20.1 Potential Threats


Today the list of potential threats can be endless. However, depending on the kind of business you are running, the most important and most dangerous threats might vary.

These are the most common dangers your systems might have to face:

  • Loss or destruction of data Sometimes hackers do not want to steal something; in most cases, these people want to destroy something, so destruction of data is a potential threat. Vandalism can be more dangerous than other kinds of crime because all parts of your application are potential targets whether there is interesting data around.

  • Abuse of confidential data Most business applications rely on critical and confidential data. Just think of an online shop where information about thousands of customers is stored. Think of all the credit card numbers or other personal data. Think of a bank managing millions of accounts and billions of dollars. If a hacker can access this data, you can easily imagine what kind of damage can happen.

  • Modification of data In some cases a cracker might not be interested in deleting or stealing data. Just think of an account at a bank. It can be interesting to modify someone's account data. Modification can be more dangerous than destruction because in the case of total destruction, the problem is obvious. In the case of modification, it can take a long time to find out what has happened and see which data has been modified. The time between the intrusion of a cracker and the detection of the disaster can be used to perform all kinds of modifications.

  • Denial of Service Denial of service (DoS) attacks are a potential threat for everyone. Denial of service means that the offender tries to make your machine stop doing its work. DoS need not mean that your machine is hacked, but your service won't be available any more for some reason. Just think of a Web server that has been connected to the Web using a 10Mbit line. If somebody sends you more requests than your machine or your line can handle, your machine cannot be accessed any more even though it is up and running. As a rule of thumb, you can say that every machine providing some sort of service can be the victim of a DoS attack.

  • Attacks from inside Not all attacks must be carried out by an evil person who is operating from outside. Many attacks are done by people who are working in your company or who have access to your resources. Protecting yourself from attacks coming from inside is as important as protecting yourself against evil people threatening your business from outside.

Of course, not all applications are attractive for a hacker. If you are running a private Web server via a dial-up connection, it is rather unlikely that somebody will try to hack you. The reason for that is simple it is no use hacking your machine. It might be fun, but this is not the ultimate benefit of hacking.

However, if you are running a huge business site, your Web server is a potential target because of all your important information. In addition, hacking famous sites is more prestigious than hacking a useless machine somewhere in the Net.



PHP and PostgreSQL. Advanced Web Programming2002
PHP and PostgreSQL. Advanced Web Programming2002
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 201

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net