Cracking a corporation's IT system
By Thomas Kramer
- Release Date: 2002-02-06
- Genre: Computers
This report deals with how one can crack a company’s IT system. It is written from an attacker’s point of view who wants to penetrate the e-Fence company with an appropriate method. Therefore the weak points of the company are highlighted to determine in what areas the organization is vulnerable and which approach to chose. The technical and human factors in terms of weaknesses are described whereas the conclusion is drawn that there are heaps of security lacks in both areas. The technical flaws that are not removable in some cases as well as the incompetence of staff and managers pose a major threat to the entire company since the most important asset, the information, is not enough protected. As a second step the methods how to attack a company are described. The alternatives of using virus, worm and trojan horse program are emphasized and how they can enter the computer system of the organization. In most cases it is the floppy disk that carries the viral code to the nodes. But email attachments can often contain malicious code as well that can cause damage within the corporate network. In the following section the cracker’s impact on the organization is revealed. It is described how the code is brought into the company and how it is activated. Moreover it is figured out that it takes an activator, who must trigger the malicious application. The results are devastating. From erasing the local hard drive to recoding the file allocation tables those programs have the power to corrupt or even delete data on the computer. As one computer spreads the virus via the network on other computers the whole network will be infected soon. Much more damage can cause trojan horse applications. They gain the control over the victim’s computer and can log all the actions taken by the user. For instance typed passwords can be identified and sent back to the cracker. They are also capable to read, write or even delete data on the computer and can control the entire hardware of the system. As a counter measure it takes both the staff and the technical safety measures to be able to stop a cracker from doing his job. With the awareness and knowledge about security the staff is able to recognize security flaws and suspicious activities. Anti-virus scanners, firewalls, user restrictions might help to avoid being cracked by someone else.