Overview of Network Security Threats

Previous page
Table of content
Next page

Network threats involve many facets of the network and organization. You have seen that your systems and information are susceptible to attacks and disruption based upon internal, external, and design factors in the systems you support. Many of these threats can be minimized by ensuring that your systems and applications are kept up to date and making sure your security procedures are in place and followed meticulously. Most of the exploitations attacks that are occurring to programs such as Outlook, Outlook Express, and Exchange are being fixed as soon as they are discovered. This makes it harder for attackers to learn about your systems and exploit known weaknesses.

One of the organizations that tracks and reports security problems is The CERT Coordination Center (CERT/CC). CERT/CC is a part of the Software Engineering Institute (SEI) at Carnegie-Mellon University. SEI is a federally funded research institution with a strong emphasis on computer security-related topics. CERT/CC provides some interesting perspectives on the growth of computer-related incidents. Table 5.1 shows the number of reported incidents of computer attacks from 1990-2002 reported to CERT.

Note 

CERT/CC provides a great deal of current threat analysis and future analysis in the computer security area. The website for CERT/CC is www.cert.org. CERT is not an acronym according to the CERT website.
Table 5.1: Reported CERT Incidents

Year

Incidents Reported

1990

252

1991

406

1992

773

1993

1,334

1994

2,304

1995

2,412

1996

2,573

1997

2,130

1998

3,734

1999

9,859

2000

21,756

2001

52,658

2002 (Q1-Q2)

43,136

These figures include incidents that may involve one or hundreds of sites. Although the numbers themselves are not large, the growth in incidents is. When evaluating these numbers, think about how many attacks and incidents that are not reported.

The CERT website indicates that since 1995 over 7,000 security vulnerabilities have been reported. The majority of those vulnerabilities have been reported from the year 2000 and later. According to the CERT/CC website, they have handled more than 532,000 e-mails relating to computer security issues and threats.

Until fairly recently, the computer industry has not taken the issue of computer security as seriously as it should have. This has caused a great deal of frustration on the part of users and administrators who are attempting to protect assets.

Brian Valentine, the Senior Vice President in charge of Microsoft's Corporation Windows Development Team expresses the state of the industry in a speech he made September 5, 2002 at the Windows .Net Server Developer Conference:

"Every operating system out there is about equal in the number of vulnerabilities reported." He went on to say, "We all suck."

The important thing to remember is that until recently, many software manufacturers have only paid lip service to the problem of operating systems and applications vulnerabilities.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
CISSP Exam Cram 2
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
FileMaker Pro 8: The Missing Manual
Postfix: The Definitive Guide
Microsoft WSH and VBScript Programming for the Absolute Beginner
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy