Security Threats at Work

Data must also be protected when in use. This is probably the most difficult state in which to protect data. Data in use is susceptible to human errors as well as other natural accidents. Data in use is the most difficult to protect because in this state it must be able to be manipulated. It must be accessible and is therefore more vulnerable as the first levels of protection are already bypassed. Predictability is reduced with data in use as most of the common problems are spontaneous and even often unnoticed. Controls can help with protection but when data must be exposed there is always a level of danger.

Employees, The Biggest Threat

Any internal member of an organization can pose a great threat to information security. These are the people who are closest to the information and security policies. Employees often have the greatest knowledge concerning the value of internal information as well as the levels of security around it. In addition to having an awareness of the information security, employees are also the main handlers of data. They are charged with the day to day manipulation of information. These data handlers pose an unintended threat to information - human error. Mistakes are inevitable and an organization must do its best to limit them. Through proper training and appropriate controls, damage by employees and can be greatly reduced.

Malware

Malware - software components designed to damage, destroy or deny service to targeted systems. Types include viruses, worms, Trojan horses, DOS attacks, logic bombs and back doors.

Worms differ from viruses in that they do not require a host file to replicate. Worms will usually utilize flaws in a network to spread.

Viruses may utilize a Trojan horse as a host to disguise themselves for penetrating s system. The user will generally aid the Trojan/virus by initiating the executable.

Technological Obsolescence

Due to the rapidly changing world of technology, it seems the minute we turn around our equipment and systems our obsolete. While this may be exaggerated, it is certainly a formidable issue that garners much attention. IS technicians must understand that not only is technology advancing, but the means and methods of the would-be attackers are as well. This means the information security in place now may become quite vulnerable in the future. Both planning and the ability to recognize these needs play a large role in keeping up with the times. There is a fine line between efficient upgrades and wasted money. Balancing the necessary systems and equipment against the overpriced daily-available upgrades is a key to fighting technological obsolescence.

The Infamous Sniffer Attack

In order for an attack to succeed, the attacker must first identify the vulnerabilities of the systems (s)he wishes to infiltrate. The attacker must select one or more attack vectors (IP scan and attack, virus, unprotected shares, etc.) to exploit the vulnerabilities.

There is more than one way to gain access to use the sniffer system. Because the sniffer is used to monitor data traveling over the network, a back door may work. Back/Trap doors utilize an access mechanism often left in by designers. This is beneficial for the attacker as it does not draw as much attention as brute force or a hoax may. From here the sniffer can operate almost undetected on the network.