//
you're reading...
Information Security, IT & TECHNOLOGY

Understanding Cyberhacking Tools and Techniques


ISACA-Logo

It seems like every day there is a new data breach or heist. Hackers break into corporate or government computers and swipe names, addresses, birth dates and those all-important US Social Security numbers. Consider these recent breaches:

  • Hackers hit the jackpot when they cracked the network at the US government’s Office of Personnel Management and accessed Social Security numbers, dates of birth and other personal information of more than 4 million federal workers.
  • Unidentified Russian hackers broke into an unclassified email system used by the US Joint Chiefs of Staff.
  • Gang members are using social media like many others do. In addition to the standard uses for social media, they post threats on social media that include a rival’s street—a practice known as online tagging. Posts and videos threatening rivals and others may accompany online postings.
  • In early February 2015, Anthem (one of the US’ largest health insurers) revealed that hackers had breached a database containing the personal information of 80 million customers and employees.

My recent Journal article focuses on Windows computers with an emphasis on all nonserver Windows computers. This includes Windows end-user devices, such as workstations, desktops, laptops, hybrids and tablets. Workstations are just as important to the security of an organization as servers. Of course, an insecure workstation only directly impacts one user (in most cases), while a server can impact thousands. But all of the biggest breaches in recent times have started with a compromised workstation, not a server. Even though servers and workstations run essentially the same Windows operating system, securing workstations is very different than servers.

The key differences that impact security include:

  1. Lack of physical security for workstations in general and the mobility of laptops and tablets.
  2. The usage of workstations (e.g., viewing videos) is different compared to the unattended background services dominant on servers.
  3. Workstations have much more interaction with untrusted web sites and parsing of Internet content.
  4. Workstations are used by less security-conscious and less technical end users.

Hardening servers is primarily about reducing the attack surface and keeping remote users from viewing more than the resources and services they are supposed to access. Hardening workstations, on the other hand, is very much about protecting end users from themselves. And there are usually many more applications installed on workstations than the typical server. Workstation security is actually more complex than server security.

As defenders, it is essential to understand these hacking tools and techniques. The idea of enforcing security policies at the workstation level and the use of active directory permissions to safely delegate administrative authority in a large enterprise offers the best strategy to cope with cybersecurity threats and other advanced attacks. Additionally, by providing corporate directors and government officials with meaningful intelligence on a regular basis, security professionals garner high-level support for building robust security systems and adopting processes and policies necessary to protect data.

Read Omar Y. Sharkasi’s ISACA Journal article:
Addressing Cybersecurity Vulnerabilities,” ISACA Journal, volume 5, 2015.

Omar Y. Sharkasi, CBCP, CFE, CRP

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 117,099 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,158 other followers

Twitter Updates

Archives

October 2015
M T W T F S S
« Sep   Nov »
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: