The Need for Security

The Need for Security

23:49

The Need for Security
Administrators normally find that putting together a security policy that restricts both users and attacks is time consuming and costly. Users also become disgruntled at the heavy security policies making their work difficult for no discernable reason, causing bad politics within the company. Planning an audit policy on huge networks takes up both server resources and time, and often administrators take no note of the audited events. A common attitude among users is that if no secret work is being performed, why bother implementing security.
There is a price to pay when a half-hearted security plan is put into action. It can result in unexpected disaster. A password policy that allows users to use blank or weak passwords is a hacker's paradise. No firewall or proxy protection between the organization's private local area network (LAN) and the public Internet makes the company a target for cyber crime.
Organizations will need to determine the price they are willing to pay in order to protect data and other assets. This cost must be weighed against the costs of losing information and hardware and disrupting services. The idea is to find the correct balance. If the data needs minimal protection and the loss of that data is not going to cost the company, then the cost of protecting that data will be less. If the data is sensitive and needs maximum protection, then the opposite is normally true.

Security Threats

Introduction

The first part of this section outlines security threats and briefly describes the methods, tools, and techniques that intruders use to exploit vulnerabilities in systems to achieve their goals. The section discusses a theoretical model and provides some real life scenarios. The appendixes give detailed analyses of the various aspects and components that are discussed in this section.
Security Threats, Attacks, and Vulnerabilities
Information is the key asset in most organizations. Companies gain a competitive advantage by knowing how to use that information. The threat comes from others who would like to acquire the information or limit business opportunities by interfering with normal business processes.
The object of security is to protect valuable or sensitive organizational information while making it readily available. Attackers trying to harm a system or disrupt normal business operations exploit vulnerabilities by using various techniques, methods, and tools. System administrators need to understand the various aspects of security to develop measures and policies to protect assets and limit their vulnerabilities.
Attackers generally have motives or goals—for example, to disrupt normal business operations or steal information. To achieve these motives or goals, they use various methods, tools, and techniques to exploit vulnerabilities in a computer system or security policy and controls.
Goal + Method + Vulnerabilities = Attack. These aspects will be discussed in more detail later in this section.
Security Threats
Figure 1 introduces a layout that can be used to break up security threats into different areas.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)