Hacking Explained With a Simple Analogy
by Adam Arnold
How often have you started to read something you thought may be valuable to you, only to put it down a few moments later, completely lost because of the use of technical language and industry jargon? The IT industry can be especially guilty of this. However, since this is need-to-know information, we’ve decided to go over a few crucial security concepts by representing your business security with a locked door.
Brute Force Attack
If a robber really wanted to get at the valuables you had in your house, they would get past your locked door by any means necessary–including breaking through a window, or kicking in the door if need be. This display of brute force is a straightforward, if inelegant, means of getting the robber into your house.
A hacker uses brute force in a similar fashion, but instead of using physical force, they will overwhelm a system through other means. Some will use specialized programs to generate random password after random password extremely quickly, overwhelming the target system. As such, this attack vector can be particularly potent.
You hear a knock at your door, and when you answer it, someone is there, holding their arm and wincing. They say their car is in a ditch and ask to use your phone. You say yes, bringing them to your phone, and don’t think of it again–until your house is robbed when you aren’t looking. Turns out, while you were leading them to the phone, this person swiped your wallet, a few other valuable trinkets, and a spare key so they could come back later. In short, they leveraged your trust and then betrayed it.
Named after the subterfuge horse the Greeks used to infiltrate the city of Troy, a computer Trojan Horse operates in a similar way, sneaking in a threat under the pretense of something else or while their target is distracted by some other threat. The Trojan will then steal information gradually, as to not cause alarm.
The easiest door to get past is an unlocked door, so most burglars will likely look for an easy way to unlock it. Perhaps your front door has a window on it. It would be much easier for someone to break a window and unlock the door than it would be to break down the door entirely.
The window in the door could be considered a security exploit, a weakness that provides a way around the strong security that is in place. Possible exploits include mismanagement of sensitive data or problematic code. All it takes is a single vulnerability to open your network to greater threats.
What’s better than a lock to secure an entryway? That’s right, two locks. It’s even better if there are two types of locks. Two-factor authentication provides dual locks to gain access to your company’s network. By having a system in place that has you enter a set of credentials to unlock another set of credentials, you make it much more difficult for people who aren’t granted access to enter that entryway.
Let’s say that you have a new neighbor that you get to know, and, to you, it has become a friendship. You ask these people to feed your pet, leaving instructions and the keys to your house. When you get home, the pet has destroyed your home and you have some items missing. Your “friend” robbed you.
Social engineering is the art of taking calculated approaches to data theft. Since getting into a computing network is more difficult than having someone with access do it for you, victims of social engineering fall for a ruse, and end up letting people walk right out the “front door” with the items they planned to steal in the first place.
Do you need help securing your data? If they answer is yes, you need to come up with a plan. We help our clients every day to reach safer business practices. Give us a call, together we can protect your valuable data information.