Threats
no one is excluded
Computer crime can affect everyone. The motivations to penetrate other people's computers or networks are diverse and have changed in recent years. One of the original motivations was technical ambition on the part of hackers to make the headlines in the world press. Today it is more a question of professional corporate espionage, sabotage and fraud. In general commercial interests are a factor, for example selling purloined data, using stolen credit card numbers, ruining the competition etc.
Research confirms on average that 12 minutes after a corporate network goes online hackers are trying to reach the corporate data. An additional threat to your data is posed by eavesdropping secret services eavesdropping. The US secret service NSA has a stationary interception facility in Menwith Hill (England). On a world-wide basis this system fishes out of the ether anything that is of interest to the US. All data is analyzed by the US secret service. Information relevant to the economy is forwarded to American companies and organizations. It is clear that all European E-mails, telephone calls, faxes, and data transfers are monitored with this Echelon System.
The attack points are the security loopholes inherent in computers and networks. It follows that there is a wide variety of methods for unauthorized access to a corporate network. Some of these are:
- Exploiting program errors in operating systems or applications.
- Exploiting configuration errors in complex access and security systems.
- Monitoring of unencrypted user names and passwords.
- Falsifying IP addresses (IP Spoofing).
- Misuse of routing mechanisms and protocols. Intercepting data packets and rerouting them to other computers (Man-in-the-Middle).
Whether an important electronic document even made it to its addressee at all, or whether the received text agrees with the original could be verified with a follow-up phone call. In practice however this rarely occurs. For instance the sender wonders why his attractive offer was rejected. But neither side realizes that a malicious third party has manipulated the document and for example has modified an important digit to represent a higher number.
The principle risks for the data itself are that it can be
- Intercepted,
- Manipulated,
- or masked, this means that it appears to have been created under a false identity.
NCP Security Management has all the requisite features that guarantee the three principle requirements of security solutions.
- Confidentiality
- Integrity
- Authenticity / Liability
Here is an overview of protection goals and the basic functions required to achieve them:
