- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
In a global corporate security stance, keeping an eye on threats correlative to which ones are relevant to you is extremely important, and here's what you need to know. Threats come in two varieties:
Both demand awareness. This does not mean that you need to become a regular at Black Hat or Def Con conventions or read 2600 magazine. In fact, you do not even need to know that the lingua franca of the hacking underground is Portuguesethe most active hacking collectives are located in Brazil. However, your global security team does need to stay current. If you run UNIX BSD and there exists a new UNIX BSD threat posted by rya (Rooting Your Admin), you will need to act.
Newest Hacking Threats in Business Terms
DoS attacks Hackers are now using "standard" viruses to launch denial-of-service (DoS) attacks on specific companies or industries. Computers by the thousands are being turned into unwitting zombie machines, ready to launch coordinated attacks against anyone who is targeted by the latest hacker. Examples include MyDoom and Slammer (the latter of which targeted banks).
Black holing Another type of hacker attack is black holing, which I call corporate identity theft. Someone completely out of your control can issue a command to many of the routers that make up the backbone of the Internet. Anyone who tries to link to your site through one of these routers will be redirected to the hacker's siteeither a black hole of empty space or a fake site that looks just like yours that was designed to entice customers into typing their ID and password.
Mail spoofing Mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.
War driving The use of wireless technology is a great timesaver, and easy for companies to use. A lot of companies have it without even realizing it. War driving enables people to drive down the street with a $100 antenna and tap right into your organizational lifeblood, tap right into your intranet and your internal networks. It is like dropping a wire outside your office window down to the street with a big sign that says "Plug In Here."