150 likes | 582 Views
Kizza - Computer Network Security. 2. Cyber Crimes and Hackers . The greatest threats to the security, privacy, and reliability of computer networks and other related information systems in general are cyber crimes committed by cyber criminals but most importantly hackers. The rise of the hacker factor, the unprecedented and phenomenal growth of the Internet, the latest developments in globalization, hardware miniaturization, wireless and mobile technology, the mushrooming of connected comp31354
E N D
1. Chapter 5: Cyber Crimes and Hackers Computer Network Security
2. Kizza - Computer Network Security 2 Cyber Crimes and Hackers The greatest threats to the security, privacy, and reliability of computer networks and other related information systems in general are cyber crimes committed by cyber criminals but most importantly hackers.
The rise of the hacker factor, the unprecedented and phenomenal growth of the Internet, the latest developments in globalization, hardware miniaturization, wireless and mobile technology, the mushrooming of connected computer networks, and societys ever growing appetite for and dependency on computers, have all greatly increased the threats both the hacker and cybercrimes pose to the global communication and computer networks
3. Kizza - Computer Network Security 3 Industry and governments around the globe are responding to these threats through a variety of approaches and collaborations such as:
Formation of organizations, such as the Information Sharing and Analysis Centers (ISACs).
Getting together of industry portals and ISPs on how to deal with distributed denial of service attacks including the establishment of Computer Emergency Response Teams (CERTs).
Increasing use of sophisticated tools and services by companies to deal with network vulnerabilities. Such tools include the formation of Private Sector Security Organizations (PSSOs) such as SecurityFocus, Bugtraq and the International Chamber of Commerce's CyberCrime Unit.
Setting up national strategies similar to the U.S. National Strategy to Secure Cyberspace,an umbrella initiative of all initiatives from various sectors of the national critical infrastructure grid and the Council of Europe Convention on Cybercrimes.
4. Kizza - Computer Network Security 4 The list of these crimes to include the following:
Unlawful access to information
Illegal interception of information
Unlawful use of telecommunication equipment.
Forgery with use of computer measures
Intrusions of the Public Switched and Packet Network
Network integrity violations
Privacy violations
Industrial espionage
Pirated computer software
Fraud using a computing system
Internet/email abuse
Using computers or computer technology to commit murder, terrorism, pornography, and hacking.
5. Kizza - Computer Network Security 5 Cyber crimes are executed in one of two ways:
penetration
denial of service
6. Kizza - Computer Network Security 6 Cyber Criminals Are ordinary users of cyberspace with a message. A number of studies have identified the following groups as the most likely sources of cyber crimes [19]:
Insiders: disgruntled insiders are a major source of computer crimes because they do not need a great deal of knowledge about the victim computer system. In many cases, such insiders use the system everyday.
Hackers: Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent. Since the mid-1980s, computer network hacking has been on the rise mostly because of the widespread use of the Internet.
7. Kizza - Computer Network Security 7 Criminal groups: A number of cyber crimes are carried out by criminal groups for different motives ranging from settling scores to pure thievery.
Disgruntled ex-employees: Many studies have shown that disgruntled ex-employees also pose a serious threat to organizations as sources of cyber crimes targeting their former employers for a number of employee employer issues that led to the separation.
Economic espionage spies: The growth of cyberspace and e-commerce and the forces of globalization have created a new source of crime syndicates, the organized economic spies that plough the Internet looking for company secrets. As the price tag for original research skyrockets, and competition in the market place becomes globe, companies around the global are ready to pay any amount for stolen commercial, marketing, and industrial secrets.
8. Kizza - Computer Network Security 8 Hackers Currently the word has two opposite meanings.
a computer enthusiast as an individual who enjoys exploring the details of computers and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary.
a malicious or inquisitive meddler who tries to discover information by poking around.
9. Kizza - Computer Network Security 9 History of Hacking The history of hacking has taken as many twists and turns as the word hacking itself has. One can say that the history of hacking actually began with the invention of the telephone in 1876 by Alexander Graham Bell. For it was this one invention that made internetworking possible and also made the first hacking act possible.
There is agreement among computer historians that the term hack was born at MIT
Engressia, commonly known as The Whistler is the grand father of phone phreaking; born blind but with a high pitch which he used to his advantage. He used to whistle into the phones and could whistle perfectly any tone he wanted. He discovered phreaking while listening to the error messages caused by his calling of unconnected numbers and was usually disconnected.
10. Kizza - Computer Network Security 10 John Draper, a Vietnam veteran, commonly known as Captain Crunch, took this practical whistling joke further and discovered that using a free toy whistle from a cereal box to carefully blow into the receiver of a telephone, produces the precise tone of 2600 hertz needed to make free long distance phone calls
With the starting of a limited national computer network by ARPANET, in the 1970s, a limited form of a system of break-in from outsiders started appearing. Through the 1970s, a number of developments gave impetus to the hacking movement.
11. Kizza - Computer Network Security 11 The debut of the personal computer (PC) in 1981 when IBM joined the PC wars, a new front in hacking was opened.
The PCs brought the computing power to more people because they were cheap, easy to program, and somehow more portable
On the back of the PC was the movie WarGames in 1983. The science fiction movie watched by millions glamorized and popularized hacking. The 1980s saw tremendous hacker activities with the formation of gang-like hacking groups.
12. Kizza - Computer Network Security 12 Types of Hackers There are several sub-sects of hackers based on hacking philosophies. The biggest sub-sects are:
Crackers - A cracker is one who breaks security on a system. Crackers are hardcore hackers characterized more as professional security breakers and thieves.
Hacktivists - Hacktivists are conscious hackers with a cause. They grew out of the old phreakers.
cyber terrorists - Based on motives, cyberterrorists can be divided into two categories:
the terrorists
information warfare planners.
13. Kizza - Computer Network Security 13 Hacker Motives Since the hacker world is closed to non hackers and no hacker likes to discuss ones secrets with non members of the hacker community, it is extremely difficult to accurately list all the hacker motives. From studies of attacked systems and some writing from former hackers who are willing to speak out, we learn quite a lot about this rather secretive community.
Their motives are many and varied including:
Hacker ethic
Vendetta and/or revenge
Jokes, Hoaxes, and Pranks
Terrorism
Political and Military Espionage
Hate
etc
14. Kizza - Computer Network Security 14 Dealing with the Rising Tide of Cyber Crimes Most system attacks take place before even experienced security experts have advance knowledge of them.
Most of the security solutions are best practices as we have so far seen and we will continue to discuss them as either preventive or reactive.
An effective plan must consist of three components:
prevention,
detection,
analysis and response.
15. Kizza - Computer Network Security 15 Prevention - is probably the best system security policy, but only if we know what to prevent the systems from. Among those possible approaches are the following:
A security policy
Risk management
Perimeter security
Encryption
Legislation
Self-regulation
Mass education
16. Kizza - Computer Network Security 16 Detection - In case prevention fails the next best strategy should be early detection. Detecting cyber crimes before they occur constitutes a 24-hour monitoring system to alert security personnel whenever something unusual (something with a non-normal pattern, different from the usual pattern of traffic in and around the system) occurs.
Recovery - Whether or not prevention or detection solutions were deployed on the system, if a security incident has occurred on a system, a recovery plan, as spelled out in the security plan, must be followed.