• Home
• Case Studies
• Industry Verticals
• Solution Pavilions
  • Consulting and Integration
  • BPM / Workflow
  • Broadband, Data Hosting
  • BI, Performance Mgmt
  • Content / Info / Doc. Mgmt
  • CRM / Service Mgmt
  • ERP
  • HR, e-recruitment, Payroll
  • Internet Marketing
  • Mapping / Navigation / GIS
  • Mobile Business
  • SCM / RFID / B2B eCommerce
  • Unified Comms / VoIP / Conferencing
• NZ Event Diary
• About iStart

iStart Video

TXT2GET

iStart Australia

MyMobile

Online Security

Introduction

What are the Main Security Threats?

Unscrupulous types who think it's cool to let loose destructive code on the internet or pry into corporate databases to steal or damage data are forcing security issues to the front line of business concerns.

At the core of the knowledge economy is intellectual property, which is often documented and stored on computer hard disks and other storage and regularly needs to be moved from point to point using the internet or other forms of networking.

 With the increasing sophistication of computer-based crime, companies must begin with the assumption that their IT systems and information assets are vulnerable and look to take every step possible to establish ironclad security that can be regularly strengthened or updated to cope with the latest threats.

The internet has become a riskier place for businesses since the terrorist attacks of September 11 and there's little likelihood of the situation improving in the near future according to Internet Security Systems in its security incident report for the first quarter of 2002.

While the attacks hadn't prompted an obvious increase in large scale cyber attacks ISS says overall internet security has been hampered by a steady tide of denial of service attacks, as well as the rise of hybrid attacks including the propagation of worms such as Code Red and Nimda which spread through the web, email, file sharing, and instant messaging.

"Attacks are now global in scope and round-the-clock in incidence. There's no such thing as a low threat [level] on the internet. If you're going to connect to it, you better have a suit of armor," says Dennis Treece, director of the X-Force Special Operations Group at ISS in Atlanta.

The company compiled its data from more than 350 high-volume intrusion detection sensors managed by the company around the world saying the vast majority of attacks - nearly 70 percent - are being launched on server port 80, the same port that web traffic flows on.

Firewalls on their own cannot prevent this kind of unauthorised access and need to have additional intrusion and defence technology installed. Denial of service (DoS) attacks, hybrid threats, and port scans are typically launched over port 80. Port scanning is a common activity before an attack is launched and designed to discover details and vulnerabilities about networks. Experts predict there will be many more such worms and nasties released to attack corporate computer systems during 2002. The threat will grow for emerging areas of computing such as broadband, wireless and instant messaging.

Who needs to be concerned?

Any company which the integrity of its systems and the data contained within, including issues of customer privacy should be looking very closely at protecting its literal and electronic borders.

Hackers and crackers are constantly on the look out for security vulnerabilities in new or existing software, where the developer hasn't yet come up with a patch or where the company has failed to download the fix, which would eliminate the vulnerability.

The owners of storage and processing systems must take very specific steps to protect their assets and monitor their networks to counter the security threats.  Without a company policy that dictates how information should be stored and protected and who should have access to it there's a very real risk that a company may be put at significant risk.

If you don't have such policies in place along with firewalls, anti-virus scanners and intrusion detectors in place a business may not even know that its systems have been attacked or corporate secrets compromised.

No part of the enterprise can be left vulnerable and a range of solutions must be deployed to ensure data and the systems themselves are secure including anti-virus software, content filtering, firewalls and intrusion detection.

A joint project of the Computer Security Institute and the FBI's San Francisco computer crime squad found 90 percent of 540 respondents surveyed detected computer security breaches during 2001, and the 44 percent who were willing or able to name a dollar figure claimed a total loss of $US455.8 million dollars to hack attacks.

According to the survey, theft of propriety information resulted in an annual loss of $US170.8 million loss between March 2001-2002. E-business was cited as a prime target in the report, with financial fraud costing companies $US115.7 million.

Most experts agreed that e-borne viruses remain the most common threat to both home users and companies.

Common Terms

• Hackers or crackers: Unauthorised visitors to other people's computers or networks. Many hackers are content with simply breaking in and leaving their mark, others maliciously crash entire computer systems, stealing or damaging confidential data, defacing Web pages, and ultimately disrupting business.
  
• Viruses: Computer programs designed to replicate themselves and infect computers when triggered by a specific event.  Some are relatively benign, however others are more destructive, deleting files from a hard drive or slowing down a system.
  
• Trojan horse programs: Programs delivered with email or web pages containing destructive code which attach themselves to the operating system to activate at a later time. Trojans can delete data, mail copies of themselves to e-mail address lists, and open up computers to additional attacks.
  
• Reconnaissance or scanning attacks: Information gathering activities where hackers collect data typically through port 80 on the computer, used later to compromise networks. Usually, software tools, such as sniffers and scanners, are used to map out network resources and exploit potential weaknesses in the targeted networks, hosts, and applications.
  
• Access attacks: are conducted to exploit vulnerabilities in such network areas as authentication services and File Transfer Protocol (FTP) functionality in order to gain entry to e-mail accounts, databases, and other confidential information.
  
• Password attacks: A perpetrator gains unauthorized access to network passwords in order penetrate confidential information, these have been the most common type of attacks historically. When a hacker  cracks the password of a legitimate user, he has access to that user' s network resources and typically a very strong platform for getting access to the rest of the network.
  
• Denial of service (DoS): These attacks flood applications or servers with traffic in order to deny access to legitimate users. They tie up IS resources, and are usually created by hackers sending large amounts of jumbled or otherwise unmanageable data to machines that are connected to corporate networks or the Internet.
  
• Distributed Denial of Service attacks (DDoS): where an attacker compromises multiple machines or hosts.
  
• Root access Attacks: With root access, the hacker has full control of the system and can often collect enough information to gain access to the rest of the network and other partner networks.
  
• Spam: Unsolicited mail while usually harness can clog up the mail system and waste time and storage space.
  
• Internal threats: While most attempts to prevent security breaches are focused on the world outside the business internal threats are very real.  For example choosing easy to use passwords makes it easier for others to break into the network. Bringing in floppy disks from outside the business can spread viruses. Angry employees who have a beef with the boss or the company can purposely steal data or infect systems or write cost that can cripple software after they have left employment.