Understanding the Risks - HTML

Putting content on the Web is fairly simple, yet the security risks of doing so can be numerous and complex. This section highlights some of the more common risks and, where applicable, suggests solutions.

Theft of confidential information
One of the major risks of the Internet is theft of information. Whether it be information of a personal nature to yourself, your company, or personal information you have gathered and stored about others.The easiest solution to prevent theft of confidential information is not to provide any access to it. Although that isn’t always practical, you should be especially careful with other people’s information.

Vandalism and defacement
One of the latest trends in cyber hacking is vandalism and defacement. Just as in the real world, vandals can wreak havoc on your site—changing documents, creating virtual graffiti, and more.

Denial of service
Denial of service (DOS) attacks are attempts (and usually successes) at overloading a server with bogus requests. The volume of requests keeps the server from replying to legitimate requests and, in some cases, can even crash the server.

The attacks can originate from distinct hacker locations, or from unsuspecting computers that have been infected with viruses that spawn the attacks. The intent is simple: stop the target site from being able to perform its normal tasks.

Some of the largest DOS attacks were leveled against the SCO Web site in December 2003 and January 2004. The attack shut down many of the SCO servers for two days. The attack originated from computers all over the Internet that had been infected by the MyDoom virus.

Unfortunately, DOS attacks can have unexpected results, as the massive traffic can affect other sites or even entire sections of the Internet.

Loss of data
Loss of data is straightforward and involves data files being damaged or deleted from a server. Loss of data can also result from interruptions in service or the loss of communication with other systems or customers that causes data to not be stored in the first place.

Data loss can be slight or catastrophic. Data that is routinely backed up can usually be restored without much lasting impact. However, data that doesn’t get stored at all, or data that isn’t routinely backed up cannot be replaced. Such losses can even result in loss of assets if the loss affects other resources.

Loss of assets
Many attacks on Internet servers result in loss of assets, which ties to actual revenue. Such attacks could result in the following:

  • DOS attack that results in a loss of sales (due to a server being unavailable to take orders)
  • Loss of proprietary product data
  • A situation that requires large amounts of technical resources to solve, costing actual money and time as technicians work on the situation

All of the cases in the preceding list result in a loss of assets, whether hard assets (money) or soft assets (people, time).

Loss of credibility and reputation
Victims of attacks stand to lose a lot more than data or assets—their credibility and reputation are also at stake. Losing either of those attributes creates a domino effect that could cause even more losses. Customers who can’t access a site due to a DOS attack may not return to give the site their business. Customers also are leery of sites that are victims of break-ins or data theft, fearing that their information (contact info, credit card info, and so on) might fall into the wrong hands.

Even sites that fully recover their resources and assets after an attack might never recover their credibility and reputation.

Litigation
Unfortunately, litigation in cyberspace is still in its infancy. Because the U.S. legal system works on precedent and there aren’t many cyberspace precedents set, the system doesn’t have the necessary background to make educated decisions. A side effect of this lack of precedents is that the legal system tends to move cautiously, as any decision will set precedent for later issues.

This doesn’t deter litigation in cyberspace, but it does complicate it.Furthermore, most crime that takes place on the Internet takes place through proxies. For example, DOS attacks are usually carried out via unsuspecting computers that were infected by worms or viruses. Also, most hackers perform their work by logging into one site and using that site to log into their target. The result is that a lot of unsuspecting people are held accountable for actions that they did not commit and inherit the burden of proving their innocence.

In short, litigation on the Internet and other computer-related areas is still a tricky business. As such, it behooves anyone using the Internet or who runs a server to employ as much caution and security as possible.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

HTML Topics