Most of us can probably recall a serious data network breach fairly recently, and those breaches were against large companies who we expect to deploy the most up to date network security procedures Ethical Hacking.
The problem is that every company large or small receives advice on how to secure their network, but I am afraid to say that in quite a number of cases security policies are not always implemented as you would expect.Why are full security polices not implemented? It could be a matter of cost, the inhability of IT staff to recognise the dangers and sometimes it is purely down to complacency where a company assumes that because its network has not received a serious security breach then it probably never will.Threats to a network come in many shapes and sizes:VirusA computer virus comes under the heading of malware, where the virus integrates itself with another program and is usually able to replicate itself so as to be able to spread from one computer system to another. The effects of a computer virus can vary from mildly annoying symptoms to corruption or removal of data from the infected computer system. There is normally an executable file associated with a virus which often requires a user to execute that file. It is a well documented fact that viruses are often introduced to a system by means of an email, transferring files from a disk or sharing files across a network. Worms and Trojans can often be categorized as viruses.AdwareAdware as the name suggests are programs that are designed to display advertisements on a users computer, or to redirect a user's browser to a website displaying adverts. Some adware is even designed to collect data about the user's system, often with little indication to the user of what is happening.Often adware is introduced to a computer system via some for of free or shared computer programs (freeware and shareware), or through the use of websites that have been infected with the adware programs. Sometimes you notice that your browser has actually been hijacked and no matter what you do, it is intent on landing on a particular webpage. The good thing is that adware can usually be removed quite easily, but can still be a nuisance initially.Dos (Denial of Service)As it's name clearly states, the purpose of DoS is to seriously inhibit or completely shut down a network service or the network itself. This is often achieved by overwhelming a target machine with bogus requests so that genuine requests cannot be actioned, and therefore rendering the service unusable. Web servers or email servers are often the intended victims, particularly those run by large commercial organisations. There a number of well known DoS attacks:SYN attacks exploit the 3-way handshake that precedes a TCP connection by sending a request for a connection, but never completing that connection. Eventually all the TCP ports used for the service are in use and genuine users cannot make a connection with the server.ICMP Flooding operates by flooding a network with ping packets that require responses, therefore using up valuable network resources and eventually exhausting those services.Buffer Overflow attacks target specific network devices or programs with excessive traffic causing the system to hang or shut down altogether under the sheer weight of traffic.Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can't be accessed or used. A particularly effective DoS attack is one that is distributed, meaning that a system is attacked from many machines in multiple locations, therefore increasing the capacity of the attack.HackersHackers merely exploit vulnerabilities and weaknesses in computer networks or systems. Motives behind hacking are many and varied, the most common being to steal or compromise an organisations information, embarrass an organisation or merely hack a system for the prestige amongst peer hackers.Identity TheftWhere a computer system can be hacked to obtain sensitive information about users such as names, date of birth, addresses. The identity theft itself can then be used as the basis for fraudulent activity such as:• Opening a bank account
• Ordering goods in another person's name
• Access or take over a genuine user's bank account
• Obtaining a passport or other identity document such as a driving licence.
• Obtaining a loan or credit agreementIdentity theft can often make life miserable for the intended victims as they can notice goods ordered in their name, mounting debt in their name which can affect credit scores and render an individual unable to take out credit such as a mortgage.