H is for…

Hacking

I’m pretty sure that you’ve all heard the term “hacking”, and you probably know that it has negative connotations. But what exactly is it?

Put simply, it’s trying to get access to a computer or network using vulnerabilities in the security of the target. Note that I don’t necessarily say software: people can be hacked too, which is effectively what social engineering is. I won’t go onto social engineering here as it’ll be covered under “S is for…” later this year, so for the moment I’ll concentrate on hacking software.

Almost all software has errors in it which can be used to make the software do things the manufacturer didn’t intend. The bad guys know this, and spend a lot of time looking for those errors, then writing their own software to make use of these vulnerabilities (weaknesses): this process is called writing exploits.

The bad guys have a number of ways of getting their exploits to run on your systems: phishing emails are perhaps the most common and well known method, as are infected websites which download and install software in the background.

The best ways to protect your systems from hackers are:

  • Change your passwords regularly and enforce long, complex passwords for administrator level accounts
  • Keep patching and antivirus updated
  • Ensure your systems are vulnerability scanned, preferably penetration tested, on a regular basis
  • Ensure you / staff are trained to spot phishing emails

Hacktivism

Hackers who attack systems in support of a specific cause are engaging in hacktivism. Organisations like Anonymous rose to attention because they attracted hacktivists supporting different causes to attack companies which were involved in those causes.

Hybrid cloud model

As the name suggests, this kind of model is a mix of cloud and on-premise service provision. Some of the data / servers being used are in data centres run by your organisation, and some are in the cloud.

D is for…

Dark Web

Most of us are familiar with the Internet, and using search engines such as Google and Bing to find information we need. Those operate in a part of the World Wide Web that is often called the Surface Web. It seems like we can find a huge amount of data on the surface web, but in actual fact it’s only about 5% of all material that is available online. A large portion of the remaining data is found on the Deep Web – see below – but there’s a very murky area which is hidden away and can only be accessed by using special web browser software, the most well known being The Onion Router, or ToR. Most users will never have cause to visit this area, because it’s where various illegal web sites / services are found, including drugs, stolen goods, child abuse, false identity documents, counterfeit money etc. It’s therefore an area where criminals globally congregate to deal in and share their services.

Data Centre

A data centre is typically a large room – or set of rooms – with multiple servers in it. It can vary in size from one room with a few racks of servers, to a site with many thousands of servers. Typically they will have redundant power supplies, some form of backup solution, and will often provide services to multiple companies at the same time. Some organisations will run their own data centres, some will outsource their services to a Third Party, and some will operate a mix.

Data centres are typically where cloud services live. Companies such as Microsoft, Google and Amazon offer multiple data centres across most of the continents.

DDoS

Distributed Denial of Services (DDoS) are a method of attack on a company’s services (typically internet based, like web sites or file sharing). They are carried out by multiple internet connected devices including PCs, laptops and IoT machines, often using botnets. The word Distributed is used to signify that the devices are spreads around, possibly even al over the globe.

When a DDoS attack is carried out, the target is overwhelmed by multiple messages being sent from all the devices in the botnet, to the extent that it is rendered unusable.

A way of thinking of this is if you have a crowd of people trying to get through a door. If they move one at a time through the door, there’s no problem. If everyone tries to get through the door at the same time, it will become blocked and take time to become unblocked.

Deep Web

As mentioned above in Dark Web, the Deep Web makes up a huge proportion of the World Wide Web. The sites in this area are not indexed, which means they can’t be found by search engines like Google and Bing, but that doesn’t mean that they are providing illegal services.

Deep Web sites are typically where you can find information that isn’t really for public consumption, but which is used by special interest groups. This will include research groups, academic communities, file sharing sites etc. Users access the sites only if they know the exact address, but can use standard browsers such as Internet Explorer and Chrome – other browsers are available.

Decryption

Decryption is how cryptography makes messages readable again after they have been encrypted. Depending on how data is encrypted, decryption may happen automatically, or you may have to carry out a specific routine using special software.

Disaster Recovery

Disaster Recovery (DR) is most commonly seen as the provision of the IT part of a Business Continuity Plan. It’s about getting your IT systems back up and running within set timescales in order to enable key resources to work as normal.

For example, if you’ve planned to move to an alternate location in the event of an outage with your business, your DR solution will probably include appropriate network connections, having enough desktop or laptop devices available and having the relevant data and software available from the alternate location.

It’s not uncommon for businesses to run tabletop exercises to work out who would do what in the event of a problem, but it’s also a good idea to actually test that the plan works. For example, if your DR plan is to have 20 people up and running within 4 hours at the alternate site, but there are only 10 devices available for them to use at the site, then your plan will fail.

It’s important to note that when testing your plan, things not working are good things to find. It’s better to find that out during a test than when you actually need it.

DOS

Denial of Service (DOS) is similar to DDoS, but instead of being based on multiple devices acting concurrently, is based on a single device. That single device will send multiple messages consecutively at a very high rate, with the aim of overloading the target device.

Tubes

This book by Andrew Blum is a fascinating insight into what the internet physically looks like. It starts with the author wondering where the wire goes from his house, how it joins other wires and how does data go round the world. He visits a site where an undersea cable is being brought ashore, and he gets as close as most people can to a Google data centre.

The journey takes in some of the history of the internet, how it started and where. The author even visits some of the first sites and machines which were connected as part of the nascent World Wide Web,

I appreciate that it’s a little bit nerdy, a little bit geeky, but I found it a really interesting read. I’d recommend it to anyone with a passing interest in how the world is connected now.