Chapter 35. Foiling the System Hackers

Hacking has been described as the electronic equivalent of breaking and entering. It is the deliberate gaining of unauthorized access to a computer system, usually through the use of communication facilities.

Consider how we protect our homes from breaking and entering. We restrict access by keeping doors and windows shut, by locking and bolting doors, especially if the house is empty or at night, and by use of alarm systems. These are all defense stratagems designed to deter or detect intruders. The level of deterrence depends on the degree to which we enforce our defenses (not leaving doors open or unlocked), the quality of those defenses (flimsy door or armor-plated door), and the desirability of entry (how valuable the known contents of the house are to the would-be intruder). Beyond these security deterrents there are those deterrents imposed by society through legislation. Thus if someone breaks into our house they are liable to be prosecuted in the criminal courts and may be sued for damages in the civil courts.

Having gained access to our houses the intruder may just browse through the contents of the house, or may steal assets (both tangible and intangible), or may cause malicious damage (either at the time or at a future time by use of a time bomb). This is exactly the same with intruders (hackers) in our computer systems.

There has been much written and said on the subject of hacking, much of which has concentrated upon whether or not ...

Get Auditor’s Guide to Information Systems Auditing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.