Post on 19-Oct-2014
description
Network SecurityJuly 1, 2013
Who are the enemies?HackersUnaware StaffDisgruntled StaffSnoops
HackersComputer enthusiasts
who breaks in and leave their footprints
Crackers-more malicious, crashing entire computer system, stealing, damaging, confidential data, defacing web pages and disrupting business
Some amateur hackers merely locate hacking tools online and deploy them without much understanding of how they work or their effects.
Unaware employeesEmployees can unconsciously
cause other security breaches including the accidental contraction and spreading of computer viruses.
Unaware employeesEmployees who transport data
via floppy disks can unwittingly infect their corporate networks with viruses they picked up from computers in copy centers or libraries.
According to survey, “Ninety-one percent of
respondents detected employee abuse of Internet access privileges.”
—Annual Computer Security Institute and FBI Survey, 2001
Disgruntled StaffAngry employees, often those
who have been reprimanded, fired, or laid off, might vindictively infect their corporate networks with viruses or intentionally delete crucial files.
Snoops
Employees known as “snoops” partake in corporate espionage, gaining unauthorized access to confidential data in order to provide competitors with otherwise inaccessible information.
Others are simply satisfying their personal curiosities by accessing private information, such as financial data, a romantic e-mail correspondence between coworkers, or the salary of a colleague.
Some of these activities might be relatively harmless, but others, such as previewing private financial, patient, or human resources data, are far more serious, can be damaging to reputations, and can cause financial liability for a company.
Computer Security
Attributes
Attack Methods Technology for Internet Security
Confidentiality Eavesdropping, Hacking, Phishing, DoS and IP Spoofing
IDS, Firewalling, Cryptographic Systems, IP Sec and SSL
Integrity Viruses, Worms, Trojans, Eavesdropping, DoS, IP Spoofing
IDS, Firewall, Anti-Malware, Software, IPSec and SSL
Privacy Email bombing, Spamming, Hacking, DoS and Cookies
IDS, Firewall, Anti-Malware, Software, IPSec and SSL
Availability DoS, Email, bombing, Spamming and system boot record infectors
IDS, Anti Malware Software and Firewall
Attack MethodsEavesdroppingVirusesWormsTrojansPhishingIP Spoofing AttacksDenial of Service
EavesdroppingInterception of communications
by an unauthorized partyPassive eavesdropping is when
the person only secretly listens to the networked messages.
Active eavesdropping is when the intruder listens and inserts something into the communication stream.
VirusesViruses are self‐replication
programs that use files to infect and propagate
WormsA worm is similar to a virus
because they both are self‐replicating, but the worm does not require a file to allow it to propagate.
TrojansTrojans appear to be benign
programs to the user, but will actually have some malicious purpose.
PhishingPhishing is an attempt to obtain
confidential information from an individual, group, or organization
Phishers trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information.
IP SpoofingSpoofing means to have the
address of the computer mirror the address of a trusted computer in order to gain access to other computers.
With the current IP protocol technology, Ipspoofed packets cannot be eliminated
Denial of Service (DoS)Denial of Service is an attack
when the system receiving too many requests cannot return communication with the requestors