Learn What To Fear, And Then Get Some Protection

The first and perhaps most important step in constructing a network security strategy is understanding precisely what must be defended, and what it must be defended against.

The first and perhaps most important step in constructing a network security strategy is understanding precisely what must be defended, and what it must be defended against. Every enterprise is different in this regard; one companys survival may rely entirely on keeping certain information secret, while another may be indifferent to data security so long as its servers remain online and accessible by the public. Without a clear set of priorities specific to a given network, administrators are forced to spread their resources thin, leaving unimportant targets overdefended and critical ones vulnerable.

Defacement is an attack designed to alter or replace data in a Web page. Defacements are among the easiest attacks to pull off and are obvious to the public; as a result, they are very common, widely publicized and greatly feared. In practice, however, they cause little or no damage to network functionality and are extremely easy to repair. In essence, they amount to the online equivalent of graffiti—annoying and ugly, but not a serious threat.

A denial of service (DOS) attack attempts to block legitimate users from accessing network resources. DOS attacks came to the publics attention in February 2000 when a Canadian teenager effectively knocked a number of high-profile Web sites off-line by flooding them with spurious traffic; similarly, the "Code Red" worm, "Melissa" and the "Love Bug" did most of their damage by tying up network bandwidth and e-mail or Web servers. While they are often disruptive and costly, DOS attacks tend to be short-lived and restricted to services easily accessible by the public. As a result, they are primarily a threat to time-sensitive transactions or services that require extremely high availability.

Data theft is the unauthorized accessing of information stored on a network; this attack is probably the single most underappreciated security threat. Almost every enterprise keeps a great deal of data that could prove extremely damaging if released to competitors or the public, including client lists, financial information and human resources data. Data theft can continue over a long period of time. For example, a competitor may use ongoing data theft to monitor a companys client negotiations or financial health.

The use of data loss as an attack is also widely overlooked, extremely easy for even novice attackers, and has the potential to do enormous damage under the right circumstances. In 1996, for example, Omega Engineering suffered more than $12 million in losses when a disgruntled former employee deleted almost all of the companys custom manufacturing software. While frequent secure backups are an effective defense against these attacks, they are typically neglected in most networks; Omegas attacker simply took off with the backups when he was fired.

Keep in mind that this is only a basic list of the most common types of damage caused in the most typical of security breaches; a knowledgeable and persistent attacker can use subtle data modification and control of network resources to inflict damage that could prove almost impossible to detect or repair. Similarly, it is important to keep in mind the indirect effects of an attack: damage to reputation, public trust and business relationships. As courts and legislatures become increasingly involved, legal liability also will become a major—possibly the preeminent—risk. Know your networks specific needs, and you can make the best use of the defenses available.