Hacker’s Hell 3439 - Essay Example

To deal with hackers who break through office systems through the Internet it is

We Will Write A Custom Essay Sample On
ANY TOPIC SPECIFICALLY
FOR YOU

For Only $13.90/page


order now

important for information managers to understand their enemy well. If they have

sound background knowledge about hackers, they might be prepared to deal with

them in a much more effective method. Hackers are very educated often mostly

university or high school students who try to break through systems for which

they have no authorization. They deal poorly with people, have few friends and

less relationships, but at the same time are very smart. Therefore they revert

to computers because they know computers will not reject them. With bulletin

board communication they can form social relationships but those are behind the

screen, where hackers feel shielded. (Pfleeger, pp.12-13) Hackers justify the

crime of cracking through systems by stating that nobody gets hurt in this

situation. Hacking can be done without having a conflict with any human. Hackers

also usually work in groups, and when they do so they become more dangerous to

office systems. By sharing information they manage to put together a solution

that would allow them to break in a office system. The news media has labeled

hackers as mere children who play pranks. (Pfleeger, p.13) Even Amy Wohl who is

a noted information systems consultant states that “the hacker risk is the

smallest of the computer crime risks.” (Ray, p. 440) Amy Wohl’s statement is

incorrect because due to the hacking of automated office systems millions of

dollars in damages have occurred. According to the American Society for

Industrial Security (ASIS) the increase attacks by hackers through the Internet

has jumped to 323% since 1992. Total losses to the U.S. industry are

approximately $2 billion per month. Thus it is very essential for information

managers to know about the different problems hackers can create for automated

office systems through the Internet. (Anthes “Hack Attack.”, p.81) One of

the main problems that hackers can cause is that they can break into office

electronic mail (e-mail) messages. This can be especially dangerous for those

office systems who use electronic mail as their main source of communication..

Electronic mail on the Internet is as confidential as a postcard. After the

sender transmits the message, it travels from one network to another until it

reaches its recipient. Therefore, hackers can easily break into electronic mail

while it is traveling towards its destination. Further, when it reaches the

recipient there will not be any evidence of tempering with the e-mail. (Rothfeder

, p. 224-225) Another tool that hackers use is called a sniffer. A software

which can be easily planted in an organizations system, works like a concellead

recorder and captures e-mail messages as they are exchanged. (Behar, p.35)

Hackers value e-mail because it contains valuable information. They can find

anything from secret strategic plans to log-in passwords required to get into

the office system. Once they have this vital information, hackers can have

access and cause major damage to the office system. (Rothfeder, p. 225) One of

the victims of e-mail hacking was Wind River Systems. A software company, Wind

River Systems has a communication system where they exchange e-mail with

customers on the Internet. By trying a few passwords on the office system,

hackers were able to access the system of Wind River Systems in California and

France. When a expensive bill for accessing the Internet came to Wind River

Systems, they found that hackers had gotten in their communication system. Wind

River Systems discovered that due to the intrusions hackers obtained programming

codes which could have the potential to hurt future performance of the company.

(Behar, p.33) Penetrating electronic mail is just one way hackers intrude and

destroy office systems. Banks who have established office system that provide

online banking services to clients also face problems. One of the first Internet

banks, Security First Network had to stop hackers from electronically breaking

into account files in the first few months of its operations. In addition,

Citibank’s office system was also hacked when a Russian hacker electronically

transferred $11 million from New York to Finland, Israel, and California. These

incidents leaves many banks in doubt whether they should have systems that are

capable of providing customer service on the Internet. Instead, banks such as

Chase Manhattan are collaborating with companies like Checkfree, Intuit, and

Microsoft. The reason is that these companies offer private consumer banking

networks that have powerful security schemes. Thus the cost of office automation

would be justified because hackers will not find it easy to break into the

banking networks protected by such firms as Microsoft. In contrast, other

financial institutions such as Bank of America are willing to take the chance

and implement their systems so that they are capable of providing better

services to customers on the Internet. (Rothfeder, p. 229) One more deadly

tactic that hackers can employ against office systems is stop their connection

to the respective Internet serviece provider (ISP) that host almost a thousand

corporate web sites. This method is called denial of service whereby hackers

interfere with the office system communication such that office systems cannot

gain accesss to its ISP. When office systems communicate with their ISPs they

use a three-way handshake process whereby they first send a signal, the ISP

receives that signal, and then the ISP re-sends the signal to the office system

so that a connection can be established. Hackers have found a way to disrupt

this process by interfering with the last part of the three-way handshake.

Instead of the signal going back to the office communication system the hacker

directs it to another direction. Thus, the office communication system never

connects to its ISP and therefore cannot obtain mail or connect to other web

sites. The nature of this attack creates ineffectiveness for office systems who

have implemented the Internet as part of their communication systems. There is

no use for a communication system which cannot be used. Furthermore, if Hackers

can’t break into the system they can make many services of the Internet

unavailable to the office. violates one of the goals of information security.

This presents a serious challenge to office automation specialist who must

realize now that even if their communication systems are tamper proof hackers

can still deny them external communication. (Cobb, pp. 37-38) To combat the

attacks of hackers, office automation specialist can employ a number of tactics

that would ensure that their office systems remain safe. Certain guidelines and

technologies can be applied by information managers when they are in the

analysis and design phase of office automation. To begin with, information

managers must maintain guidelines that minimize risk when using the Internet.

These guidelines can be in the form of rules for employee Internet usage. The

main intent of these guidelines is to limit the use of Internet for business

purposes only. Most employees use the Internet for personal reasons such as when

they surf sex and pornographic material on the Internet. This not only creates

security leaks for the office system, but also makes Olson’s Theory a strong

phenomena in the office environment. Employees are less productive in their work

which results in soft dollar loses for the company. Nonetheless, controlling

employee use of the Internet is nonproductive. The solution is to educate

employees about the proper use of the Internet, explain them the disadvantage

that occur if the Internet is used improperly, yet at the same time accept the

fact that employees will still look at web sites that are not business related.

Nevertheless, it is wise to develop detailed Internet polices in terms of usage

so that employees know the consequences of wrong abuse. (Wagner, p.55) According

to Barry Weiss, a partner at Gordon & Glickson, a Chicago law firm that

specializes in information technology legal issues, for the Internet to be used

as a effective tool for communication companies need “to define policies and

procedures to avoid risk.” (Wagner, p.58) Another method in which companies

can protect their office systems from hackers is by asking employees to develop

and maintain smart passwords. Employees should not write down their passwords

and leave them near a computer. They should create password which relate to

people closely related to them. Also they should not share their password with

anyone and near should they store their passwords in the computer. Passwords

become hard to crack by hackers when they have both upper case and lower case

letters as well as digits and special characters. Further, the should be long

and should be able to keyed in quickly so one can follow when typing on the

keyboard. (Icove, pp.135-136) Having strict guidelines is one solution to

minimize hacker intrusions. Employing technologies is another solution to

accomplish the same goal. One specific technology to implment in the office

network is called firewall. This tool combines the technology of hardware and

software and functions by protecting the office network when it is connected to

the Internet. A firewall analyzes data and accepts only the data that is

approved by the information manger. The firewall collects all users in one area

and views whether they are performing an approved activity such as sending

electronic mail to clients. Since all the activity has to pass and be approved

through one checkpoint this tool is useful for controlling data and keeping logs

of the user’s activity. Adding a firewall in the office system can be done in

two ways. It can be purchased as a package from a vendor or it can be built.

Logically it is cheaper to build a firewall, a good choice for those information

mangers who are operating on a strict budget. (Anderson, pp. 106, 108) When

buying a firewall from vendors it can get very confusing since there are a lot

of varieties and costs that each vendor offers. There are more than 40 vendors

in the market who offer new releases in less than a year. However, this trend is

also changing. The National Computer Security Association (NCSA) has developed a

program which will make it easier for information managers to select a firewall

from numerous packages. It will do that by establishing performance standard

needed for an effective firewall. Based on this criteria it will test and

certify those firewall packages which meet its criteria. The certification

concentrates on security threats that are high to a automated office systems.

This includes how often the hackers attack the firewall, how easily they can

penetrate the firewall and how much damage they cause once they penetrate the

firewall. Naturally, the lower the frequency in these criteria the more chance

for the firewall package being passed. Besides certifying firewall the NCSA will

also collaborate with vendors to create standard language for firewall and

publish more documentation so information managers have a chance to make a

better decision when they are thinking to implement firewall in their office

systems. (Anthes, “Firewall chaos.” P.51) A firewall is not the ultimate

solution because it can’t keep out viruses or traffic that goes to the

internal network though another connection, however “it is still the most

effective was to protect a network that’s connected to the Internet”

(Anderson, p.106) Another method to protect data is the use of encryption

technology. This comes especially useful when data is sent through external

communication systems where there are great chances for it to be intercepted by

hackers. Electronic mail can greatly benefit from this technology. Encryption is

a software program which creates a key with two divisions. One is the public key

and one is the private key. The public key is given to those with whom

communication is usually conducted. After writing the electronic mail the

message is encrypted with the recipients public key. Due to encryption there is

a digital lock placed on the message, so even if a hacker intercepts the mail

while it is traveling to the recipient, the contents of the message are

unobtainable. Upon receiving the message the recipient uses the software to

verify that the recipients public key was used to encrypt the mail. After the

confirmation the software decrypts the encrypted message using the private key

of the recipient. (Rothfeder, pp. 224-225) Moreover, two high tech companies

have teamed up to develop a hardware based encryption technology. This is

specially targeted to make electronic commerce more safer to carry out over the

Internet. Separating the encryption functions from the processor and handling

them through another hardware piece will make it much harder for hackers to

intercept office data and also free up much processing power required to encrypt

large important business documents. Multiple applications can use this

encryption peripheral to make their data safe. If hackers attempt to break into

the hardware encryption device the data will be immediately deleted and thus

would be useless for the hackers. (Vijayan, p.45) Lastly, corporations can

out-source their security needs to special computer security firms who

specialize against hacker intrusion. One such company is Pilot Network Services.

Pilot’s client hook their office system networks to the company’s service

centers around the country. This way Pilot is able to supply supervised Internet

access. The system is run by a team of electronic specialist who monitor it on a

24 hour basis. Happy clients such as Twentieth Century Fox value Pilot’s

services because they get around 30 intrusions daily which they are able to

block. Sometimes Pilot’s engineer’s let the hackers in a office

communication system to observe and learn about their activities so they can be

more knowledgeable on how hackers attack. (Behar, p.36) Other forces that

corporations can out-source to protect their office systems are called tiger

teams. These tiger teams hack their clients computer to point out weaknesses in

the communication system. This way the weaknesses can be corrected and the

system protected. Tiger teams usually attack their client’s system through the

Internet, but also warn that potential hazards can occur through other channels

such as operating systems. (Doolittle, p.89) In the current computing

environment it is essential to have a security plan for those companies who use

the Internet as their main source of communication. If a plan does not exist the

damages can mean failure for a company. Consequently, it is essential for

information managers to employ the solutions presented in this paper when they

are automating their office system.

Bibliography

Anderson, Heidi. “Firewalls: Your First Defense” PC Today, May 1996:

pp.106, 108-109. Anthes, Gary H. “Firewall chaos.” Computer World, February

1996: p. 51. Anthes, Gary H. “Hack Attack.” Computer World, April 1996: p.

81. Behar, Richard. “Who’s Reading your e-mail?” Fortune, February 1997:

pp. 29-36. Cobb, Stephen. “How Safe is the Internet?” Internet & Java

Advisor, January 1997: pp.36-38,41. Doolittle, Sean. “Special Forces On

Call” PC Today, May 1996: pp.89-91. Icove, David, Karl Seger, and William

VonStorch. Computer Crime. California: O’Reilly & Associates, Inc., 1995.

Pfleeger, Charles P. Security in Computing. New Jersey: Prentice-Hall

International, Inc., 1989. Ray, Charles, Janet Palmer, and Amy Wohl. Office

Automation : A Systems Approach. 2nd ed. Ohio: South-Western Publishing Co.,

1991. Rothfeder, Jeffery. “No Privacy on the Net.” PC World, February 1997:

pp.223-229. Vijayan, Jaikumar. “Making the Web a safer place.” Computer

World, April 1996: p. 45. Wagner, Mitch. “Firms spell out appropriate use of

Internet for employees.” Computer World, February 1996: pp.55,58.