This paper explores the fast growing Cyber world and its components over the internet. The fast growing Internet has benefited the modern society in the form of e-commerce, e-mail, online banking or system, advertising, vast stores of reference material, etc. But, there is also a dark side, where internet becomes a common and easy tool for the criminal activity using a weak link and vulnerability of internet. In this paper, the author concentrated over several hacking activity that come under Cyber crime. It also highlights the role of ethical hacker to evacuate from the culprits and cyber crime and illustrate on proactive approach to minimize the threat of hacking and Cyber crime.
“Security is a state of well being of information and infrastructure in which the possibility of successful yet undetected theft, tempering and disruption of information and services are kept to low tolerable.” [1]
Protecting a network and data, computer program, other computer system assets from unwanted intruders, and unauthorized user [1-2].
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
There are following security services issues as given below [3-5].
The word “Hacking” term refers to the hobby/profession of working with computers. It describes the rapid development of a new program or reverse engineering of the existing software to make code better and efficient. Hacking divided into two terms: [6-8]
The practice of breaking into computers without malicious intent, simply to find security hazards and report them to the people responsible. Ethical hacker refers to security professional who apply their hacking skills for defensive purpose and constructive purpose [9-12].
Unethical Hacking is “cracking”. Cracking activities is breaking the computer security without authorization or using technology, or tools (usually weak links of a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity. So, cracker refers to person who uses hacking skills or computer system knowledge for an offensive purpose [13-15].
Cyber crime is the leveraging of a target's computer and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. According to Kevin G. Coleman at al., Cyber crime is defined as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives or to intimidate any person in furtherance of such objectives.”
Ethical Hacker is a network and computer security professional who apply their knowledge and skills for a defensive purpose. Roles of an ethical hacker are followed [16-18]:
Unethical hacking is a cyber crime and being used as a prominent arm to make crime and cause million harms every day [19-21].
Most cruel face of this unethical hacking, are to hack the account, identity, penetrating in unauthorized network or system and sniffing the data, etc., not only for money but also to spread terrorism. 9/11 demolition is example of such kind of hacking which shocked the whole world and challenged the USA’s network security. In this terrorist attack, all information are transferred over network using a new technique called stenography through which, all the encoded textual information was hidden into funny images by advanced program [22].
The damage was not done to a person, but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March 1999. It spread rapidly throughout the computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars damage to the computers worldwide [23].
An IDS monitors network traffic for any suspicious activity and alerts the system or the network administrator. IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. There are Network based (NIDS) and Host based (HIDS) Intrusion Detection Systems. Host Intrusion Detections Systems (HIDS) run on individual hosts or devices on the network and Network Intrusion Detection systems (NIDS) are placed at a strategic point within the network to monitor traffic to and from all devices on the network [25].
A firewall is a system that is set up to control traffic flow between two networks. Firewall is an effective means of protecting the network system from the threats and a single choke point that keeps an unauthorized user out of the protected network, and also prohibits potentially vulnerable services from entering and leaving the services [26].
A packet filtering firewall applies a set of rules to each incoming packets and then, forwarding or discarding them. These rules are based on source IP, port no, UDP, TCP, etc., [27].
A port scanner is a program which attempts to determine a list or range of open TCP, UDP, etc., ports on a list or range of IP addresses. Port scanners are used for network mapping and network security assessments. So, we have knowledge to disable (close) all doors (port) to prohibit the pirates for entering into the network [28].
IPSec is a protocol suite which is used to secure communication at the network layer between two peers. When end-to-end security is required, it is recommended that, additional security mechanisms such as IPSec or TLS, can be used inside the tunnel, in addition to L2TP tunnel security [14].
“Internet Security Association and Key Management Protocol (ISAKMP) ” is a protocol for establishing Security Associations (SA) and cryptographic keys in an Internet environment. ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation e.g. denial of service and replay attacks [12][13].
Network auditing software is an important security tool. It provides the IT administrators with a two-pronged approach to network security. First, it provides an accurate view of the entire network and subnets, making it easier to spot any open ports, unaccounted for components or other discrepancies. Second, it allows a prompt action to protect against any open vulnerability. Network security is not just about protecting an individual computer; it is also about identifying and correcting the vulnerabilities found in the entire network. Network auditing is fast indispensable tool in the maintenance of a healthy network [17].
A network-based scanning assessment might detect extremely critical vulnerabilities such as, miss configured firewalls or vulnerable web servers in a DMZ that could provide a stepping stone to an intruder and allow them to quickly compromise an organization's security. Network scanners provide a comprehensive view of all operating systems and services running and available on the network [16].
Host-based scanners detect signs that an intruder has already infiltrated a system. These hacker traces include suspicious file names, unexpected new files, or device files found in unexpected places. Network and host-based scanning technologies provides the best vulnerability assessment for measuring an organization's security risks [15].
DMZ is a firewall configuration for securing LAN. DMZ is a buffered zone that is placed between the trusted network (LAN) and un-trusted network (WAN or Internet). This is considered as a Screened subnet or a separate network. DMZ is an additional firewall rule, meaning that, incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall. So, DMZ is a technique to protect the web server, data server, mail server and also the network from pirates [10],[11].
802.11 wireless LAN protocols (i.e. Wi-Fi protocol) have become the most popular protocol for wireless networking. So Wi-Fi network are most vulnerable, if the network administrator is completely aware about the security issues. So hacker can penetrate into the network by hiding their identity. Two WEP and WPA protocols are used to protect the wi-fi network. WEP (Wireless Equivalent Privacy) is an optional encryption standard for Wi-Fi network, implemented in the MAC layer. WEP uses a secret 40 or 64-bit key to encrypt and decrypt datagram. Wi-Fi Protected Access (WPA) is a certification (Authentication) program created by the Wi-Fi Alliance. WPA improves on the authentication and encryption features of WEP. One of the key technologies behind, WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP [8][9].
Internet is serving the modern society in several ways. But, It has several security breaches. These security breaches can be misused by black hats for offensive purposes. So, it is mandatory to determine the vulnerable points of the information system. There are various tools like firewall, gateways, IPSec, DMZ, network auditing, etc., evaluating the breaches and mitigating them by using tools and taking proactive action against them for averting from disaster. Few precautions and proactive actions can eliminate the hazard and cyber terrorism.
