Being secured in a networked world
In a networked world like what we are living in right now, not only has it made our
lives a little smaller but also a little less personal. With the right tools and
knowledge, our personal information can be disseminated to everyone with just a
single click. That’s how simple and vulnerable our personal information is in the eyes
of the attacker.
Recently, during the first week of August 2007, hackers have also defaced the official
United Nation’s website with the message reserved for Secretary-General Ban Kimoon accusing the United States and Israel of killing children.
CNET, a computer and technology publisher, said on its web site: "The perpetrators
appeared to have used a well-known and highly preventable technique called SQL
injection, which takes advantage of flawed database programming to activate
malicious lines of code.” Excerpt from thestar.com.my
Corporate network security is of great importance in this day and age – office
paperwork that used to be handled by paper have now been replaced by online
forms, vast databases of confidential company data are stored in company servers
and many office workers have become accustomed to always having on internet
access at their workstations. This combination of relatively open connectivity and
important data means that the avenues for attack, and the prize at stake is much
higher then it was in an era when the best way to get something from the central
servers was a floppy disk, and internet was something you connected to only when
you needed to check for email. Now, the risks and threats are getting more and
more and let us take a look at it.
Threats
There can be a lot of reasons that can compromise a secure environment in an
organization. There are vulnerable systems that are prone to attack, poorly
configured access privileges by the administrators, disgruntled employees and the
creation of network entry points.
According to Reuters, in a report today August 13, 2007, “cyber crime is one of the
fastest growing criminal activities, and includes a huge range of illegal activity
including financial scams, computer hacking, downloading pornographic images,
virus attacks, stalking by e-mail and creating websites that promote racial hatred.”
When the first virus was created it was for a good reason and that was to protect
computer owners and users and organization from intruders. People tend to create
more variants, so that the early viruses have become prone to making more
damages to one computer, be it either software or hardware. Over the years, it has
become more targeted on network and information manipulation and when you are
being attacked, you know not that it is a targeted and specific one. Back in the day,
hackers created viruses for fun, for the sake of creating menace or to prove
themselves but nowadays they all do it for the financial motivation- its all about the
money.
So how does this affect you as a basic computer user? Well basically all these threat
has one common motive that is to infiltrate and does as much damage as they can.
For starters, imagine you receiving your credit card statement and you are billed
with items that you didn’t purchase, then you try to check your email but there’s too
much junk mail and you can’t filter the important mails. Or what makes it worst, you
lost a contract because of the delayed in replying. In the state of manic depression,
the internet connection starts to slow down for no reason, and then suddenly after
downloading the attachment, you find out that the file is corrupted. On a larger
scenario, you find that the stock market plummets over night. You also found out
that your competitor suddenly has your company trade secrets.
Crazy as it may sound but that is the fact and you never know how creative is the
attacker’s mind out the in cyber world could do to you as time progressed new
method and ways are devised for them to get to you. Without protection, you never
knew what hit you. Let’s discuss on the scenario above and what threat posses such
power to do all that
The top list of security risks that exist in an organization are:1. Social Engineering Attacks
Social engineering has always been the way attackers gain entry to corporate
networks. By just using the telephone, attackers are able to ‘enter’ the corporate
networks by pretending to be someone of higher authority and thus gained the
confidence of the employees.
2. Targeted Email and phishing attacks
Through targeted attacks, the attackers will send emails containing malicious
attachments. Nowadays, the attacks are mostly targeted as the attack will be more
effective that way.
3. Imminent mobile attacks.
Almost everyone in the organization has a cellular phone. And ever since our cellular
phone have become more smarter, and getting connected to the Net, it is also prone
to attacks.
According to Wikipedia, vishing a combination of voice & phishng is the criminal
practice of using social engineering and Voice over IP (VoIP) to gain access to private
personal and financial information from the public for the purpose of financial
reward.
4. Bot nets- web based
Attackers will surely find a way to attack the corporate network and instead of using
the IRC connection, they are now targeting the Web based model because almost
everyone is online, on broadband and connected now. The bot nets can reduce the
footprints on the network so that it gets harder to detect them.
5. Web based worms
The usage of video on the web and video sharing online like youtube.com is prone to
be a target for hackers of course using web based worms as tool. Almost everyone
blogs now and the new threats will probably be inserting codes into the comments
forms on the blog.
6. Vulnerabilities will be the main concern
This is also added by the fact that there is a market for underground for
vulnerabilities. And the end of 2006, we were made to increase the effort to finding
bugs in the operating system kernels.
Client side vulnerabilities – examples are email applications and web browsers,
media players, word processors, spreadsheets programs are just some of the
examples as in a matter of time, we all need to increase funding and research teams
just in case there are new discoveries on any new vulnerabilities. Without proper
care and training vulnerabilities on both internal and external attacks will boost
tenfold.
Summary
In today’s world of advance computing, with more computers are connected to the
World Wide Web while it’s evolving the way our lives would be with the wonders and
helping to ease the burden but it also comes with many threats in terms of security.
In the world without borders, a person without identity posses the biggest threat to
users.
It is always a good idea to subscribe to security blogs and newsletters to keep up to
date on newly discovered vulnerabilities and patches.
Information security is all about protecting the business - not the
technology.
Name: Raja Eszura Raja Ibrahim
Contact:012-2143674/03-2730-4090