December 1, 2007

How Hackers Get Your Data: (Part 2 of 3)

In part one of this series we discussed two primary ways hackers can get to your data, so assuming you have a strong password, and a good anti virus, how else can hackers breach your security and get at the data you are trying to protect?

  1. Software Flaws: Every piece of software is composed of thousands if not millions of lines of code. Essentially what this code is, is a set of instructions for the computer to follow in order to preform what ever function the software is designed to. With so many individual instructions, usually written by teams rather than a single person, there are bound to be oversights and errors made by the people who write and design it, and despite multiple levels of quality control and testing, some of these oversights still make it into the production releases of the software. The problem is that sometimes these oversights exposes weaknesses in software, and when the piece of software is made to manage things like client information or financial data, these weaknesses become targets for hackers who try to exploit them. Depending on the exploit a hacker finds and the piece of software it is in, the problems experienced can range from data just being inaccurate or being deleted, to the hacker being able to take full control of your computer.

    The best way to protect your self from these types of exploitation techniques is to make sure you keep your software up to date. Once a manufacture releases software, they will typically release updates for it as well to fix the exploits once they are discovered. For pieces of software made by Microsoft, the updates can be downloaded from their website updates.microsoft.com. Most other manufactures also post the updates on their websites, and many even build a feature into their software to download the updates automatically, Microsoft builds this feature into Windows and it is called "Microsoft Automatic Updates" Be sure to check often for updates, becasue many times not only do they fix bugs in the software, but they add functionality as well.

  2. Infrastructure Flaws: Instead of trying to find exploits in the software you use, hackers may instead try to target the technology infrastructure of your company. A common weak point in a companies, and even in residential computer set ups are the wireless network connections. Unlike a wired connection, data transmitted via a wireless connection really can just be pulled out of thin air. With the proper equipment (a wireless antenna) it is possible for a computer to intercept and data you are sending or receiving on a wireless network as long as they are within range. In addition to being able to intercept your data, they can also connect directly to the computers on your network or servers that your company has, if they are able to do this, they can install viruses or use one of the other techniques describe previously to gain access to what ever data they need.

    The best way to protect against this type of attack is to use a strong encryption on your wireless network, and also limit how far you are broadcasting your wireless signals. I wrote an entire post dedicated to tips on securing wireless networks, and it can be found here.

    In addition to securing your wireless connection, you also want to make sure the wired connections to your network are secure. If you are in an office building, or just a large office, have your IT disable any extra network ports, otherwise an intruder can come in without you noticing and connect their laptop.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google