As time progresses, so do we. We have come a long way from the time when postmen used to deliver mails to us and it took weeks to send messages. Even the early stage of development of computers seems a long way back. At present, we have very fast and efficient processors and internet, a large computer network around us which enables us in sharing information and communication within a few seconds. With such a great advancement, we have become so accustomed to the technology around us that it is difficult to imagine a life without it. But with the benefits we take advantage of, there are many weak links in the technology that we use; and those weaknesses can be easily exploited.
Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorized access to or control over computer network security systems for some illicit purpose. This is one of the many definitions. Hacking and related cyber-crimes are rampant nowadays. In times like these, it is very important to keep oneself safe from these crimes. Here comes the necessity of ethical hacking.
An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. Just as diamond cuts diamond, malicious hacking attempts on a system can be prevented by ethical hacking, that is letting ethical hackers attack the system under owner’s supervision to find out the security flaws. They use the same techniques to test and bypass a system's securities as their criminal counterparts. Instead of taking advantage of any vulnerabilities found, they provide advice on how to fix them so that the organization can improve its overall security.
Ethical hacking first started in around 1970s, when the US government used groups of professional called “Red Teams” to hack its own computer systems. Since then, it has expanded into a big market as we live in a digital age where technology and internet have become inseparable parts of our lives. Staying connected to the internet lets any organization connect with the whole world. Here comes the need to get their systems tested and making changes wherever required so that they function without hindrances.
But why do we actually need ethical hacking? What are we actually protecting? The answer is data. Everything we do online either creates data or uses and modifies already created data. For example, the banking system stores financial information of its customers and databases for the social media contain users’ personal information. Cyber-crimes happen to either steal that data or destroy it. To manage these data, we have database management systems and to protect it, we implement security measures. Data security is the main priority for organizations of every type. Examples of data security technologies include disk encryption, backups, data masking and accidental or deliberate data deletion.
One of the emerging advancement in the field of education, online learning and Massive Open Online Courses (MOOCs), have eased the availability of quality education to the masses. Their reach and importance have been increasing gradually. Employability on the basis of online certification is also becoming more acceptable with time. For this reason, data security becomes extremely important when it comes to hosting and opting for MOOCs. Now the question is, what are the risks involved? There are problems such as plagiarism and data misuse but another more important security issue related to online learning is inconsistent user authentication. This means that a malicious hacker could pose as someone who is a registered user of a course. After gaining access to the user’s account, the hacker could disrupt the course progress or plagiarize the contents, but more gravely than those, s/he could steal the certificates.
Security vulnerabilities are commonly found in Learning Management System (LMS). LMS helps educators create online dynamic web contents for students. One such popular LMS is Moodle which is open source, which means it is available by anyone for download free of cost. To ensure the security of the users, some MOOC platforms such as Coursera have developed identification mechanisms based on keystroke biometrics like typing patterns. However these mechanisms can be unreliable and privacy intrusive. An approach to solve this is Secure Learning Management System (SLMS) that uses the security properties of a Public Key Infrastructure. Educational Data Mining techniques are also used to extract knowledge from large data sets of the log files in the MOOC platforms. These information include IP addresses, timestamp, user navigation etc. and can be used to build a model for user authentication.
These advancements do surely help in dealing with the crimes against data security in every aspect of technology, but more importantly, people need to be made aware and informed about the risks that arise with the use of new technology. This awareness is the first and essential step towards the security of the important data one hosts in and shares with the digital world.
This article is written by Aditya, an intern with the E-QUAL - Jadavpur University team. He is a final year student of Electrical Engineering at Jadavpur University, Kolkata.
No comments:
Post a Comment