|
|
Network threats involve many facets of the network and organization. You have seen that your systems and information are susceptible to attacks and disruption based upon internal, external, and design factors in the systems you support. Many of these threats can be minimized by ensuring that your systems and applications are kept up to date and making sure your security procedures are in place and followed meticulously. Most of the exploitations attacks that are occurring to programs such as Outlook, Outlook Express, and Exchange are being fixed as soon as they are discovered. This makes it harder for attackers to learn about your systems and exploit known weaknesses.
One of the organizations that tracks and reports security problems is The CERT Coordination Center (CERT/CC). CERT/CC is a part of the Software Engineering Institute (SEI) at Carnegie-Mellon University. SEI is a federally funded research institution with a strong emphasis on computer security-related topics. CERT/CC provides some interesting perspectives on the growth of computer-related incidents. Table 5.1 shows the number of reported incidents of computer attacks from 1990-2002 reported to CERT.
Note | CERT/CC provides a great deal of current threat analysis and future analysis in the computer security area. The website for CERT/CC is www.cert.org. CERT is not an acronym according to the CERT website. |
Year | Incidents Reported |
---|---|
1990 | 252 |
1991 | 406 |
1992 | 773 |
1993 | 1,334 |
1994 | 2,304 |
1995 | 2,412 |
1996 | 2,573 |
1997 | 2,130 |
1998 | 3,734 |
1999 | 9,859 |
2000 | 21,756 |
2001 | 52,658 |
2002 (Q1-Q2) | 43,136 |
These figures include incidents that may involve one or hundreds of sites. Although the numbers themselves are not large, the growth in incidents is. When evaluating these numbers, think about how many attacks and incidents that are not reported.
The CERT website indicates that since 1995 over 7,000 security vulnerabilities have been reported. The majority of those vulnerabilities have been reported from the year 2000 and later. According to the CERT/CC website, they have handled more than 532,000 e-mails relating to computer security issues and threats.
Until fairly recently, the computer industry has not taken the issue of computer security as seriously as it should have. This has caused a great deal of frustration on the part of users and administrators who are attempting to protect assets.
Brian Valentine, the Senior Vice President in charge of Microsoft's Corporation Windows Development Team expresses the state of the industry in a speech he made September 5, 2002 at the Windows .Net Server Developer Conference:
"Every operating system out there is about equal in the number of vulnerabilities reported." He went on to say, "We all suck."
The important thing to remember is that until recently, many software manufacturers have only paid lip service to the problem of operating systems and applications vulnerabilities.
|
|