In years past, security threats came from geniuses or nerdy students with lots of time. The numbers of these people were relatively small. Their main motivation was to prove that they could break into another network. Since then, the number of potential attackers and the sophistication of the attacks have increased exponentially. Attacks that once required attackers to have an advanced degree in computing now can be done with easily downloaded and freely available tools that the average junior-high student can figure out how to use. Every company and almost every person connects to the Internet, making essentially the whole world vulnerable to attack.
The biggest danger today may be the ...view middle of the document...
Reconnaissance attacks: This kind of attack may be disruptive as a side effect, but its goal is gathering information to perform an access attack. An example is learning IP addresses and then trying to discover servers that do not appear to require encryption to connect to the server.
Access attacks: An attempt to steal data, typically data for some financial advantage, for a competitive advantage with another company, or even for international espionage.
Computer viruses are just one tool that can be used to carry out any of these attacks. A virus is a program that is somehow transferred onto an unsuspecting computer, possibly through an e-mail attachment or website download. A virus could just cause problems on the computer, or it could steal information and send it back to the attacker.
Today, most computers use some type of anti-virus software to watch for known viruses and prevent them from infecting the computer. Among other activities, the anti-virus software loads a list of known characteristics of all viruses, with these characteristics being known as virus signatures. By periodically downloading the latest virus signatures, the anti-virus software knows about all the latest viruses. By watching all packets entering the computer, the anti-virus software can recognize known viruses and prevent the computer from being infected. These programs also typically run an automatic periodic scan of the entire contents of the computer disk drives, looking for any known viruses.
To appreciate some of the security risks inherent in an Enterprise network that already has a quality perimeter firewall, consider Figure 1. The list following the figure explains three ways in which the Enterprise network is exposed to the possibility of an attack from within.
Figure 1 Common Security Issues in an Enterprise
The following types of problems could commonly occur in this Enterprise:
Access from the wireless LAN: Wireless LANs allow users to access the rest of the devices in the Enterprise. The wireless radio signals might leave the building, so an unsecured wireless LAN allows the user across the street in a coffee shop to access the Enterprise network, letting the attacker (PC1) begin the next phase of trying to gain access to the computers in the Enterprise.
Infected mobile laptops: When an employee brings his or her laptop (PC2) home, with no firewall or other security, the laptop may become infected with a virus. When the user returns to the office in the morning, the laptop connects to the Enterprise network, with the virus spreading to other PCs, such as PC3. PC3 may be vulnerable in part because the users may have avoided running the daily anti-virus software scans that, although useful, can annoy the user.
Disgruntled employees: The user at PC4 is planning to move to a new company. He steals information from the network and loads it onto an MP3...