Professional Documents
Culture Documents
1 INTRODUCTION
2 PRIVACY
A definition of privacy according to the American Institute of Certified Public Accountants and the Canadian
Institute of Chartered Accountants in the Generally Accepted Privacy Principles standard is: The right and obligations of individuals and organizations with respect to
the collection, use, retention and disclosure of personal
information [1]. Privacy is essential for information protection. The advent of data networks and the growth of
many applications with access from the Internet make
privacy protection an important issue when a provider
offers web-based services components. Violations of privacy can be of different order, coming by interference or
interception, which would lead providers to strengthen
their security systems to prevent the entry of third-party
network in order to achieve a high level of privacy. In
turn, many applications by individuals should not be re
V. Snchez Padilla is with the Faculty of Electrical and Computer Engineering, Escuela Superior Politecnica del Litoral, at Guayaquil, Ecuador
3 THREATS
Several types of attacks have emerged (e.g., viruses and
Trojan horses, worms). A specialist in attack defined as
hacker" can break network securities to access a system
in which he/she is not allowed to. Years ago hacker
attacks were meant to corrupt data or demonstrate
vulnerabilities in operating systems. Nowadays,
unauthorized access can lead to sabotage, access to bank
accounts or financial reports, economical fraud, terrorism,
denial of supplies or services (e.g., energy, supply chain,
2014 JOT
www.journaloftelecommunications.co.uk
10
5 PENETRATION TEST
To reduce vulnerabilities, networking devices that run
along operating systems have bugs that require periodically patching and upgrading. Generally, vendors update
their devices asking to the end users operators or engineers to access to online tools. Patches and updates are
installed automatic as well. These tools are not necessarily
strong enough to keep save a network. Controlled attack
would be an excellent approach to know the vulnerabilities of the network.
Penetration test is the organizations ability to respond
a legal and authorized simulated intrusion. This test is
also known as ethical hacking, and the name can vary
according to the region or country. This type of
assessment is conducted with the intent of testing a
particular portion of the organizations security program
and is performed only against organizations with mature
security programs [3]. The process probes vulnerabilities
with backtrack tools and proper penetration testing will
end with recommendations for addressing and fixing the
failures or problems that were discovered during the test
[12].
Penetration testing results will come accompanied
with a report to show the performance of several steps in
the project. Documentation has to be explained with the
findings, explanations, and suggestions to improve or
increase the level of security [13].
Stages for this purpose have different classifications.
Most commons testing, but not limited, starts with a
planning to detail a controlled attack analyzing security
policies, postures, and risks. Then, a reconnaissance focus
comes to understand the viable threats to the
organization, in order to know the potential attacker. In
this stage, the expert has to define how information
gathering could be made by the attacker. Social
engineering is a way to obtain data assuming a possible
identity known for the victim, collecting information in
many forms, as phone calls, emails requesting data, faceto-face interaction [14], or even leaving an external unit of
data storage to produce the person who found it a
sensation to know what is inside. Once the person
introduced this unit to a USB port for example, a threat as
a virus can be spread out across a network target. [12].
Scanning comes as a technical stage during the
penetration test process to identify vulnerabilities and
determine a level of risk based on the potential of the
vulnerability. Well knowledge of command and its
functions is needed. As the hacker establishes a
connection with the target, a port scan using command
line or graphical user interface is imminent. There are
65,536 ports either TCP or UDP in the computers [12].
Hackers work trying to break the most frequently used
ports to access victims network.
Next, exploitation appears as a process of gaining
control over a system. This is an attempt to control the
6 CONCLUSIONS
It is important to balance the requirements of the
network, knowing resources that are useful or
demanding for determined group of users will have
different specifications or privileges for others. A
complementing approach can be the separation of
services in different levels with the help of risks analysis.
Logical and hardware access filters plus firewalls are
necessary to maintain security on top. Security policies
and procedures must compromise all members involved
to allow preparation for certificates and rules to keep up
to date the efforts of all of them to prevent attacks in the
network resources and infrastructure.
Hackers can spoof identities or mutate mediums to do
effective attacks. There are ways to avoid hacker attacks:
not clicking in links coming from suspicious or unknown
electronic mail senders, not installing software
disregarding a virus scan, keeping updated antivirus
software or firewalls running, just to mention some of
them. No one can guarantee websites or data transfer
resources are reliable at all, although a valid option to
prevent unauthorized access is to hire a security expert to
hack the organization (or individual) to test security
strengths and weaknesses.
ACKNOWLEDGMENT
The author wishes to thank Lt. Leigh G. Cotterell for his
reviews and comments regarding to the present paper.
REFERENCES
[1]
[2]
11
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]