Monday, May 7, 2001		Article

PART-2
How are hackers different from crackers?
By H.S. Jatana

INCIDENTS can broadly be classified into several kinds — The probe, scan, account compromise, root compromise, packet sniffer, denial of service, exploitation of trust, malicious code and the Internet-infrastructure attacks.

A probe is characterised by unusual attempts to gain access to system or to discover information about the system. One example is an attempt to log into an unused account. Probing is an electronics equivalent of testing doorknobs to find an unlocked doors for easy entry. A scan is simply a large number of probes done using an automated tool.

An account compromise is the unauthorised use of a computer account by someone other than the account owner, without involving system-level or root level privileges. An account compromise might expose the victim to serious data loss, data theft or theft of services.

A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. The goal of denial-of-service is to prevent legitimate users of a service from using it. A denial-of-service attack can come in many forms. Attackers may ‘flood’ a network with large volumes of data or deliberately consume a scarce resource, such as process control blocks or pending network connections. There may be attempts to disrupt connections between two machines, thereby preventing access to service; attempts to prevent a particular individual or a specific system from accessing a system.

Hackers: These are seemingly harmless persons. Their main intention is to seek information rather than causing harm. They may also have the intention to prove that a particular site is not secure. Those who hacked the Microsoft site are examples of these sort of persons.

Crackers: These cause real harm/damage to the sites by destroying data or tampering with them.

Freakers: These specialise in breaking into telephone networks and can cause substantial damage by tampering with billings and metering.

Many early network protocols that now form part of the Internet infrastructure were designed without security in mind. Without a fundamentally secure infrastructure, network defence becomes more difficult. Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and emerging technology.

Because of the inherent openness of the Internet and the original design of the protocols, Internet attacks in general are quick, easy, inexpensive and may be hard to detect or trace.

An attacker does not have to be physically present to carry out the attack. In fact, many attacks can be launched readily from anywhere in the world and the location of the attacker can easily be hidden.

Even so, many sites place unwarranted trust on the Internet. It is common for sites to be unaware of the risks or unconcerned about the amount of trust they place on the Internet. They may not be aware of what can happen to their information and systems. They may believe that their site will not be a target or that precautions they have taken are sufficient.

Because the technology is constantly changing and intruders constantly develop new tools and techniques solutions do not remain effective indefinitely. It is necessary for companies to constantly introduce newer security measures as often as possible.

Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of the network, accompanied by rapid development of network services involving complex applications. Often, these services aren’t designed, configured or maintained securely.

Compounding the problem, operating system security is rarely a purchase criterion. Commercial OS vendors often report that sales are driven by customer demand for performance, price, ease-of use, maintenance and support.

As a result, off-the-shelf operating system is shipped in an easy-to-use but insecure configuration that allow sites to use the system soon after installation.

These hosts/sites are often not fully configured from a security perspective before connecting. The lack of secure configuration makes them vulnerable to attacks, which sometimes occur within minutes of connection. Finally the explosive growth of the Internet has expanded the need for well-trained and experienced people to engineer and manage the network in a secure manner.