This report deals with how one can crack a company’s IT system. It is written from an attacker’s point of view who wants to penetrate the e-Fence company with an appropriate method. Therefore the weak points of the company are highlighted to determine in what areas the organization is vulnerable and which approach to chose. The technical and human factors in terms of weaknesses are described whereas the conclusion is drawn that there are heaps of security lacks in both areas. The technical flaws that are not removable in some cases as well as the incompetence of staff and managers pose a major threat to the entire company since the most important asset, the information, is not enough protected. As a second step the methods how to attack a company are described. The alternatives of using virus, worm and trojan horse program are emphasized and how they can enter the computer system of the organization. In most cases it is the floppy disk that carries the viral code to the nodes. But email attachments can often contain malicious code as well that can cause damage within the corporate network. In the following section the cracker’s impact on the organization is revealed. It is described how the code is brought into the company and how it is activated. Moreover it is figured out that it takes an activator, who must trigger the malicious application. The results are devastating. From erasing the local hard drive to recoding the file allocation tables those programs have the power to corrupt or even delete data on the computer. As one computer spreads the virus via the network on other computers the whole network will be infected soon. Much more damage can cause trojan horse applications. They gain the control over the victim’s computer and can log all the actions taken by the user. For instance typed passwords can be identified and sent back to the cracker. They are also capable to read, write or even delete data on the computer and can control the entire hardware of the system. As a counter measure it takes both the staff and the technical safety measures to be able to stop a cracker from doing his job. With the awareness and knowledge about security the staff is able to recognize security flaws and suspicious activities. Anti-virus scanners, firewalls, user restrictions might help to avoid being cracked by someone else.
Table of Contents
1 EXECUTIVE SUMMARY
2 THE WEAK POINTS OF A CORPORATION
2.1 TECHNICAL WEAK POINTS
2.2 HUMAN WEAK POINTS
3 ATTACKING THE CORPORATION
3.1 HOW TO CRACK THE COMPANY
3.1.1 Virus
3.1.2 Worms
3.1.3 Trojan horses
3.2 METHODS TO SEND VIRAL CODE INTO THE COMPANY
4 THE IMPACT ON A CORPORATION
4.1 ACTIVATING THE INFILTRATED CODE
4.2 THE RESULTS EXPECTED FROM THE ACTIVATED VIRII
5 COUNTER MEASURES
6 CONCLUSIONS
7 REFERENCES
Objectives and Research Focus
This report investigates the vulnerabilities of corporate IT systems from an attacker’s perspective, aiming to identify how security breaches occur and how they can be mitigated. The primary goal is to provide a comprehensive analysis of the technical and human weaknesses that enable unauthorized access and to evaluate effective defense strategies.
- Analysis of technical vulnerabilities in Intranet and remote access systems.
- Examination of human factors and the role of security policy awareness.
- Classification and operational mechanisms of viruses, worms, and trojan horses.
- Evaluation of preventive measures and best practices for corporate IT security.
Excerpt from the Book
3.1.1 Virus
A virus is a computer program that has the intention to replicate itself among the files of a single computer when an infected application is run. It does not spread itself from one computer to another, that’s where humans come in. Virus programs are executable code that spread via e-mail attachments, trade programs (shareware) on floppy disks or just by copying files to another host.
The majority of computer viruses also carry a payload. This is the damage that they will do to a system after some period of time and that can range from a message on the screen to deleting the computer’s hard disk. There are multiple categories and variations of virii, like macro virii, file infectors, boot sector infectors, multi-partite virii, polymorphic virii, stealth virii or retro virii.
Chapter Summary
1 EXECUTIVE SUMMARY: This chapter provides an overview of the report's intent to analyze IT vulnerabilities from an attacker's perspective, highlighting significant gaps in both technical and human security protocols.
2 THE WEAK POINTS OF A CORPORATION: This section examines how Intranet integration creates vulnerabilities, specifically focusing on password management, remote access flaws, and the impact of personnel's careless security attitudes.
3 ATTACKING THE CORPORATION: This part details the methods used to penetrate corporate networks, categorizing the operational mechanics of viruses, worms, and trojan horses.
4 THE IMPACT ON A CORPORATION: This chapter describes how malicious code is activated within a network and explains the destructive consequences, such as data corruption and unauthorized system control.
5 COUNTER MEASURES: This section outlines strategic defenses, including firewall implementation, traffic monitoring, and the necessity of employee training to prevent further infections.
6 CONCLUSIONS: This chapter synthesizes the findings, concluding that the lack of rigorous security mechanisms leaves the organization highly susceptible to undetected attacks.
7 REFERENCES: This section provides the bibliography of sources and external materials consulted for this study.
Keywords
IT Security, Intranet Management, Computer Virus, Trojan Horse, Worms, Data Protection, Network Security, System Vulnerability, Password Management, Firewall, Remote Access, Malware, Cyber Defense, Information Security, Corporate IT
Frequently Asked Questions
What is the core focus of this assignment?
The assignment explores the vulnerabilities of a corporation's IT system by analyzing potential attack vectors, specifically focusing on how malicious code can compromise network security.
What are the central themes of the work?
The central themes include the intersection of technical flaws and human error, the classification of various malware, and the critical importance of security maintenance and policies.
What is the primary objective of this report?
The objective is to reveal security gaps within a corporate organization to understand the methods used by attackers and to formulate effective counter-measures against them.
Which methodologies are used for this analysis?
The report utilizes a descriptive analytical approach, examining current security literature and common exploit methods to demonstrate how an attacker might penetrate an internal corporate network.
What topics are discussed in the main body?
The main body covers technical and human weaknesses, the mechanics of viruses, worms, and trojans, methods for infiltrating a company, and strategies for system defense.
How can these keywords describe the work?
Keywords such as "IT Security," "Malware," "Vulnerability," and "System Defense" accurately characterize the academic and technical nature of this research into corporate network protection.
How does the report distinguish between viruses and trojan horses?
The report highlights that viruses are primarily focused on replication and destructive payloads, whereas trojan horses are designed to gain unauthorized control and access to confidential company information.
Why is the human factor considered a significant weakness?
The author argues that human factors, such as the willingness to share passwords over the telephone and the failure to follow formal security procedures, pose a threat equal to or greater than technical flaws.
- Quote paper
- Thomas Kramer (Author), 2000, Cracking a corporation's IT system, Munich, GRIN Verlag, https://www.grin.com/document/1895
