DCOM Explained
by Rosemary Rock-Evans Digital Press ISBN: 1555582168 Pub Date: 09/01/98 |
Previous | Table of Contents | Next |
One of the ways used to do this is by using spoofing. Spoofing is the alteration of a packet to make it appear that it originated from a different part of the network. This method has been used to steal credit card numbers. The criminal changes the IP address to make it appear as though the request came from within the organizations network.
The Internet makes us that much more vulnerable because it was designed to be an open system from the very startit has absolutely no security built into it. This wouldnt be a problem if the Internet was a nice, closed network separated from us by a huge barrier, but it isnt. The Internet has provided a handy little open door for anyone everywhere in the world with a modem, a PC, and a telephone line to come strolling around our networks and machines, as if they owned them. They can do it in the time it had taken me to type thiscrime or malicious damage is far, far easierno traveling, no security guards, no locked doors, no safes.
So it is worth making a fuss because there is a lot at stake here.
And are the risks real?
It is in the nature of human beings that they are absurdly optimistic. In the first place, most people assume it isnt going to happen. When it does happen it is treated as an isolated incident. Only when it happens over and over again is action taken. By this time, of course, the company could be on its knees financially or a dead duck.
Take it from me, all the risks Ive identified are happeninga lot.
Since 1988, there has been an increase in the USA of 2000% in the number of just Internet security-related attacks. In recent surveys over 47% of the companies asked have been attackedagain over the Internet. Three quarters of these companies suffered financial loss; the rest suffered malicious damage.
There have been reports of large numbers of credit card numbers being downloaded from computers, for example, and in one case handled by the FBI in 1995, the cards were used to purchase $50 million of goods. So we need to take these things seriously.
We have seen what risks there are and how serious those risks can be. How, then, does a company decide what needs to be protected? The answer is that it must task a security administrator to define the company policy. All companies need to have a security policy. The aim of the policy is to list a set of rules that precisely defines:
For example:
It is only by having a policy that you can decide when to employ the safeguards and decide which safeguards to employ. The combination of policy and risk provides us with the means of starting to define the mechanisms of protection. What, therefore, are the main mechanisms we can use to protect ourselves against these risks?
Previous | Table of Contents | Next |