1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
The end users can cause you security problems like trying to hack the internal systems, deleting data, downloading malware, the list can go on for about 20 pages when considering what ‘end users’ can or will attempt to do to the internal network.Your systems can crash if not maintained properly, they can be hacked from internal and external resources, again, the list can go on and its not this articles intention to tell you what every threat to your assets are, just to make you aware that you have to think about them in general.Your network infrastructure can suffer much of the same issues that your systems would. Your administrators could forgo change control and topple your network if not supervised properly and monitored, also they could cut corners and take big chances based on a lack of knowledge of what their managers may know if they are not IT savvy (which is all too common) are just a few of the threats associated with the IT human resources. Recon (Reconnaissance): When an attacker ‘probes’ your network or systems (knocking on your door) to see if you are there, and if possible, to map your network and systems for a future malicious attack.DoS (Denial of Service): attack is very serious in nature and it’s simple to perform. Many efforts have been made to patch systems that could either launch a DoS attack or be affected by one, but to think that top level hackers (the Elite) aren’t constantly working on new ways to exploit systems is foolish.Manipulation (Data Manipulation): Data manipulation is considered a very large threat today because data is what our paperless society has come to not only depend on, Data manipulation is a huge threat. Internal threats: threats originating from within the network. Examples include malicious employees, employees that are not malicious but make mistakes, such as mistakes made from deployments and implementations, etc. External threats: threats origination from outside your network, the direct opposite of internal threats. External threats can come from Hackers on the Internet, your business competition (yes they do!), your enemies (whether you think you have any or not) and so on.
2. Case research and analysis:
The nature of the virus threat
Damage to data One of the most talked about effects of a virus attack is the damage it can do to a company’s data. Many viruses are capable of wiping hard disks or corrupting the records held on a machine. Worse still are those viruses known as ‘data diddlers’, which subtly alter the figures in a spreadsheet or words within a document. Because the changes they make are not immediately obvious it can be weeks or even months before anyone notices that something is amiss. By that time the damage can be impossible to undo as back-ups are corrupted as well. That said, if a company does fall foul of a virus that simply eliminates data, backups can often be used to restore the lost information.
Clean-up costs
Deciphering how much it costs an organization to reinstate lost data, or to negate corruptions made by malicious code is an almost impossible task and depends greatly on the specifics of the virus in question. However, in most cases the IT department will be called in to perform the clean-up operation whilst the everyday running of the company has to be put on hold. This could mean that email is disrupted, a website becomes unusable and staff within the organization are unable to perform their usual tasks. In a worst-case scenario it could mean bringing in an external party to help. As alarming as all of this sounds, data destruction is far from the worst thing a virus can do.
Spreading the infection There are some viruses, such as Melissa and Sircam, that are capable of randomly selecting documents from an infected PC and distributing them to the contacts listed in an infected user’s address article. The virus will not search for any document in particular – whether it happens upon your latest financial projections or your plans to merge with another company is really left to chance. The likelihood, though, is that if it is a document of that nature, there are certain people (quite possibly in your email contact list) whom you wouldn’t want to see it. A virus that sends out potentially sensitive information about a company can put it in a rather awkward position. Not only can a leak place competitors at an advantage, but suppliers, business partners and customers are also likely to find out that a business has allowed its security to be compromised by a virus. This can damage the trust of one company in another, as security is still very much a taboo issue. It can also make the parties that deal with a company feel vulnerable about the information they hold relating to them. Unfortunately, this kind of situation is not something that can be rectified easily. Building relationships and a credible reputation can often take years and yet can be practically wiped out in a matter of minutes. Re-establishing relationships and reputation is far from an overnight task, and, in some cases, they could be irreparably damaged.
Protecting against viruses
However, it is not all doom and gloom. Virus infection is by no means inevitable for any company and the good news is that it is possible to protect corporate networks fairly easily.
Anti-virus software Probably the most obvious step to take is to install a reliable anti-virus solution that is updated regularly. Most anti-virus solutions are able to detect the majority of viruses; but the speed with which updates to protect against the latest viruses are delivered differs somewhat. Most vendors offer automated updating over the Internet but customers should check out exactly how often they will be updated.
Policy solutions
Apart from the software there are other measures a company can take to protect itself against malicious code. One of these is to develop a safe computing policy whereby employees are informed of how to use their machines safely. Educating users about possible threats should begin at company induction stage so that members of staff know what is expected of them from the outset. It is astounding how many companies do not do this. You wouldn’t let someone drive around the M25 without a licence and yet people are placed in front of PCs and are expected to know how to use them correctly. A safe computing policy should include points such as not opening unexpected emails and not downloading material from the Internet. The vast majority of viruses are spread via the Internet and email, which is why this is so important. Even if an email is received from a known source it could still be infected, so it is worth questioning whether it was expected and whether it is in the apparent sender’s usual style. Many virus writers use extremely bad spelling and grammar, which can be an obvious clue as to what the email really contains. An email from a known associate in a foreign language should also set the alarm bells ringing! In addition, no files with double extensions should be executed. There are very few occasions when such a file would be legitimately required and the vast majority of them should be treated with suspicion. The simplest thing to do is to ask the sender to re-send the file with the correct extension. Another measure to include within such a policy is the saving of Word documents as rich text format (.rtf) instead of as documents (.doc). Docs support the macro language, which allows macro viruses to run – it is far more difficult to infect an .rtf file. Users should also be instructed not to open or forward joke, movie or graphics files. Although these filetypes are virtually unable to support viruses, malicious code can be disguised as a file of this type.
System procedures
Network administrators should also employ measures such as disabling Windows Scripting Host, changing the CMOS boot-up sequence and blocking certain file-types at the email gateway. Some vendors include technology within their products that allows IT managers to prevent certain files from ever entering an organisation – this is certainly something to look out for when purchasing an anti-virus solution. A full list of safe computing procedures that would form a good basis for such a policy can be found at www.sophos.com/safe computing.
Appropriate responses
Another important issue for organisations to consider once a safe computing policy is in place is what to do should an employee contradict the guidelines and allow a virus to penetrate the company defenses. The natural inclination of some businesses would be to punish the member of staff concerned, either by verbal or written warning or by dismissal. However, this is often not the most effective way of dealing with such a situation. If staff know that they face disciplinary measures should they be responsible for a virus infection then they are far more likely to attempt to cover up an incident, which makes it far harder to administer the clean-up once it does come to light. Ideally in that situation an employee should feel comfortable with coming forward and admitting that they have made a mistake. Only if they continue to ignore the guidelines should users be disciplined. Defending an organisation against malicious code of all types is not the sole responsibility of the IT department – every employee plays a part in protecting a company. The measures that are put in place do not have to be complicated, and if staff are encouraged to follow them from the outset they should become second nature.
Conclusions
Anti-virus protection in today’s climate demands a multi-faceted approach. Gone are the days when simply installing the software was enough. That software needs to be maintained constantly, by vendor and customer, to ensure that it detects the maximum number of viruses. In addition to the software, all users within an organization should be taught how to use their computers safely. They may not be able to have as much fun as they once did, but a workable balance between functionality and security has to be sought. Despite the horror stories of what viruses can do, it is worth remembering that it is possible to mount a comprehensive defense. Most virus incidents can be avoided relatively easily. The key to ensuring that an organization remains virus-free is constant vigilance and attention. That may sound intimidating, but in view of the potential consequences of infection it is a small price to pay. Sop hos, the Real Business/CBI Growing Business Awards Company of the Year, is a world leader in anti-virus protection. It is strongly focused on the corporate marketplace where its vision, commitment to research and development, and rigorous attention to quality have taken it from strength to strength. Sop hos increasingly rapid growth internationally is reflected in a user base of well over 20 million and revenues that soared by nearly 50 per cent in the period 2001–2002. Sophos products are sold and supported in over 150 countries through a global network of subsidiaries and partners
2.a Identify one company that had experienced an attacked from the internet.
June 16, 2004
Akamai Technologies Inc. Backs off claim of wide-scale Internet attack
2.b Describe the attack.
One day after an apparent attack on its systems slowed access to leading Web sites such as yahoo.com, Google.com and Microsoft.com, distributed computing company Akamai Technologies Inc. said that it was the victim of a sophisticated, large-scale attack aimed at specific customer Web sites.Broad attack on the Internet infrastructure, saying that the company's DNS (domain name system) service was attacked for two hours Tuesday, affecting about 4 percent of its customers, the company's staff worked with customers and network providers to shut off the source of the attack.
2.c Identify the damages done and the solutions adopted to reverse the damages and to protect the company from future threats.
Risk assessments: You have to know what your tolerance to risk is, once you do know, it’s critical that you see how at risk you really are to certain threats.Infrastructure analysis: Now that you know what a risk assessment is, you need to test your systems. Get executive buy-in: Once you have your analysis done, you need to hand it in. (Hopefully in an official report). You really need upper managements support on taking this seriously.Security budget: Think of a real security budget that fits the companies business model.Anti Virus etc
.
http://www.google.com.ph/
http://www.infoworld.com/
Christine Linan
No comments:
Post a Comment