To deal with hackers who break through office systems through the Internet it isimportant for information managers to understand their enemy well. If they havesound background knowledge about hackers, they might be prepared to deal withthem in a much more effective method.
Hackers are very educated often mostlyuniversity or high school students who try to break through systems for whichthey have no authorization. They deal poorly with people, have few friends andless relationships, but at the same time are very smart. Therefore they revertto computers because they know computers will not reject them. With bulletinboard communication they can form social relationships but those are behind thescreen, where hackers feel shielded. (Pfleeger, pp.12-13) Hackers justify thecrime of cracking through systems by stating that nobody gets hurt in thissituation.
Hacking can be done without having a conflict with any human. Hackersalso usually work in groups, and when they do so they become more dangerous tooffice systems. By sharing information they manage to put together a solutionthat would allow them to break in a office system. The news media has labeledhackers as mere children who play pranks.
(Pfleeger, p.13) Even Amy Wohl who isa noted information systems consultant states that “the hacker risk is thesmallest of the computer crime risks.” (Ray, p. 440) Amy Wohl’s statement isincorrect because due to the hacking of automated office systems millions ofdollars in damages have occurred.
According to the American Society forIndustrial Security (ASIS) the increase attacks by hackers through the Internethas jumped to 323% since 1992. Total losses to the U.S. industry areapproximately $2 billion per month. Thus it is very essential for informationmanagers to know about the different problems hackers can create for automatedoffice systems through the Internet.
(Anthes “Hack Attack.”, p.81) One ofthe main problems that hackers can cause is that they can break into officeelectronic mail (e-mail) messages. This can be especially dangerous for thoseoffice systems who use electronic mail as their main source of communication..
Electronic mail on the Internet is as confidential as a postcard. After thesender transmits the message, it travels from one network to another until itreaches its recipient. Therefore, hackers can easily break into electronic mailwhile it is traveling towards its destination. Further, when it reaches therecipient there will not be any evidence of tempering with the e-mail. (Rothfeder, p. 224-225) Another tool that hackers use is called a sniffer.
A softwarewhich can be easily planted in an organizations system, works like a concelleadrecorder and captures e-mail messages as they are exchanged. (Behar, p.35)Hackers value e-mail because it contains valuable information. They can findanything from secret strategic plans to log-in passwords required to get intothe office system. Once they have this vital information, hackers can haveaccess and cause major damage to the office system. (Rothfeder, p.
225) One ofthe victims of e-mail hacking was Wind River Systems. A software company, WindRiver Systems has a communication system where they exchange e-mail withcustomers on the Internet. By trying a few passwords on the office system,hackers were able to access the system of Wind River Systems in California andFrance. When a expensive bill for accessing the Internet came to Wind RiverSystems, they found that hackers had gotten in their communication system. WindRiver Systems discovered that due to the intrusions hackers obtained programmingcodes which could have the potential to hurt future performance of the company.
(Behar, p.33) Penetrating electronic mail is just one way hackers intrude anddestroy office systems. Banks who have established office system that provideonline banking services to clients also face problems. One of the first Internetbanks, Security First Network had to stop hackers from electronically breakinginto account files in the first few months of its operations.
In addition,Citibank’s office system was also hacked when a Russian hacker electronicallytransferred $11 million from New York to Finland, Israel, and California. Theseincidents leaves many banks in doubt whether they should have systems that arecapable of providing customer service on the Internet. Instead, banks such asChase Manhattan are collaborating with companies like Checkfree, Intuit, andMicrosoft. The reason is that these companies offer private consumer bankingnetworks that have powerful security schemes. Thus the cost of office automationwould be justified because hackers will not find it easy to break into thebanking networks protected by such firms as Microsoft.
In contrast, otherfinancial institutions such as Bank of America are willing to take the chanceand implement their systems so that they are capable of providing betterservices to customers on the Internet. (Rothfeder, p. 229) One more deadlytactic that hackers can employ against office systems is stop their connectionto the respective Internet serviece provider (ISP) that host almost a thousandcorporate web sites. This method is called denial of service whereby hackersinterfere with the office system communication such that office systems cannotgain accesss to its ISP.
When office systems communicate with their ISPs theyuse a three-way handshake process whereby they first send a signal, the ISPreceives that signal, and then the ISP re-sends the signal to the office systemso that a connection can be established. Hackers have found a way to disruptthis process by interfering with the last part of the three-way handshake.Instead of the signal going back to the office communication system the hackerdirects it to another direction. Thus, the office communication system neverconnects to its ISP and therefore cannot obtain mail or connect to other websites.
The nature of this attack creates ineffectiveness for office systems whohave implemented the Internet as part of their communication systems. There isno use for a communication system which cannot be used. Furthermore, if Hackerscan’t break into the system they can make many services of the Internetunavailable to the office. violates one of the goals of information security.This presents a serious challenge to office automation specialist who mustrealize now that even if their communication systems are tamper proof hackerscan still deny them external communication. (Cobb, pp.
37-38) To combat theattacks of hackers, office automation specialist can employ a number of tacticsthat would ensure that their office systems remain safe. Certain guidelines andtechnologies can be applied by information managers when they are in theanalysis and design phase of office automation. To begin with, informationmanagers must maintain guidelines that minimize risk when using the Internet.These guidelines can be in the form of rules for employee Internet usage. Themain intent of these guidelines is to limit the use of Internet for businesspurposes only. Most employees use the Internet for personal reasons such as whenthey surf sex and pornographic material on the Internet.
This not only createssecurity leaks for the office system, but also makes Olson’s Theory a strongphenomena in the office environment. Employees are less productive in their workwhich results in soft dollar loses for the company. Nonetheless, controllingemployee use of the Internet is nonproductive. The solution is to educateemployees about the proper use of the Internet, explain them the disadvantagethat occur if the Internet is used improperly, yet at the same time accept thefact that employees will still look at web sites that are not business related.Nevertheless, it is wise to develop detailed Internet polices in terms of usageso that employees know the consequences of wrong abuse. (Wagner, p.
55) Accordingto Barry Weiss, a partner at Gordon & Glickson, a Chicago law firm thatspecializes in information technology legal issues, for the Internet to be usedas a effective tool for communication companies need “to define policies andprocedures to avoid risk.” (Wagner, p.58) Another method in which companiescan protect their office systems from hackers is by asking employees to developand maintain smart passwords. Employees should not write down their passwordsand leave them near a computer. They should create password which relate topeople closely related to them.
Also they should not share their password withanyone and near should they store their passwords in the computer. Passwordsbecome hard to crack by hackers when they have both upper case and lower caseletters as well as digits and special characters. Further, the should be longand should be able to keyed in quickly so one can follow when typing on thekeyboard. (Icove, pp.
135-136) Having strict guidelines is one solution tominimize hacker intrusions. Employing technologies is another solution toaccomplish the same goal. One specific technology to implment in the officenetwork is called firewall. This tool combines the technology of hardware andsoftware and functions by protecting the office network when it is connected tothe Internet. A firewall analyzes data and accepts only the data that isapproved by the information manger.
The firewall collects all users in one areaand views whether they are performing an approved activity such as sendingelectronic mail to clients. Since all the activity has to pass and be approvedthrough one checkpoint this tool is useful for controlling data and keeping logsof the user’s activity. Adding a firewall in the office system can be done intwo ways. It can be purchased as a package from a vendor or it can be built.Logically it is cheaper to build a firewall, a good choice for those informationmangers who are operating on a strict budget.
(Anderson, pp. 106, 108) Whenbuying a firewall from vendors it can get very confusing since there are a lotof varieties and costs that each vendor offers. There are more than 40 vendorsin the market who offer new releases in less than a year. However, this trend isalso changing. The National Computer Security Association (NCSA) has developed aprogram which will make it easier for information managers to select a firewallfrom numerous packages.
It will do that by establishing performance standardneeded for an effective firewall. Based on this criteria it will test andcertify those firewall packages which meet its criteria. The certificationconcentrates on security threats that are high to a automated office systems.This includes how often the hackers attack the firewall, how easily they canpenetrate the firewall and how much damage they cause once they penetrate thefirewall.
Naturally, the lower the frequency in these criteria the more chancefor the firewall package being passed. Besides certifying firewall the NCSA willalso collaborate with vendors to create standard language for firewall andpublish more documentation so information managers have a chance to make abetter decision when they are thinking to implement firewall in their officesystems. (Anthes, “Firewall chaos.” P.51) A firewall is not the ultimatesolution because it can’t keep out viruses or traffic that goes to theinternal network though another connection, however “it is still the mosteffective was to protect a network that’s connected to the Internet”(Anderson, p.
106) Another method to protect data is the use of encryptiontechnology. This comes especially useful when data is sent through externalcommunication systems where there are great chances for it to be intercepted byhackers. Electronic mail can greatly benefit from this technology. Encryption isa software program which creates a key with two divisions. One is the public keyand one is the private key. The public key is given to those with whomcommunication is usually conducted.
After writing the electronic mail themessage is encrypted with the recipients public key. Due to encryption there isa digital lock placed on the message, so even if a hacker intercepts the mailwhile it is traveling to the recipient, the contents of the message areunobtainable. Upon receiving the message the recipient uses the software toverify that the recipients public key was used to encrypt the mail. After theconfirmation the software decrypts the encrypted message using the private keyof the recipient.
(Rothfeder, pp. 224-225) Moreover, two high tech companieshave teamed up to develop a hardware based encryption technology. This isspecially targeted to make electronic commerce more safer to carry out over theInternet. Separating the encryption functions from the processor and handlingthem through another hardware piece will make it much harder for hackers tointercept office data and also free up much processing power required to encryptlarge important business documents. Multiple applications can use thisencryption peripheral to make their data safe.
If hackers attempt to break intothe hardware encryption device the data will be immediately deleted and thuswould be useless for the hackers. (Vijayan, p.45) Lastly, corporations canout-source their security needs to special computer security firms whospecialize against hacker intrusion. One such company is Pilot Network Services.
Pilot’s client hook their office system networks to the company’s servicecenters around the country. This way Pilot is able to supply supervised Internetaccess. The system is run by a team of electronic specialist who monitor it on a24 hour basis. Happy clients such as Twentieth Century Fox value Pilot’sservices because they get around 30 intrusions daily which they are able toblock.
Sometimes Pilot’s engineer’s let the hackers in a officecommunication system to observe and learn about their activities so they can bemore knowledgeable on how hackers attack. (Behar, p.36) Other forces thatcorporations can out-source to protect their office systems are called tigerteams. These tiger teams hack their clients computer to point out weaknesses inthe communication system. This way the weaknesses can be corrected and thesystem protected. Tiger teams usually attack their client’s system through theInternet, but also warn that potential hazards can occur through other channelssuch as operating systems.
(Doolittle, p.89) In the current computingenvironment it is essential to have a security plan for those companies who usethe Internet as their main source of communication. If a plan does not exist thedamages can mean failure for a company. Consequently, it is essential forinformation managers to employ the solutions presented in this paper when theyare automating their office system.
BibliographyAnderson, Heidi. “Firewalls: Your First Defense” PC Today, May 1996:pp.106, 108-109. Anthes, Gary H. “Firewall chaos.
” Computer World, February1996: p. 51. Anthes, Gary H. “Hack Attack.” Computer World, April 1996: p.
81. Behar, Richard. “Who’s Reading your e-mail?” Fortune, February 1997:pp. 29-36.
Cobb, Stephen. “How Safe is the Internet?” Internet & JavaAdvisor, January 1997: pp.36-38,41. Doolittle, Sean.
“Special Forces OnCall” PC Today, May 1996: pp.89-91. Icove, David, Karl Seger, and WilliamVonStorch. Computer Crime. California: O’Reilly & Associates, Inc., 1995.
Pfleeger, Charles P. Security in Computing. New Jersey: Prentice-HallInternational, Inc., 1989.
Ray, Charles, Janet Palmer, and Amy Wohl. OfficeAutomation : A Systems Approach. 2nd ed. Ohio: South-Western Publishing Co.
,1991. Rothfeder, Jeffery. “No Privacy on the Net.” PC World, February 1997:pp.
223-229. Vijayan, Jaikumar. “Making the Web a safer place.” ComputerWorld, April 1996: p. 45. Wagner, Mitch.
“Firms spell out appropriate use ofInternet for employees.” Computer World, February 1996: pp.55,58.