Jain Temple

Hot Spots

India Links
Call Home


Art & Culture
Book Shelf



About Us

Contact Us
About Us

Article by Mohan Babu

Title:  Safeguarding vital information

Information security continues to be a serious concern for managements all over the world. MOHAN BABU lists the various techniques used by hackers, including use of human skills, also known in the industry as “social engineering”, to get insiders in an organisation to spill out vital details about the security

The significance of digital security continues unabated as we move into a new year, and all the major software vendors, including Microsoft, IBM, Oracle, et al, have promised to attack the threat at its roots by making the software and operating systems more impregnable. The recent spate of virus and worm attacks have brought home the significance of informational security, both for corporate and personal users. Of course, the viruses make a point by crippling computer systems and communication across the globe, causing billions of dollars in losses. For instance, the recent Blaster worm and SoBig virus attack, which crippled networks is making business leaders question the integrity of their systems, computers and e-mails, on which the corporate world has come to rely on so much.

Being a techie at heart, with a strong affinity towards the sweet-spot where the interests of business and technology converge, I spent the recent few weeks talking to peers in the industry and reading up a bit on security, the significance of securing systems and what exactly hackers can do to systems. The more I talked and read, the more intriguing the topic beca-me. And, it is not just me taking an interest in information security. Even business magazines and management journals have started running detailed features on virus attacks and security, a testimony to the seriousness with which managements are looking at this issue.

Types of threats

A recent Harvard Business Review article, titled “The myth of secure computing” talks about three main categories of threats to digital security:

  • Network attacks, which are waged over the Internet.
  • Intrusions, where attackers actually penetrate an organisation’s internal IT systems.
  • Malicious code, consisting of viruses and worms.

Network attacks can slow network performance, degrade e-mail and other online services, and cause millions of dollars in damages. And all of this can be done without breaching the internal workings of an IT system. Denial of service (DoS) attacks is a kind of network attack that disables computers by flooding them with an overwhelming number of messages. As the computers try to respond to each of the thousands of messages, their resources are consumed and they often crash. Most new enterprise security tools can thwart common network attacks, and even if the systems are knocked out, the damage is rarely permanent.

Intrusions differ from network attacks because the intruders actually penetrate an organisation’s internal IT systems. Hackers use human skills, also known in the industry as “social engineering,” to get insiders in an organisation to spill out vital details about the security. The description of different social engineering tactics would take a book in itself, but needless to say, these con-artists use a general tendency among employees to help their colleagues. They also take recourse to common sense after getting some basic information. For instance, after they predict that in an organisation the user names follow the convention of ‘jdoe’ for John Doe, the next task is to guess the passwords.

Surprisingly, even that is easy to guess, in most cases people frequently use birthdays, children’s names, or even the word “password.” Once inside the system, intruders masquerade as genuine users to create havoc. They alter software, and sometimes create “backdoors” that can later be used by other hackers. Since the crime here is being committed from inside, it is harder to detect, and even when system administrators realise that a system has be-en hacked, they find it harder to detect the changes made by the intruders.

Malicious code consists of viruses and worms which can wreck havoc faster than human hackers. Viruses need help replicating and propagating, whereas worms do it automatically. Because they are propagating themselves through the systems and networks, their targets can be random, making it impossible to predict where they’ll hit next.

Software companies regularly play ‘cops and robbers’ with hackers. The cops include tools like the virus guards in their arsenals and are employed by security software companies and information security departments of organisations. Giving his views on security, Stephen H Wildstrom, a noted columnist, in a recent Business Week column says, “There are two things that every computer owner should do right away. First, run antivirus software on every computer, and make sure it is set up to receive automatic updates. If the short-term subscription that comes with your new computer has expired, renew it. Second, everyone running Windows 2000 or XP should be running critical software fixes from Microsoft’s Windows update service.”

While this advice may sound like a lot of common sense, computer owners, even large organisations fail to regularly update their computer system security, leaving them vulnerable. Case in point, a whole month before the infamous Blaster worm hit the cyberworld, Microsoft had posted a patch. Systems which were running the patch were unaffected but a lot of systems which hadn’t bothered to update were hit by the virus. For more details on virus protection software, visit the Internet portals of McAfee (, Norton (





About the Author

  • A Bio and profile of the author, Mohan Babu, can be found at his homepage
  • Mohan has authored a book on Offshoring and Outsourcing (Publisher McGraw Hill, India), a link to which can be found here
  • Mohan has also authored an Online book on "Life in the US," available for free download.
  • Sponsored Advert

    Advert: Visitor's Travel Insurance

    Click for free online Quotes


    For FAQ, Trivia and Information on Life in America, visit the Ask-A-Desi section

    ©Mohan Babu: All Rights Reserved 2005

    Mohan Babu is an international consultant trying to find the ‘sweet spot’ where IT meets business. E-mail: mohan He is also the author of a recent book on "Offshoring IT Services"

    All rights are reserved. Mohan Babu ("Author") hereby grants permission to use, copy and distribute this document for any NON-PROFIT purpose, provided that the article is used in its complete, UNMODIFIED form including both the above Copyright notice and this permission notice. Reproducing this article by any means, including (but not limited to) printing, copying existing prints, or publishing by electronic or other means, implies full agreement to the above non-profit-use clause. Exceptions to the above, such as including the article in a compendium to be sold for profit, are permitted only by EXPLICIT PRIOR WRITTEN CONSENT of Mohan Babu. 

    Disclaimer: This document represents the personal opinions of the Author, and does not necessarily represent the opinion of the Author's employer, nor anyone other than the Author. This Article was originally published in Express Computers


    GaramChai® 1999-2005