Types of Computer attacksEdit
Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way. Viruses can be attached to files or stored in the computers memory. Viruses may be programmed to different things such when they are downloaded or activated by a specific action for example viruses attached to file will infect that computer and any file created or modified on that machine.Viruses may also programmed to display a message when certain action are performed to execute the virus.Worms like viruses bury themselves in the memory of a machine and then duplicates itself with help from any help. It can send itself through emails and other connections. Phishing is when hackers try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. These con - artists urge the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor within a computer system that is vulnerable, this allows them to remain undetected while they access important information. Key-logger programs allow attackers to view information that has been logged into a particular machine undetected. Botnets are a collection of computers that could bee spread around the world the are connected to the internet, they are controlled by one single computer.
Reason for AttacksEdit
The complexity of networks, computers, operating systems, applications and other technology are interconnected and driven by many lines of code. This increases the number of back-doors with the more equipment attached. Inability to keep up with the change in technology, leaves little room for IT Professional to quickly find solutions for problems. A reliance on products with known vulnerabilities allows entrance into networks and personal computers before programmers are able to create a patch.
Impact on BusinessEdit
The downtime required to repair networks that have been attacked, may harm the business's productivity, revenue, financial performance and damage the companies reputation. The impact on business may range from low to extreme impact. For example downtime that has minor impact on business may mean that minimal amount of systems are affected.While on the other side of the coin is the extreme impact on business,the company's future is at stake and cost of recover is inconsequential. Here is a list of cost involved of downtime:
- Direct Losses
- Loss of future earnings
- Billing losses of revenue
- Cash flow
- Stock price
- Overtime costs
- Loss of reputation
Prevention and DetectionEdit
A firewall guards the companies network from outside intrusion and to prevent employees from accessing prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures. For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise.
Intrusion protection system is software or hardware that monitors system resources, it identifies possible intrusions into the system from either within or outside of the organization.there are three types of intrusion systems:
- NIDS (Network intrusion detection system) identifies intrusions through network traffic and monitors multiple hosts.
- HIDS (Host based intrusion detection system) identifies intrusions by reviewing host activities.
- SIDS (Stack based intrusion system) examines packets as they pass through the TCP/IP stack.
A company's network is a means of communication and sharing of information. However it comes under attack everyday by professional or novice hackers with intention to use company information or databases for their own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in the company. When performing your audit you will use any security policy that your organization has as a basis for the work you are undertaking. You need to treat the policy initially as a threat. The Security Audit is a policy based monitoring of existing procedures and practices of sites and accessing the risk associated by these actions. There are a number of steps that need to be performed in order to complete a security audit. For example:
- Review policy and documents
- Discussion (interviews)
- Technical Investigation
- Report Presentation
- Post Audit actions
To address issues related to security of company's network auditing is one of the many steps need to be taken by a company.
Types of AuditsEdit
Self Audit (Informal Audit): Every company has few servers providing services to the company. To monitor these processes every company develops some type of self-audit process to follow on regular basis. Some companies have software to monitor all the process and then register entire logs to be evaluated later by professionals. Based on these audit results if a bad on incorrect event is detected, you can even have the event undone and the initiator’s account event locked out. The collectors will send all the daily logs to a consolidator once a day where you will be able to create numerous reports and graphs surrounding your security events. You can also use this for Trends and Analysis.
Information technology Audits (Formal IT Audit; Formal Auditing is mostly done by companies like KPMG, Deloitte and other auditing firms): The purpose of an internal audit is to provide operations management with an independent review of the adequacy and effectiveness of the operations’ internal controls. The IT audit is basically external auditing in which external auditors will be hired to perform all the required auditing operations. These auditors contact internal auditing department and make their auditing requirements known to the company. At the conclusion of the audit, usually an oral report is conducted with the management, accompanied by a written report. At this time the company must plan actions to take in response to the report or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all the concerned individuals should meet to discuss that what actions issues will arise from it and what steps need to be taken to take care of it.
- Page, Pam “Security Auditing: A Continuous Process” SANS Institute InfoSec Reading Room 24 May 2003 accessed 7/30/2013 at http://www.sans.org/reading_room/whitepapers/auditing/security-auditing-continuous-process_1150
- Kapp, Justin “How to conduct a security audit” PC Network Advisor Issue 120 (July 2000) Page 3 accessed 7/30/2013 at http://png.techsupportalert.com/pdf/t04123.pdf