More Conventional IT Security Terrorism
Perhaps it is time that we begin to look at IT security threats in the same light of terrorist attacked. Those that unleash computer viruses or hack into computer systems are clearly implementing another form of terrorism. This series of articles examines various aspects of these threats. The information is extracted from the book The Ultimate Windows 2000 Administration Guide (Addison Wesley, 2000). Although some of the text is focused on Microsoft enterprise environments, the principles broadly address other operating system environments.
Security breaches compromise protocols, services, permission settings, readable network data, downloadable components, and e-mail messages. Practically every feature on the operating system can be used against it, which is why it must be secured against outside "crackers"or criminal hackers.
Protecting against malicious outside attacks is only one aspect of a totally secure program. Authorized users are also the cause of purposeful or inadvertent data destruction or even system crashes. A proper framework must include control over hardware and file system access, data archives and restoration, and data transmission.
Security vulnerabilities can result in a number of crippling results. The user is denied service when a system is crashed, damaged, or taxed so that it cannot perform intended duties. Data corruption can cost both time and money. The invasion of privacy through improper sniffing or other forms of intrusion can result in the loss of confidential information. A common hacker practice, known as spoofing, permits an unauthorized user to pretend to be another person or service. Finally, physical security breaches can result in the theft of equipment or sensitive data.