Protecting People and Information: Threats and Safeguards
In this contemporary era, we are living in a world that rotates around "Information Economy." This means that the wheels of the world no longer run predominantly on agricultural products or merchandise. The secret of surviving in the present days is the creation and propagation of information (Hill & Pemberton, 1995).
Information is vital for the continuous functioning of every venture. Today, information has been converted into a purchasable, profit-making and vandalized product. It has been notified in a report too that "corporate data is gold in this information age, and organizations have to understand how to protect it just as they would protect precious metals." This brings one to the absolute conclusion that the protection of information is exceedingly important as it is an asset just like the workforce, equipments or resources are for an organization (Hill & Pemberton, 1995). The necessity of security has existed from the time when the first computer was introduced. However, the new times have seen a shift in the paradigm. Terminal server mainframe systems modified to client/server systems and the latter changed to Internet. Securing data was not a particular issue during the era when mainframe systems were used widely. On the contrary, innumerable new security problems emerged with the development of client/server technology. The significance of access to networks, systems and files for countless tasks grew with the passage of time especially in the companies. New technologies such as data encryption, granular access control and single sign-on were developed in order to secure the data and make it non-public. This was done so that sensitive information could not be accessed by any unknown individual. On the other hand, circumvention and misuse of these newly introduced technologies and security products also began as expected. It was the phase when operating systems like Windows NT and UNIX turned out to be the most reliable of the management information systems (Andress, 2003, p. 1).
The repute, branding and broad-spectrum corporate image of a company can be overwhelmingly affected due to security infringements. This is important as rebuilding intangible assets is far difficult than reconstructing physical assets (Andress, 2003, p. 4). However, it must be well understood that securing information is not the only solution. It is an unending and all-encompassing process which needs constant reviews and revisions. It is a zenith in which all the three important components of a corporate environment i.e. people, process and technology interact. This must be remembered that security products are not to be depended on entirely. They are just a single puzzle piece. It is required that strategies and measures be introduced with proper analysis and preparation. All these things must be implemented along with security products to build an effective security infrastructure (Andress, 2003, p. 5).
It is important to know about the types of attacks against which the systems need to be protected. Such knowledge can be helpful in building an appropriate and efficient security infrastructure. There are three types of attacks that are needed to be worried about: Denial of Service (DoS), Intrusion and Information Theft (Andress, 2003, p. 6).
DoS attacks are generally the ones which are deliberate and malicious to harm a particular network or system (Andress, 2003, p. 7). However, some DoS attacks can be accidental in case when configuration errors occur or network is used inappropriately (Andress, 2003, p. 8). Intentional DoS attacks can prevent the user(s) from using computing services like mail, Web or database servers. It can also deprive an organization from using its anticipated resources. A DoS attack can be easily created by programs such as Trinoo and Tribe Flood which are available to all Internet users. These programs allow a person to target a specific company or organization who might want to take revenge due to some personal grudge etc. DoS attacks also include system rebooting or the lockage of an account after multiple unsuccessful login tries. Both these attempts of DoS attacks make it unable for the real user to access his/her account (Andress, 2003, p. 7). The most widespread kind of DoS attacks is the Buffer Overflows; the best example of which is the "Ping of Death" attack. SYN Attack and Teardrop Attack are the other common examples of DoS attack (Andress, 2003, p. 8).
When an attacker is able to gain access to any other system and use its resources, such attacks are called Intrusion Attacks. Such attacks…