 |
|
Security
PIX
& Checkpoint
Threats
Assessment
Audits
Audit
Reports
Policies
IDS
Software
Network
Designs
Y1
Alerter
Connectivity
IP
Solutions
Computer
Systems
Available
Consultants
|
|
|
Security Threats
Network &
Systems Security Threats
Security threats can be
as simple as a person snooping a business's network operation or as
complex as taking control of the entire network. Hackers
exploit security vulnerabilities, or security holes in the operating
systems or host applications that system administrators have not
safeguarded adequately. Security threats are best categorized
into three basic categories.
- Attacks
/ Unauthorized Access – any part of any network can be
susceptible to attacks or unauthorized activity.
Professional hackers, organization competitors, or even internal
employees can violate Routers, Switches, and Host Systems.
According to several studies, more than half of all network attacks
are from inside a business's enterprise.
- Impersonation
/ Password Attacks
– is when a hacker gains unauthorized access to network
passwords in order to penetrate confidential information.
Once a hacker "cracks" the password of a legitimate user,
he has access to that user's network resources and possibly to the rest of the network. Hackers also use social engineering techniques,
which is the act of obtaining confidential network
security information by posing as a technical support representative and
making phone calls to employees to gather password information.
- Denial
of Service (DoS)
DoS
attacks are particularly malicious because they "tie up" IT resources, preventing legitimate users
from accessing applications, by sending large amounts of jumbled data to machines that are connected to
business networks or the Internet. Distributed
Denial of Service (DDoS) attacks, even more malicious, occur when an
attacker uses multiple machines or hosts to attack a business network.
Cost of
Intrusion & Legal Liabilities
Compromised security causes businesses several hours to days of downtime and seriously
affect data confidentiality and integrity. Depending
on the level of the attack and the type of information that has been
compromised, the consequences of network attacks vary in degree from
mildly annoying to completely debilitating, and the cost of recovery
from attacks can range from hundreds to millions of dollars.
When data confidentiality is compromised, the cost consequences to an
enterprise are not always immediately evident. Access to an organization's e-mail system or proprietary
information that might be stolen could result in a loss of research and
development dollars spent in gaining competitive advantages.
When data integrity is compromised, a business incurs
unnecessary expenses to correct the problems created by the attacks. Among these are restoring or recreating data, or even rebuilding
complete servers.
The legal ramifications
of breaches in data confidentiality and integrity can also be extremely
costly for organizations. Even
if an external hacker is the perpetrator of an attack, the organization
storing inadequately protected information or allowing a virus to
originate from inside the enterprise, may potentially be found negligent
by the courts. Existing
regulations stipulate that organizations in violation could face a range
of penalties.
|
| |
|
