Computer Security - Computer Hacking: The Essential Hacking Guide for Beginners (2015)

Computer Hacking: The Essential Hacking Guide for Beginners (2015)

Chapter 3. Computer Security

Before we can begin to explore the key concepts and techniques of hacking, it is helpful to first understand the basics of computer security. As hacking is the act of breaking through security measures of computer systems, an understanding of these systems is vital to any hacker who hopes to penetrate them. Computer security is applied to computers, smartphones, computer networks (public and private) and the entire Internet in order to protect devices, data and services.

Digital equipment is protected from unauthorized access by computer security, to ensure that data is not stolen, changed or deleted and to maintain the smooth running of systems. In present-day society, where digital culture forever growing, protecting these systems is extremely important and thus the field of computer security is forever growing and developing. Part of computer security is protecting the physical equipment from theft, whereas the other part of computer security is information security, to protect the data itself (and this is where hacking comes into play.)

However, sometimes these two fields overlap because if there is a breach in physical security (e.g. if a laptop is stolen) then it becomes much easier for the individual to succeed in a breach of information security, since they have the piece of equipment and it is therefore easier to access data than it is remotely.

Cyber security encompasses all security measures in place to protect a computer’s data, and includes procedures such as awareness training, penetration testing, and the use of passwords to confirm authorization in order to protect data both when it is in transit and when it is simply being stored. The financial cost of being a victim of a computer security breach is considerable and as a consequence there is a lucrative market for anti-virus and computer security protection.

Computer security is a huge field because of our present-day reliance on technology. Almost every industry uses computers to a greater or lesser extent, and therefore the extent and variety of computer security measures is vast. There are some areas, however, where computer security is particularly important because they are especially vulnerable to breaches in security.

One of these is the area of financial systems, because hackers can make a profit by stealing data and consequently accessing funds. Any website that requires somebody to enter their credit card numbers are often targeted because a hacker can immediately transfer money to their own account, or spend the victim’s money online.

Even if the hacker themselves do not directly use the person’s bank details, they may also sell the information illegally, in order to distance themselves from the crime and attempt to avoid being caught. It is not only online that a person’s data can be stolen; in-store card machines and cash points can also be rigged to collect personal information and thus gain access to funds.

People are becoming increasingly aware of this risk when doing online shopping or entering their card details, and therefore various measures are being put in place including using passwords and answering security questions. The aviation industry is another field in which computer security is of the upmost importance, because the consequences of a breach in security can range from the publication of confidential information, to the loss of expensive equipment and human life.

There are various reasons why the aviation industry may become subject to a computer security attack, depending on the motivation for the crime. These motivations include sabotage and espionage in the military aviation industry, and industrial competition and terrorism in the commercial aviation industry. Air traffic control is one of the aviation industries most vulnerable systems, because any attack can be difficult to trace, and are relatively simple because it only requires a spoof message on the radio.

There are those who seek to exploit computer vulnerabilities (either due to thrill seeking, to make a political/social statement or for financial gain) and of course on the other side those who work to uphold computer security again such threats. Somebody with knowledge of technology, and the ability to hack into computer systems, can therefore either become involved in the illegal and unethical form of hacking (otherwise known as cracking), or serve the other side by identifying threats, improving security measures and alerting companies to the vulnerabilities in their systems.

For those whose aim is to protect computer security, there are various countermeasures to guard against damaging hacking, whereby the risk of being vulnerable to a breach of computer security can be minimized or eliminated. These precautions vary in cost and complexity, but can include: intrusion detection systems (to detect threats and also analyze attacks after the event), the use of account controls (passwords and encryption of data); and the installation of firewalls (providing either hardware or software package filtering of certain forms of attack.

Precautions against a computer system being compromised by attack include making steps to prevent attack, ensure any potential attacks are detected, and the ability to respond to an attack to prevent further damage.

However, despite there being a range of countermeasures available, computer systems still remain vulnerable to attack and it is certainly not uncommon for a computer to have its security compromised. The first reason why attempted security violations still occur is that the police are often unfamiliar with computer technology and as a result do not have either the skill or the inclination to solve the crimes and apprehend the criminals responsible.

Furthermore, any investigation of such matters requires a search warrant in order for an officer to examine the entire network and this can make the procedure extremely time consuming. Another difficulty in ensuring computer security is that in the age of globalization, in which information can be shared throughout the world using the internet, and technology can spread data extremely easily, identifying and apprehending those responsible is particularly difficult.

The reason for this difficulty is that a hacker might be working from one jurisdiction, while the system they are hacking into is in a different jurisdiction. Furthermore, a hacker can use various techniques (such as a temporary dial-up internet) in order to ensure their anonymity. The third problem is due to the high number of attacks that occur.

Organizations can be subject to many attacks and therefore are unable to pursue every security threat. A computer user would benefit from taking precautionary measures in order to ensure their computer security, as once a breach of security has occurred there is not much that can be done to rectify it.