|[ LiB ]|
It's no secret that although the Internet has given us new ways to communicate, shop, learn, and even make a living, it has also presented us with new risks. Using the Internet, malicious people have found ways to access confidential information, disrupt critical services, and launch their attacks. These attacks are especially damaging to enterprise networks, where the cost of a network service disruption can rapidly escalate. Networks also face threats from within, where employees with legitimate access to resources can easily abuse their privileges to wreak havoc on a company's most valuable assets, its collective knowledge. In fact, more than 60 percent of attacks on corporate networks are launched from a person internal to the organization. On top of the malicious attacks, there are what most people consider benign activities that, if left unchecked, can bring services to a halt. For example, chain letter email messages have been known to bring email servers to a grinding halt.
Unfortunately, odds are stacked in favor of the attackers, who have many things working to their advantage. Networks that were once closed are now interconnected with partners , customers, suppliers, and the Internet. Attackers have access to many of the same resources and tools of the defending network security community; many of these tools can be used by people with little knowledge or understanding of hacking techniques.
The need to protect and defend data communications networks isn't a new concept. However, the idea of a systematic approach to analyzing and improving security, using both policies and technology, is only recently being widely acknowledged and implemented. Although firewalls and authentication mechanisms encrypt, filter, and control traffic between public and private networks, their effectiveness also depends on the ability to accurately detect, monitor, record, and anticipate attacks on the network. Intrusion detection techniques provide a key monitoring component in the overall process of securing, monitoring, testing, and improving a network security policy.
We can describe the various types of network threats based on their origin, methods , and targets. The following sections discuss four types of threats: internal, external, structure, and unstructured.
Internal threats originate from within an organization's networkfor example, a disgruntled employee damaging a network by sabotaging IT resources or by leaking sensitive company data to competitors or the press. Internal threats also include unauthorized access of information between departments. Internal threats are difficult to protect against because network boundaries and permissions are less distinct than they are with external threats. Also, internal threats are caused by nonmalicious practices such as simple passwords and a lax internal security policy. In summary, an internal threat is any activity or behavior occurring within the internal network that can potentially cause minor or significant disruptions to network operations.
By contrast, the boundaries between a network and the source are more easily defined; external threat s usually make use of Internet or dial-up connections as tools for a security breach. Today's networks are of questionable use without external connections, so it's imperative that these connections are tightly secured and monitored .
Unstructured threats are those that use general methods and tools against an arbitrary target. They are created by individuals who use prebuilt tools, programs, or scripts readily available on the Internet to launch their attacks. "Script kiddies," as they're sometimes called, are motivated more by the challenge of succeeding in the attack than by the satisfaction of causing actual damage. Their tools might include password crackers, malicious shell scripts, or dialer daemons, which they can use to cause considerable damage. If the tools fail, however, the script kiddies typically move on to another target, rather than adjust or tune their tools.
Structured threats use sophisticated tools and are generally intended for a very specific target. These attacks are performed by people who are fully aware of what they intend to do when they use programs and tools to attack networks or computers. Unlike script kiddies, these attackers know how to tune their tools and develop new methods of attack against unpublished vendor vulnerabilities. Structured attackers might be driven by credit card data, software code theft, or intentional damage to a competitor's Web site and internal networks. Attackers performing structured threats also have the patience to penetrate network security measures, using meticulously self-created programs or even social engineering tactics. Competitors, law enforcement, or other agencies might hire these kinds of attackers to acquire information, test security, or cause damage to specific networks.
|[ LiB ]|