com/capella/statusreport.htm

I trust the knowledge and expertise from everyone in Tech Republic and all the help you can provide me will be appreciated. Also, let me know if you would like me to include you in my contributors list.

This conversation is currently closed to new comments.

29 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Small correction

by Aldanatech In reply to Prepare a manuscript titl ...

Just wanted to verify the URL of my status report page:

http://www.aldanaweb.com/capella/statusreport.htm

Collapse -

OK Josh

by HAL 9000 Moderator In reply to Prepare a manuscript titl ...

While the second link was dead the first one did give me the front page of the report.

I'll keep an eye on how you are proceeding and add any corrections or addendum's as I see fit.

I could say that there is no such thing as "Ethical Hacking" but as I've just thrown down a challenge to everyone here at TR to crack a Web Page's Security I would be a bit of a hypocrite as I see a very important part for what you wish to call "Ethical Hacking" although I prefer to think of it as "Penetration Testing."

Perhaps that could be a sub title to make it a bit more palatable to the "Powers That Be" although it is a college assignment I suppose that was the title you where given to work with.

Any way best of luck with your endeavors.

Col

Collapse -

Thanks

by Aldanatech In reply to OK Josh

Thank you. Your assistance is appreciated.

Collapse -

Which laws are more relevant?

by Aldanatech In reply to Prepare a manuscript titl ...

On Unit 3 of my research phase:

http://www.aldanaweb.com/capella/ts4992unit3.htm

I posted a set of links to sites about laws that could help enhance or assist IT security or privacy. Which ones do you think are the most relevant ones for this purpose?

Note: If you cannot open the page, go to my home page:

http://www.aldanaweb.com/capella

and click on Unit 3 of Weekly Tracking of IAL Project.

Collapse -

OK as I commenting from Australia

by HAL 9000 Moderator In reply to Which laws are more relev ...

Things might be a little different but here you first have to look at Federal Laws then State Laws and see which apply to what you are doing as obviously different laws would apply to a bank than to a military developer {Hardware.}

However the one that is always for most is the Privacy Laws {both Federal & State} no matter where you are as you allow this to be breached and personal data getting out about customers/clients or co-workers without their permission you are looking at some serious Jail Time.

While it is a great idea to submit a Universal Thesis these never cover every aspect of what different areas require depending on the outline of what you have been given to work with the best that you can hope for is some form of "General" overview of what is required.

As I don't live in America I would suggest you get in contact with some Legal Studies Students to get their take on it or if you have access a practicing Lawyer within the area that who are required to write about ask him/her. Law like this course varies depending on what exactly you are trying to protect and provided you follow some common sense practices while not being "Strictly Legal" they will not cause you any problems. What you really need to know is how much the relevant laws can be bent without breaking them to protect the hypothetical network from unauthorized penetration.

Generally any testing of network security by the person responsible for administering the network or any authorized person/companies hired to perform these tests are legal it is only when these tests are performed without the knowledge of the Administrator for nefarious means that troubles arise.

Now the reality of the real world is that you do what is necessary to protect the network from penetration no matter what and then worry about the legal aspects latter.

But you can generally manage this without bending too many laws and unless there is something in place that gives authority to outside agencies to monitor the system there normally is not a problem. However as I've already said it all depends on what you are trying to protect.

Col

Collapse -

Josh with th TR site not working properly

by HAL 9000 Moderator In reply to Prepare a manuscript titl ...

At the moment it be better if you e-mail me direct with any questions {that is if you still want my input} so if you do I can be contacted at colinluck@quicknet.com.au if you want to ask any questions about what you are doing or how to approach something.

Col

Collapse -

OK

by Aldanatech In reply to Josh with th TR site not ...

Okay Col. I will e-mail you directly whenever something new comes up in my assignment. I will still be posting here for other to review.

Collapse -

Protecting your identity on the Internet

by Aldanatech In reply to Prepare a manuscript titl ...

During the nineties and early years of the twenty first century, the Internet (also known as the World Wide Web) quickly evolved to be a way to overcome borders and global distances even more remarkably than earlier forms of communication such as the telegraph, the telephone and the fax. Millions of sources of information can be accessed from anywhere there is connection to the World Wide Web. E-mail allows anyone to send a letter to almost anywhere in the world in only a few seconds without a need for postage. Chat rooms allow groups of two or more users to interact in bi-directional conversations in locations that could range from the same street to a country on the other side of the world. The Internet is particularly beneficial to organizations that take advantage of the opportunities of e-commerce by opening national or international markets for their products. For the consumer, the Web allows him or her to purchase products that are either less expensive than the local retail store or unavailable in town. It also allows consumers to consult account balances, make payments, and register for services ? all online. Millions of bits of information travel through cables, routers and off antennas. Their final destination is usually in a server?s hard drive. All this convenience makes it extremely tempting for Hackers or other cyber criminals to access information for such destructive purposes as identity theft. This happens when they impersonate a victim for personal or other gains. Cyber criminals usually use the information they gain for committing credit card fraud, requesting loans, or sign up to other services. In 1997, the U.S. Secret Service estimated the cost of identity theft at $745 million (Bidwell, 3). Besides the bills that victims get for services they never requested and charges for credit cards that the victim never even signed up for, the victim?s credit tends to decline drastically. Even if users usually don?t fill-out online forms or perform transactions on the Internet, many still keep files with private information on their hard drives. When these users are online, their information is at the mercy of unscrupulous cyber criminals. This happens most often in extremely vulnerable networks such a cable modem services. All this could easily add up to at least 100 million dollars in damages (Dunsmore, 2). In early 2000, the Computer Security Institute (CSI) with assistance from the San Francisco office of the Federal Bureau of Investigation (FBI) performed the ?2000 CSI/FBI Computer Crime and Security Survey?. The survey shows that 90 percent of the participants from large U.S. corporations, financial institutions, medical institutions, universities, and government agencies detected security breaches in 1999. Around 70 percent of the participants experienced more serious breaches than viruses or employee Web abuse; and 42 percent claimed financial losses that totaled over 265 million dollars in damages from cyber attacks (Dunsmore, 2). The cyber criminals responsible for these liabilities are identified as Hackers. It is important, however, to keep in mind that a Hacker is not actually someone who breaks in to systems for illegal or destructive purposes. A hacker does possess such abilities, but a hacker can also be hired to test a system?s security. The term that we would use for someone that uses his or her skills for malicious purposes is a Cracker. There is even a third type of malicious user called a Script Kiddie. The Script Kiddie is derived from the Cracker, but is far less talented than the Cracker. Instead, they use well-known tricks and tools programmed from true Hackers or Crackers. They are derived from the crackers because they also tend to use their resources at hand for malicious purposes. For convenience purposes, all these groups are referred to Hackers. Truly talented Hackers are extremely proficient in programming languages, how operating systems work, the protocols used in networks, how applications interact with each other, and even the history of networks and its services (Dunsmore, 5). Sometimes it is as easy as doing a simple search on the Internet. With a person?s name or phone number, some search engines can help a malicious hacker find more information about an individual, such as an address. If the hacker is proficient enough, and knows where the individual makes frequent purchases, he or she can break into that site and steel the victim?s information (Bahadur, 16). Now, just because Hackers possess all these abilities, does mean that we should avoid using anything that relates to Information Technology. The fact is that no matter how good their technical skills are, they can only go so far without the necessary information to get started. Knowing some of the key sources where malicious users get the information they need, and avoiding common mistakes can help drastically reduce the chances of become another identity theft victim. One good place for an identity stealer to begin is in the victim?s trash and mailboxes. One of the biggest mistakes that people make is tossing old banking or credit documents in the trash without shredding them. Pre-approved credit or loan solicitations in the trash can also give provide some the perpetrator something to start with. Using an unlocked mailbox to receive and send mail makes identity stealer?s job as easy as sneaking in it and going through it (Bidwell, 4). A lost or stolen wallet with a credit card and driver?s license can lead to identity theft, but the situation can particularly get out of hand if the wallet?s owner makes some of the most dangerous mistakes. The social security card should not be carrier in a wallet, nor should a social security number be printed in a health insurance card, a driver?s license, or personal checks. Likewise, a social security number should not be used as an online account name, particularly for a bank, health insurance, or stockbroker. Password for online bank accounts and ATM personal identification numbers should not be written down anywhere in the wallet. Along with these preventive measures, it is always recommended to monitor your own identity by requesting yearly credit reports, reading website privacy policies before disclosing any kind of private information, and running both firewall and anti-virus software on your computer (Bidwell, 5). All these preventive measures do reduce the possibility of becoming a victim of identity theft, but it is not by all means a full warranty of immunity. If a hacker gets lucky, he or she might even find vital information about a potential victim online. Anything that seems suspicious in the latest credit report, bills for unsolicited services, and recurring credit card offers are signs that indicate a possible process of identity theft, and immediate action should be taken. The first step is to file a police report with local law enforcement. If the imposter is suspected to be in another state, a report should be filed in that state as well. Credit reports and any sort of relevant information such as a list of credit card numbers, bank account numbers, and billing cycle information will be useful for investigation purposes. While the investigation takes place, it is important to have a copy of everything that relates to it such as the police reports. They will help close accounts and obtaining credit for purchases you didn?t make (Bidwell, 273). The second step is to report fraud and stolen accounts. This will include closing credit card accounts, bank and loan accounts, and any other commercial accounts such as memberships for clubs, grocery or department stores, and video rentals. All sorts of online accounts require attention as well. First, all passwords must be changed immediately, and every online service such as Internet Service Providers, banking institutions, and auction sites must be contacted so they can take necessary steps for protection. If a theft involves a website account or password, then the account should be deleted and not be used again. The final step is to notify the Federal Trade Commission (FTC) toll-free at 1-877-IDTHEFT (1-877-438-433. If the fraud involves your driver?s license or Social Security Number then those should be reported as well (Bidwell, 276). Because identity theft is an increasing issue in the information age, and the recovery process is so tedious, several laws have either been passed or are somewhere in the several stages of development. Two of the earliest of these laws are the Freedom of Information Act (FOIA) and the Privacy Act of 1974. The Privacy Act allows you to obtain and correct your own information as needed to keep it accurate and complete. The FOIA is similar to the Privacy Act, but it only applies to federal agencies and does not give the right to access records held by Congress, the courts, or state or local government agencies (Dunsmore, 59). Today, Information Technology offers several benefits to our way of living, but we really shouldn?t avoid it because of its several inconveniences such as identity theft. Even though the Internet and its services are still considered to be at its early stage, they have extended so much that any attempt to stop it or reverse it would be unrealistic. Early developments of other tools such as the automobile were probably seen as menacing as the Internet today. Many of the major issues with the automobile were addressed with proper education. Likewise, proper education on preventive and corrective measures can be taken to protect our identity. It will also help our society evolve and find better ways to take the best out of the Internet, while countering the worse of it.

References:

Bahadur, G., Chan, W., & Webber, C. (2002) Privacy Defended: Protecting Yourself Online,
16-17.

Bidwell, T., Russell, R., & Cross, M. (2002). Hack Proofing Your Identity In the Information
Age. Rockland, MA: Syngress Publishing, Inc. 3 - 5, 273, 276.

Dunsmore, B., Brown, J.W., Cross, M. & Cunningham, S. (2001). Mission Critical! Internet
Security. Rockland, MA: Syngress Publishing, Inc. 2, 5-6, 59.

Collapse -

While the references are great

by HAL 9000 Moderator In reply to Protecting your identity ...

You are restricting all of your inquiries to the US but if you where to have a look in the UK you would find that there are public records which show just how lax the banking sector actually is.

It is possible for anyone to obtain a PIN number within 15 attempts if they know what they are doing. This was mentioned in a Court case last year where all the finical institutions tried to get a restraining order on evidence placed before a court and supplied by a "Post Graduate" student from his final Thesis. Even if the courts did suppress this which I'm not sure that they could as it is all public record it would only require some basic research to find it all out again.

Incidentally you forgot to mention that the very first case of hacking that occurred in the world originated from Melbourne Australia back in the Unix days where the Melbourne Uni was hacked and what now is known as the Internet was used to access other computers to reek havoc and steal data. At the time that this was going on there where no laws against this activity and it was the Australian Federal Police who succeeded in recording the first data transfers across phone lines where they could be reconstructed and decoded. Laws where only introduced here in Australia after a request from the US Government because all the big companies where being hit and generally vandalized but because it was an "International Event" nothing could be done about it. Eventually some of the people involved where caught and charged with stealing Melbourne Uni Computer time nothing more.

Now that is something that I bet isn't in your history books.

Col

Collapse -

I would love to find out more

by Aldanatech In reply to While the references are ...

Thank Col. You're right. I focus too much on the U.S. because I live here but would like to know more about the network security in other parts of the world such as the U.K. and Australia. Do you know where I can get such information on the Internet?

Back to Security Forum
29 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums