-
8/9/2019 19 03 Hacking
1/8
12 I into IT
You can manage what you know about; it's what you don't
know about that creeps up and stabs you. For the IT
manager, computer hacking is one such sword of
Damocles for which sensible preventive
and detective measures have become
essential. And in common with other
disasters in waiting, infiltration should
feature in contingency planning.
For the benefit of those readers
unfamiliar with computer
hacking, N. Nagarajan of the
Office of the Comptroller
and Auditor General of
India gives an overview
and explains some of
the terms associated
with it.
The basics of pr ot ect ing against comput er hack ing
The hacker
Technically, a "hacker"is someone who isenthusiastic about
computerprogramming and all things computerrelated, and is
motivated by curiosity toreverse engineer software and to
explore.
-
8/9/2019 19 03 Hacking
2/8
into IT I 13
The term "cracker", on the other hand,
describes those who apply hacking skillsto gain
unauthorisedaccess to acomputer facility, often with
sinistermotives. But "cracking"never reallycaught on, perhaps due
to the greyarea that exists between the twoactivities and to the
media's widespreaduse of "hacking"as a term synonymouswith computer
crime. I will nottherefore try to buck the trend in
thisarticle.
Computer hacking
Hacking is in some ways the onlineequivalent to burglary; in
other wordsbreaking intopremises against thewishes of the lawful
owner - in somejurisdictions a crime in itself - fromwhich other
criminal acts such as theftand/or damage generally result.
Computer hacking refers to gainingunauthorisedaccess to, and
hence somemeasure of control over, a computerfacility, and most
countries now have
specific legislation in place to deterthose who might wish to
practice thisart and science. In some jurisdictions,unauthorised
access alone constitutes acriminal offence, even if the
hackerattempts nothing further. However, inpractice, hackers
generally have aparticular target in mind, so their unau-thorised
access leads to further acts,which national law might also define
ascriminal activities. These can besummarised under the headings
ofunauthorised:
G obtaining of confidentialinformation: perhaps the majorgrowth
area in computer crime is"identity theft", in other words
theobtaining of personal informationthat can then be used to
commitother serious offences, usually in
the area of fraud. However, other
motives include espionage (bothgovernmental and
commercialsecrets) and the obtaining ofpersonally sensitive
information thatmight be used for tracing people,deception and
blackmail;
G alteration or delet ion of dataand code: most organisations
nowdepend to some extent on comput-erised information systems, and
anyact resulting in significant corruptionor deletion of corporate
data could
have serious implications on theirability to transact
business;
G degradation or cessation ofservice: acts that result in
systemsbeing unable to carry theirworkload or that fail
altogether,could also have serious businessimplications;
G use of computer resources:this impact is really inherent in
theprevious three, but it's worthmentioning separately because
an
emerging problem is the use byhackers of other people's
systems(extending to home PCs) to storeillegally obtained data or
to mountattacks on other systems. There aredocumented cases of
systemshacked in this way - sometimesreferred to as "zombies"
becausethey are no longer in the full controlof their unsuspecting
owners -being used to store childpornography and material that
breaches copyright law (e.g.copyrighted music files), to
mountdistributed denial of service attackson other systems, and to
distributespam e-mail.
Finally, it's worth emphasising that theterm "hacker" applies
both to outsidersand to otherwise authorised personnelwho misuse
their system privileges, orwho impersonate higher privilegedusers.
This sad fact needs to berecognised when formulating corporate
security policy.
The Ten Immutable Laws o f Security
1 If a bad guy can persuade you to run his program on your
computer, it's
not your computer anymore.2 If a bad guy can alter the operating
system on your computer, it's not your
computer anymore.
3 If a bad guy has unrestricted physical access to your
computer, it's not
your computer anymore.
4 If you allow a bad guy to upload programs to your web site,
it's not your
web site any more.
5 Weak passwords trump strong security.
6 A machine is only as secure as the administrator is
trustworthy.
7 Encrypted data is only as secure as the decryption key.
8 An out of date virus scanner is only marginally better than no
virus
scanner at all.
9 Absolute anonymity isn't practical, in real life or on the
web.
10 Technology is not a panacea.
Source - www.microsoft.com/technet
-
8/9/2019 19 03 Hacking
3/8
Approaches to hacking
There are several basic strategies forhacking a computer
facility: physicalintrusion; password attacks; networkaccess; web
server attacks; and e-mailattacks, but there are a multitude
oftactics that can be used to implementthem. For example, security
flaws (or
design
weaknesses) in infrastructure softwareand communications
protocols offer
seemingly endless tactical possibilities,as is evidenced in the
never-endingstream of security updates (seeexample).
Physical int rusion: an attacker's workis made easier by gaining
physicalaccess to a machine's keyboard or tonetwork junction boxes.
Physical access
opens up such possibilities asinstalling a keystroke
logger1; installingunauthorised
hardware devices(e.g. linking a
modem thatbypasses the
corporate firewalls tothe network); tapping
junction boxes throughwhich network traffic
might be analysed; gainingaccess to system docu-mentation,
printouts andto written notes of theirpasswords left by
recklessusers. Even access to confi-
dential waste can prove fruitful.Perhaps the quickest and
easiest way togain physical access to an organisation'scomputer
facilities is to join thecontract cleaning force, which oftenworks
unsupervised and outside normal
office hours.Passwor d att acks: obtain a validpassword to the
system and youbecome just another legitimate user.This is
particularly dangerous wherethe hacked account has
specialprivileges assigned to it that permitwide-ranging system
access and use.A successful password attack is bothdifficult to
detect and difficult toprevent because password securitydepends
largely on the user. Keystroke
loggers and social engineering (seeterminology below) are
methods ofcapturing passwords, while peopleoften share their
personal passwordswith others, write them on notes thatthey attach
to their terminals, and failto change them periodically.
Passwordcracking programs perform anelaborate process of guessing
'weak'passwords by trial and error, usingcombinations of words from
differentlanguages, names (places, people,characters in books),
jargon, slang, andacronyms. These are tried backwards,in two-word
combinations, in combina-tions with numbers substituted forletters,
etc. Vendors often ship infra-structure software with the
administra-tor account passwords set to defaultvalues; because
these are widelyknown in the hacking community, theyprovide an easy
route into a computerfacility if left unchanged.
Network Access and Web ServerAttacks: computers forming part of
alocal area network that is in turn
14 I into IT
Just another security update for Microsoft Internet Explorer
Are You on a Network?
If your computer is part of a m anaged network, contact your
organization's system
administrator before making changes to your computer.
Why We Are Issuing This Update
A number of security issues have been identified in M icrosoft
Internet Explorer that
could allow an attacker to compromise a Microsoft Windows-b ased
system and then
take a variety of actions. For example, an attacker could run
programs on a computer
used to view the attacker's Web site. This vulnerability af
fects computers that have
Internet E xplorer installed. (You do not have to be using
Internet E xplorer as your Web
browser to be affected by this issue.) You can help protect your
computer by installing
this update from M icrosoft.
Source - Microsoft Security Bulletin M S03-032
1Hardware or software than captures the user's keystrokes,
including their passwords.
-
8/9/2019 19 03 Hacking
4/8
into IT I 15
connected to the Internet are exposedto a range of potential
logical accessrisks. A network's primary purpose isto permit users
to access resourcesand exchange information, but hackerscan also
use the network for the same
purpose. There are different ways toachieve unauthorised access
under thisheading, many being technically sophis-ticated. One set
of approaches exploitsfeatures of networking software thatmake it
accessible from outside thenetwork. Another set exploitsbrowsers;
for example, browsersmaintain or have access to informationabout
the user and computer that ahacker can exploit. A hacker could
alsocause a browser to launch an "applet"(a program that runs in
conjunction
with the browser) to hack thecomputer or network, or to send
backinformation that is not normallyaccessible from outside. Once
access isgained, "island hopping" through thenetwork is sometimes
possible byexploiting trusted relationshipsbetween interconnected
computers -the fact is that a network of computersthat trust each
other is only as secure asits weakest link.
The basic solutions to this family ofsecurity risks are to keep
abreast ofvendor security updates - such as theMicrosoft example
illustrated - and tomaintain an effective "firewall"2.
Email At tacks: e-mail is a major routeinto networked computers.
Typically, aTrojan horse program is buried withinan
innocuous-looking attachment to ane-mail message (see the
Autorooterexample). The Trojan is launched whenthe attachment is
opened (orsometimes viewed) and covertly passescontrol of the
computer to the hacker.
Managing commonvulnerabilities
A compromised system can be a self-inflicted injury due simply
to the basicprecautions having being ignored:
G ensure that your computer hasgood physical security,
consistentwith both its value in terms ofreplacement cost and the
conse-quences that could stem from itsdata being disclosed or
destroyed.Secure sensitive areas; manageaccess keys; consider
installingintruder alarms. Ensure communica-tions junction boxes
are securedand inspect them periodically for
signs of tampering - network admin-istration packages can detect
unau-thorised physical devices connectedto the network. Provide a
securewaste disposal service for computerprintouts and removable
media;
G formulate a sensible passwordpolicy for authenticating users
andenforce it. Consider the need tostrengthen password
authenticationwith tokens or biometrics. Disableunnecessary
services and accounts
promptly;
G systems administrators occupypositions of extreme trust;
itfollows that they should themselvesbe trustworthy. Be very
carefulwho you permit to have systemadministrator-level access to
your
network particularly when hiringnew staff or appointing people
tocover for absences. Considerimplementing a policy of
"leastprivilege"3 and review periodicallythe privileges that have
beenallocated, to whom and for whatpurpose;
G infrastructure software - inparticular the operating system
andfirewalls - generates logs thatrecord who is using (or
attempting
to use) the system, for whatpurpose and when. Thisinformation
can prove vital indetecting unauthorised activity - forexample,
attempted access to par-ticularly sensitive accounts or files -and
system use at unusual times.Logs should be reviewed frequently- it
may be necessary to develop orpurchase a log monitoring andanalysis
package to enable keysystem messages to be detectedquickly. An
unplanned increase in
2A combination of hardware and software that limitsexternal
access to networked computers and resource.
3The least level of privilege consistent with performing
aparticular role.
Autorooter
...a Trojan horse, potentially spread by e-mail, which exploits
a Windows vulnerability to
allow a hacker to gain control of infected computers.
This D COM -RPC exploit only affects Windows XP/2000 Pro/NT
computers, which can
use Remote Procedure Call. As the Trojan is incapable of
spreading by itself, the file
reaches computers through in fected e-mail messages, inside
files downloaded from the
Internet or even on floppy disks.
When run, Autorooter creates files, including RP C.EXE , which
exploit the operating
system vulnerability by opening communication port 57005 and
logging on w ith the
same privileges as the computer's user. It also downloads a file
called L OLX.EXE ,
which opens a backdoor in the computer. After that, the infected
computer is at the
mercy of the hacker who can gain remote control through the port
created.
Because it doesn't show any messages or warnings that may
indicate that it has
reached the computer, Autorooter is difficult to recognise.
-
8/9/2019 19 03 Hacking
5/8
disc storage, slower than expectednetwork performance
andsuspicious-looking outboundconnections can be other
indicatorsthat you have a cuckoo in the nest;
G make sure that your system files(including the Registry) are
wellprotected from unauthorisedchange. Apply the principle of
leastprivilege to limit what users are ableto do. Implement a
change controlprocedure to ensure at least twopeople are involved
in important
system changes and that all changesare recorded. Periodically
audityour system software for unautho-rised executables;
G never run or download softwarefrom an untrusted source
(thesource from which it was obtainedmight not be the same as
thedeveloper). If you run a web site,you should control closely
whatvisitors can do; in particular, youshould only permit programs
on the
site that you obtained from atrusted developer;
G typically, a new virus or Trojan doesthe greatest amount of
damageearly in its life when few people areable to detect it. Thus,
an out ofdate virus scanner is only marginallybetter than no virus
scanner. Newviruses and Trojans are createdvirtually every day, so
it's vital tokeep your scanner's signature file upto date -
virtually every vendor
provides a means to obtain freeupdated signature files from
theirweb site.
When you're satisfied that the basicsare both in place and
operating, whynot consider hiring a reputable firm ofsecurity
specialists to undertake a"penetration testing" programme toassess
the extent to which yourscheme of control rests on solidfoundations
rather than on sand?
Planning for hackingincidents
So, you discover that your system hasbeen hacked. What
next?Well, first it'snecessary to backtrack and considerplanning
for this possibility. Sit downwith colleagues and write down
astrategy to guide your response,exactly as you would for any
otheraspect of contingency planning. Whowill form your incident
response team?What are your goals going to be and inwhat order of
priority?In most casesthey are likely to be first, to
preventfurther intrusion, then to identify the
vulnerabilities that led to the attack,assess the damage and
consider whatremedial action needs to be taken (e.g.what would you
do were you tosuspect identity theft?). Will you assignresources to
identifying the intruder?Will you involve the police?
One of the first points to consider iswhether to disconnect from
yourexternal networks to limit damage andprevent further
infiltration to othertrusted networks. Assuming the attack
is external, remaining connected mayleave the hacker able to
observe andnegate the response team's actions.Organisations that
have reliable (i.e.
successfully tested) disaster recoveryarrangements in place may
find it com-paratively easy to transfer their keyoperations to a
disaster recovery sitewhile they thoroughly investigate andsanitise
their home site.
You should consider the extent towhich you back up your firewall
andother significant logs. Assuming the vul-nerability that gave
rise to the attack isnot apparent, you may need to lookback,
perhaps weeks, to identify whenand how the intrusion occurred
(another plus in favour of frequent logreviews). Furthermore,
should eventsfinish up in the hands of the police, thepolice are
likely to need the evidencecontained in your logs to support
aprosecution.
You will also need to consider who toinform when you discover
theproblem. This will involve striking abalance between those who
need to beinvolved in the investigation, topmanagement - but only
when you have
concrete proposals to make to them -and everyone else, at least
until theevidence has been preserved.
Investigation needs to be thorough;focusing on a single
vulnerability beforerestoring service might overlook theexistence
of backdoors that the hackerhas inserted to enable easy
re-entrylater. A thorough investigation willinvolve advanced
networkingtechniques, adeptness with softwaretools, system
administration,
data/system recovery, technical skillsthat might not be at your
immediatedisposal. Thus, it might be prudent in
16 I into IT
It's vital to appreciate that:
G security consists of both
technology and policy; that is,
it's the combination of the
technology and how you use it
that ultim ately determines how
secure your systems are;
G security is journey, not a
destination. It's not a p roblem
that can be "solved" once and for
all, but a continual series of
moves and countermoves
between the good guys and thebad guys;
G the key is to ensure that you
have good security awareness,
appropriate security policies
( that you enforce), and that you
exercise sound judgment.
The hackers' hit parade
Security firm Qualys produces a
real-time index of the vulnerabilities
that are the current f avourites of the
Internet's computer hacking
community. You can obtain details of
each vulnerability by clicking on each
entry in the 'ID' column of the vulner-
ability table.
http://www.qualys.com/services/threa
ts/current.html.
-
8/9/2019 19 03 Hacking
6/8
into IT I 17
your planning to identify reputablesecurity specialists well
versed inpenetration testing that might be calledupon to assist
with sanitising andrebuilding your systems.
In addition to identifying the systemvulnerabilities exploited
by the hacker,a critical review and reconciliation ofactivated
accounts (particularly those ofguests, supposedly disabled
accountsand those whose presence can't beexplained) and their
associated systemprivileges, while tedious, could revealother
unused entry points the hackerhas set up against a rainy day;
likewise,you should confirm the status of allinterconnected
'trusted' systems.
Scan the system for Trojans. These aretypically identified by
antiviruspackages, but their scan engines havevarying degrees of
success, particularlyif not up-to-date, so scan using (up-to-date
versions of) several packages.
Note: there is more information onincident response at...
http://www.cert.org/security-improvement/modules/m06.html
Conclusion
In the context of computer hacking,knowing what you do not know
ismanageable, hence the importance ofgood preventive and
detectivemeasures, such as log review andintrusion detection
systems. The lessfortunate are those who remain in self-inflicted
ignorance - maybe for weeksor months - that their system has
beeninfiltrated and their business is beingdamaged.
Regardless of the strength of yourpreventive and detective
measures, beprepared for hacking incidents, particu-larly if your
organisation relies heavilyon networks (the Internet, WANs andLANs)
for its operations and customerservices. Should you fall victim,
athorough investigation of acompromised system - whiledisruptive,
time-consuming, expensive,and tedious - is essential. Thetemptation
is to give in to pressure to
resume operations quickly by closingthe obvious vulnerabilities
and trustingto luck that the system is clean. Thatcould easily be a
false economy.
Some terminology
Buffer overflows - are due partly to acharacteristic of some
programminglanguages, such as C, which poorprogramming practices
thenexacerbate. An overflow occurs when a
program attempts to store more datain temporary storage area, or
"buffer",than it can hold. Since buffers are offinite size, the
extra informationoverflows into adjacent buffers therebycorrupting
or overwriting the valid dataheld in them. This would normallycause
a program failure or even asystem crash, but a skilfully
craftedoverflow can also be exploited as aform of security attack.
The attackercan gain control by creating anoverflow containing code
designed tosend new instructions to the attackedcomputer, hence the
relevance ofbuffer overflows to hacking.
Firewall - the online equivalent of the
'man on the door' who, when a visitorarrives in the foyer, asks
for proof ofidentity, checks the appointments book,contacts the
host, issues a temporarypass and perhaps inspects the
visitor'sbaggage before permitting - or denying- entry.
A network firewall sits at the junctionpoint or gateway between
twonetworks - usually a private networkand a public network such as
theInternet - its purpose being to reduce
the risk to networked computers ofintrusion. It may be a
hardware deviceor software running on a secure hostcomputer. In
either case, a firewall hasat least two network interfaces, one
forthe network it is protecting and one forthe untrusted network to
which it isexposed. Because firewalls cannotdecide for themselves
whether traffic ishostile or benign, they must beprogrammed with
rules (a "securitypolicy") that govern the types of trafficto allow
or deny.
In addition to guarding externalconnections, firewalls are
alsosometimes used internally to provideadditional security by
segregating sub-network that give access to highlysensitive
applications.
Honey Pots - decoy servers orsystems designed to gather
informationabout attackers. A honey pot, which isset up to be
easier prey for attackersthan genuine production systems,
incorporates modifications that enableintruders' activities to
be logged andtraced. The theory is that when anintruder breaks into
a system, they willreturn. During subsequent visits,additional
information can be gatheredand additional attempts at file,
security,and system access on the Honey Potcan be monitored and
saved. Mostfirewalls can be configured to alertsystem
administrators when theydetect traffic entering or leaving ahoney
pot.
Identit y theft - involves taking over anindividual's identity
by stealing criticalprivate information, such as the SocialSecurity
number, driver's license
Responding to intrusions
G understand the extent and
source of an intrusion;
G protect sensitive data contained
on systems;
G protect the systems, the
networks and their ability to
continue operating as intended;
G recover systems;
G collect information to better
understand what happened.
Without such information, you
may inadvertently take actions
that can further damage your
systems;
G support legal investigations.
Source: www.cert.org
-
8/9/2019 19 03 Hacking
7/8
number, address, credit card number,or bank account number. The
identitythief can then use the stoleninformation to obtain loans or
credit
lines to buy goods and services underthe stolen name. Identity
thievestypically change the consumer's mailingaddress to hide their
activities.
Int rusion detect ion - the art andscience of detecting when a
computeror network is being used inappropri-ately or without
authority. An IDsystem monitors system and network
resources and activities and, using
information gathered from thesesources, alerts system
administratorson identifying possible intrusion.
Firewalls (see above) work only at anetwork's point of entry
with packetsas they enter and leave the network.An attacker that
has breached thefirewall can roam at will through anetwork - this
is where an ID systembecomes important.
Intrusion Prevention - systemsmonitor for suspicious activity
with the
aim of proactively blocking potentialattacks. Typically, an IP
systemcomprises a software agent that residesnear to the host's
operating systemkernel, which monitors system callsbefore they
reach the kernel using arules engine to identify
potentiallysuspicious activity. This can then behalted, or the
systems administratoralerted. A drawback is that IP systemscan
respond to legitimate activities andgenerate false alarms.
Defining
exceptions can reduce such false alarms,but there are pros and
cons to this.
Keystroke logger (or keylogger) - isa program that runs in the
backgroundrecording all keystrokes. Once logged,the keystrokes are
returned to thehacker who peruses them carefully toidentify
passwords and other usefulinformation that could be used to
compromise the system, or be used in
a social engineering attack. Forexample, a keylogger will reveal
thecontents of all e-mail composed by theuser. Keylogger programs
arecommonly included in rootkits andremote administration Trojans.
Akeystroke logger can also take the formof a hardware device,
independent ofthe operating system, which plugs inbetween the
keyboard and the mainsystem (for PCs). They simply recordwhat is
typed at the keyboard; thehacker can later retrieve the device
and examine its contents.
Phishing - occurs when a consumerreceives a deceptively
legitimatelooking e-mail from what appears to bea reputable company
(see Spoofing).The e-mail might ask a recipient to, forexample,
update their credit cardinformation, and/or provide otherpersonal
details to avoid their accountbeing terminated. Another approach
isfor the sender of the message to offera service, for example to
protect their
credit cards from possible fraud. Thosestung by phishing are
victims of"identity theft" (see above).
18 I into IT
Example of a buffer overflow
vulnerability
The Phone Book Service that runs on
Internet I nformation Services (IIS) 5.0
has an unchecked buffer (a
temporary data storage area that has
a limited capacity but no specification
for the amount of information that can
be written into it) i n the code that
processes requests for phone book
updates. A specifically malformed
HTTP request from a malicious user
can cause a buffer overflow in thePhone Book Service, which
might
allow the malicious user to run unau-
thorized code on the server, or cause
the service to fail.
Source: extract from a M icrosoft
security update.
Attempted identi ty theft
National Australia Bank customers
became targets for an e-mail fraud in
which they were sent (grammatically
incorrect) requests, purportedly from
the bank, requesting them to connect
to the NAB w eb site."Dear valued customer,"it read, "Our
new security system will help you to
avoid frequently fraud transactions
and to keep your investments in
safety."The e-mail encouraged
recipients to click a link in the body of
the message, which then connected
them to a site that mimicked the NAB
Web site but that had been set up to
capture their login and password
details.
The scam used a message previouslyused to targeted other
banks'
customers.
-
8/9/2019 19 03 Hacking
8/8
Rootkit - a collection of tools andutilities that a hacker can
use to hidetheir presence and gather data to helpthem further
infiltrate a network.Typically, a rootkit includes tools to
logkeystrokes (see keylogger above),create secret backdoor
entrances tothe system, monitor packets on thenetwork to gain
information, and altersystem log files and administrative toolsto
prevent detection.
Social engineering - in his book, TheArt of Deception:
Controlling the H uman
Element of Security4
, arch hacker KevinMitnick poses the question: why
botherattacking technology when the weakestlink lies not in the
computer hardwareor software, but in humans who can betricked into
giving up their passwordsand other secrets?Mitnick goes on tostate
that social engineering "usesinfluence and persuasion to
deceivepeople by convincing them that the socialengineer is someone
he is not, or bymanipulation. The social engineer is ableto take
advantage of people to obtain
information with or without the use oftechnology."
Spoofing - in essence a technique thatdepends on forging the
identity ofsomeone or something else ("mas-querading"), the aim
being to alter thetrust relationship between the partiesto a
transaction.
In the online world, there are differentflavours of spoofing. A
hacker mightemploy sophisticated e-mail spoofing tomake it appear
that an e-mail requiringthe victim to confirm their accountdetails,
including such information astheir logon ID and password, has
been
sent by a reputable person or organisa-tion (see "phishing" and
"socialengineering" above).
IP spoofing is another common form ofonline camouflage, in which
a hackerattempts to gain unauthorised access toa computer or
network by making itappear that a packet has come from atrusted
machine by spoofing its uniqueInternet IP address. A
countermeasureis to use of a Virtual Private Network(VPN) protocol,
a method that involves
encrypting the data in each packet aswell as the source address
usingencryption keys that a potential attackerdoesn't have. The VPN
software orfirmware decrypts the packet andsource address, and
performs achecksum. The packet is discarded ifeither the data or
the source address
has been tampered with.
Trojan horse - a name derived fromthe classic Trojan horse in
Homer'sIliad. After spending many monthsunsuccessfully besieging
the fortifiedcity of Troy, the Greeks evolved astrategy. They
departed leaving behindthem as a gift a large wooden horse,which
the citizens of Troy brought intotown. Unknown to them the
horsecontained Greek warriors, who at nightjumped out and opened
the city gatesletting in the Greek army who hadbeen in hiding.
In the IT environment - and settingaside the legitimate use of
networkadministration tools - Trojans aregenerally considered a
class of"malware" that, like their predecessor,contain covert
functionality. They act asa means of entering a target
computerundetected and then allowing a remotehacker unrestricted
access and control.They generallyincorporate a rootkit(see
above).
into IT I 19
N. Nagarajan CISA joined the Officeof the Comptroller and
AuditorGeneral of India in 1989, and ispresently employed as Senior
DeputyAccountant General in Mumbai. Inaddition to his wide
experience inauditing IT (particularly in the field of
Electronic Data Interchange) and intraining staff in IT audit
skills,Nararajan has also worked as adeveloper of pensions
systems.
Nagarajan's international workincludes audit assignments at
theUnited Nations in New York, and atwo year secondment to the
Office ofthe Auditor General of Mauritiuswhere he was involved in
trainingstaff and in the audit of EDI systemsoperated by the
Customsdepartment. Nagarajan has beenpublished in a number of
internationaljournals.
About t he aut hor4
Wiley, ISBN 0-471-23712-4
