Common Security Threats

Threats to Physical Infrastructure
When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised.
The four classes of physical threats are:
Hardware threats-Physical damage to servers, routers, switches, cabling plant, and workstations
Environmental threats-Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)
Electrical threats-Voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss
Maintenance threats-Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling
Some of these issues must be dealt with in an organizational policy. Some of them are subject to good leadership and management in the organization. The consequences of bad luck can wreak havoc in a network if the physical security is not sufficiently prepared.
Here are some ways to mitigate physical threats:
Hardware threat mitigation
Environmental threat mitigation
Electrical threat mitigation
Hardware threat mitigation
Lock the wiring closet and only allow access to authorized personnel. Block access through any dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point. Use electronic access control, and log all entry attempts. Monitor facilities with security cameras.
Environmental threat mitigation
Create a proper operating environment through temperature control, humidity control, positive air flow, remote environmental alarming, and recording and monitoring.
Electrical threat mitigation
Limit electrical supply problems by installing UPS systems and generator sets, following a preventative maintenance plan, installing redundant power supplies, and performing remote alarming and monitoring.
Maintenance threat mitigation
Maintenance-related threat mitigation-Use neat cable runs, label critical cables and components, use electrostatic discharge procedures, stock critical spares, and control access to console ports.
Threats to Networks
Earlier in this chapter the common computer crimes that have implications for network security were listed. These crimes can be grouped into four primary classes of threats to networks:
Unstructured Threats
Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing an attacker's skills can do serious damage to a network. For example, if a company website is hacked, the reputation of the company may be damaged. Even if the website is separated from the private information that sits behind a protective firewall, the public does not know that. What the public perceives is that the site might not be a safe environment to conduct business.
Structured Threats
Structured threats come from individuals or groups that are more highly motivated and technically competent. These people know system vulnerabilities and use sophisticated hacking techniques to penetrate unsuspecting businesses. They break into business and government computers to commit fraud, destroy or alter records, or simply to create havoc. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies. Their hacking is so complex and sophisticated that only specially trained investigators understand what is happening.
In 1995, Kevin Mitnick was convicted of accessing interstate computers in the United States for criminal purposes. He broke into the California Department of Motor Vehicles database, routinely took control of New York and California telephone switching hubs, and stole credit card numbers. He inspired the 1983 movie "War Games."
External Threats
External threats can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers. External threats can vary in severity depending on the expertise of the attacker-either amateurish (unstructured) or expert (structured).
Internal Threats
Internal threats occur when someone has authorized access to the network with either an account or physical access. Just as for external threats, the severity of an internal threat depends on the expertise of the attacker.
Social Engineering
The easiest hack involves no computer skill at all. If an intruder can trick a member of an organization into giving over valuable information, such as the location of files or passwords, the process of hacking is made much easier. This type of attack is called social engineering, and it preys on personal vulnerabilities that can be discovered by talented attackers. It can include appeals to the ego of an employee, or it can be a disguised person or faked document that causes someone to provide sensitive information.
Phishing is a type of social engineering attack that involves using e-mail or other types of messages in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher masquerades as a trusted party that has a seemingly legitimate need for the sensitive information.
Frequently, phishing scams involve sending out spam e-mails that appear to be from known online banking or auction sites. The figure shows a replica of such an e-mail. The actual company used as the lure in this example has been changed. These e-mails contain hyperlinks that appear to be legitimate, but actually take users to a fake website set up by the phisher to capture their information. The site appears to belong to the party that was faked in the e-mail. When the user enters the information, it is recorded for the phisher to use.
Phishing attacks can be prevented by educating users and implementing reporting guidelines when they receive suspicious e-mail. Administrators can also block access to certain web sites and configure filters that block suspicious e-mail.


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog