Fifty years ago, few people had access to a computer system or network and securing them was a relatively easy matter.
There are many different ways to attack computers and networks to take advantage of what has made shopping, banking, investment, and leisure pursuits a simple matter of “dragging and clicking” for many people.
The different types of electronic crime fall into two main categories:crimes in which the computer was the target of the attack, and incidents in which the computer was a means of perpetrating a criminal act.
There are a number of different threats to security, including viruses and worms, intruders, insiders, criminal organizations, terrorists, and information warfare conducted by foreign countries.
The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from large mainframes to a highly interconnected network of much smaller systems.
One significant trend observed over the last several years has been the increase in the number of non-affiliated intruders as opposed to attacks by organized “hacking groups,” criminal organizations, or nations.
Avenues of Attack
There are two general reasons a particular computer system is attacked:it is specifically targeted by the attacker, or it is a target of opportunity.
Targeted attacks are more difficult and take more time than attacks on a target of opportunity.
The steps an attacker takes in attempting to penetrate a targeted network are similar to the ones that a security consultant performing a penetration test would take.
A ping sweep simply sends a “ping” (an ICMP echo request) to the target machine.
A port scan will help identify which ports are open, thus giving an indication of which services may be running on the targeted machine.
Numerous web sites exist that provide information on vulnerabilities in specific application programs and operating systems.
The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed.
To learn more about the book this website supports, please visit its Information Center.