Intruders may be classified as: Hackers: These are seemingly harmless persons. Their main intention is to seek information rather than causing harm. They may also have the intention to prove that a particular site is not secure. Those who hacked the Microsoft site are examples of these sort of persons. Crackers: These cause real harm/damage to the sites by destroying data or tampering with them. Freakers: These specialise in breaking into telephone networks and can cause substantial damage by tampering with billings and metering. Why is the Internet vulnerable? Many early network protocols that now form part of the Internet infrastructure were designed without security in mind. Without a fundamentally secure infrastructure, network defence becomes more difficult. Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and emerging technology. Because of the inherent openness of the Internet and the original design of the protocols, Internet attacks in general are quick, easy, inexpensive and may be hard to detect or trace. An attacker does not have to be physically present to carry out the attack. In fact, many attacks can be launched readily from anywhere in the world and the location of the attacker can easily be hidden. Even so, many sites place unwarranted trust on the Internet. It is common for sites to be unaware of the risks or unconcerned about the amount of trust they place on the Internet. They may not be aware of what can happen to their information and systems. They may believe that their site will not be a target or that precautions they have taken are sufficient. Because the technology is constantly changing and intruders constantly develop new tools and techniques solutions do not remain effective indefinitely. It is necessary for companies to constantly introduce newer security measures as often as possible. Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of the network, accompanied by rapid development of network services involving complex applications. Often, these services aren’t designed, configured or maintained securely. Compounding the problem, operating system security is rarely a purchase criterion. Commercial OS vendors often report that sales are driven by customer demand for performance, price, ease-of use, maintenance and support. As a result, off-the-shelf operating system is shipped in an easy-to-use but insecure configuration that allow sites to use the system soon after installation. These hosts/sites are often not fully
configured from a security perspective before connecting. The lack of
secure configuration makes them vulnerable to attacks, which sometimes
occur within minutes of connection. Finally the explosive growth of the
Internet has expanded the need for well-trained and experienced people
to engineer and manage the network in a secure manner. |