I. Background of Hacking Protection (cont'd)
- Gaining Access
In this phase, hackers exploit vulnerabilities exposed during the reconnaissance and scanning phase. They might gain access through different paths such as direct access to a personal computer, the local area network (LAN), or the Internet. Common examples of vulnerabilities include stack-based buffer overflows, denial of service and session hijacking, of which the main objective is to gain the ownership of the system. Once a system has been hacked, the hacker possesses the control and can use that system as they wish.
- Maintaining Access
Hackers keep the access for future exploitation and attacks after gaining access. They may even harden the system and secure their exclusive access with backdoors, rootkits, and trojans to prevent other hackers. Once the hacker owns the system, they can use it as a base to launch additional attacks, in which the compromised system is also known as zombies.
- Covering Trackss
After all attacks, hackers would remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms to protect themselves. Examples of activities during this phase of the attack include steganography, using a tunneling protocol and altering log files. The purpose is to avoid detection by security personnel to continue using the compromised system and remove evidence of hacking to avoid legal action.
In response to various hacking activities, the following are some recommended protection techniques that a university should use to lower the risk of exploitation by the black-hat hackers.
- Introduction to Hacking
One of the most common infrastructures for enforcing information security is the firewall, which aims at restricting the access of inbound and outbound traffic through configuration of rule sets.
Stringent controls on physical access to the servers of a University system are not enough to protect the system itself. A lot of hacker's attacks come remotely from an external or internal network. Therefore a secure infrastructure is essential to lower the risk of remote attacks and better protect the University system.
- Intrusion Detection System
Intrusion Detection System (IDS) protects a network by collecting information from a variety of systems and network sources, and then analysing the information for possible security problems. It provides real-time monitoring and analysis of user and system activity.