Conclusion

‚  < ‚  Free Open Study ‚  > ‚  

The rise of computing and networking power has dramatically impacted nearly everyone. Even if its effects are not direct, the changes in business practices and the growth of new businesses have reshaped the economies of industrialized nations. The Internet boom, for better or worse , created massive wealth all over the world.

We have also seen the democratization of computing power. At the time of this writing, an average person can purchase a computer with a processor speed of 1.5GHz.This provides that person with computing power previously only available to major corporations and, before that, to large government agencies. This spread of power benefits the user , of course, but it also has potential to make the attackers ' jobs easier. For example, passwords are rapidly approaching the point at which they are trivial to guess. With this kind of raw processing speed, a computer can guess all variations on an eight-character password in a matter of days if not hours.

The origins of computer incident response can be traced to the Hanover Hackers case described by Cliff Stoll. That incident was a case of espionage by foreigners (if not a foreign government) against U.S. agencies and corporations. Corporate espionage via the Internet now occurs daily. Theft of data and computing resources is commonplace. Identity theft has become much easier now that so much information and commerce is available on the Internet. The past two years have seen massive worm attacks across the Internet, affecting thousands (some authorities say millions) of users.

It is not hard to postulate new, nontraditional attacks. Distributed denial of service is an excellent example. The actual attack is a classic DoS attack, using old tools. Attacking someone using other computers is also not new. But combining these techniques is a major advance and represents a fundamental shift in the nature of the attack, not just the magnitude.

Similarly, one could envision, for example, antiglobalization protestors placing child pornography on corporate web sites in an attempt to embarrass or discredit large corporations. A person could short sell a large amount of stock and then place illegal materials on corporate computers and call the FBI.

Financial institutions have been urged (if not regulated ) to form incident response teams . A letter from the Federal Deposit Insurance Corporation in 2000 stated, "Management should prepare a formal, written recovery plan and form an incident response team. If there is an attack on a computer system, the incident response team should be prepared to take appropriate action." [7]

[7] FDIC letter to all financial institutions, October 3, 2000, www.fdic.gov/news/news/financial/2000/fil0067.html.

An organization must be prepared to respond to a computer incident, just as it must be prepared to react to a natural disaster. Companies have always had plans for how to react when a robber shows up at the door with a gun. They should be equally prepared to respond when the robber shows up at the web server with a computer.

‚  < ‚  Free Open Study ‚  > ‚  


Incident Response. A Strategic Guide to Handling System and Network Security Breaches
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
ISBN: 1578702569
EAN: 2147483647
Year: 2002
Pages: 103

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net