The first and perhaps most important step in constructing a network security
strategy is understanding precisely what must be defended, and what it must
be defended against.
Every enterprise is different in this regard; one company's survival may rely
entirely on keeping certain information secret, while another may be indifferent
to data security so long as its servers remain online and accessible by the
public. Without a clear set of priorities specific to a given network, administrators
are forced to spread their resources thin, leaving unimportant targets overdefended
and critical ones vulnerable.
Defacement is an attack designed to alter or replace data in a Web page. Defacements
are among the easiest attacks to pull off and are obvious to the public; as
a result, they are very common, widely publicized and greatly feared. In practice,
however, they cause little or no damage to network functionality and are extremely
easy to repair. In essence, they amount to the online equivalent of graffiti—annoying
and ugly, but not a serious threat.
A denial of service (DOS) attack attempts to block legitimate users from accessing
network resources. DOS attacks came to the public's attention in February 2000
when a Canadian teenager effectively knocked a number of high-profile Web sites
off-line by flooding them with spurious traffic; similarly, the "Code Red"
worm, "Melissa" and the "Love Bug" did most of their damage
by tying up network bandwidth and e-mail or Web servers. While they are often
disruptive and costly, DOS attacks tend to be short-lived and restricted to
services easily accessible by the public. As a result, they are primarily a
threat to time-sensitive transactions or services that require extremely high
Data theft is the unauthorized accessing of information stored on a network;
this attack is probably the single most underappreciated security threat. Almost
every enterprise keeps a great deal of data that could prove extremely damaging
if released to competitors or the public, including client lists, financial
information and human resources data. Data theft can continue over a long period
of time. For example, a competitor may use ongoing data theft to monitor a company's
client negotiations or financial health.
The use of data loss as an attack is also widely overlooked, extremely easy
for even novice attackers, and has the potential to do enormous damage under
the right circumstances. In 1996, for example, Omega Engineering suffered more
than US$12 million in losses when a disgruntled former employee deleted almost
all of the company's custom manufacturing software. While frequent secure backups
are an effective defense against these attacks, they are typically neglected
in most networks; Omega's attacker simply took off with the backups when he
Keep in mind that this is only a basic list of the most common types of damage
caused in the most typical of security breaches; a knowledgeable and persistent
attacker can use subtle data modification and control of network resources to
inflict damage that could prove almost impossible to detect or repair. Similarly,
it is important to keep in mind the indirect effects of an attack: damage to
reputation, public trust and business relationships. As courts and legislatures
become increasingly involved, legal liability also will become a major—possibly
the preeminent—risk. Know your network's specific needs, and you can make
the best use of the defenses available.