Assessing Your Vulnerability to Network Attacks


Who's next? Although no one can predict with complete accuracy the chances of you personally or your business being attacked, the bottom line is that you do need to look at the security you currently have in place. If you have no security, the likelihood of an attack, and most likely a successful attack, is close to 100 percent. If you deploy the layer security, also known as defense in depth (the foundational concept of this book), hackers might still try to attack you, but their chances of success fall substantially.

As mentioned previously, every computer is subject to attack when connected to the Internet. Reports indicate that hackers scan the average home computer connected to the Internet by a cable modem between 10 and 25 times per day. Of course, these numbers could be higher or lower depending on many circumstances, and just because a machine is scanned doesn't mean the machine will be attacked. When you consider that security incidents are on the rise at a rate of about 100 percent year over year, the chances of your computer being attacked while on the Internet is steadily increasing.

When hackers scan networks, they are looking for networked devices (such as PCs) that are exposed to the Internet and have software or applications that have known problems that the hacker can exploit. Firewall hardware and software will considerably reduce the amount of information a hacker can gain by a scan and will encourage the hacker to move on to the next victim.

Although all systems should have antivirus software, don't be fooled into thinking that antivirus software will protect you from all attacks. Antivirus software can stop only known attacks, because it based on signatures derived from known attacks or known vulnerabilities. Because of this, the software is unlikely to thwart any new attacks launched against your system. The only way to "stop" new attacks is to use layered defense as described in this book.

NOTE

Although this is beyond the scope of this book, if you are curious to see whether anyone is trying to probe your system for information, try acquiring some freeware intrusion detection software, or a Cisco intrusion detection or prevention appliance, and put it on the outside of your network. This software generates a report if it detects any malicious activity on the front door of your network. The amount of detected activity might surprise you.

The reports generated by intrusion detection on the outside of your network might be sobering and are often effective in persuading management to make the investment in adequate security.




Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net