E-Commerce Security:  Attacks and Preventive Strategies

There are two types of attacks to your network. Nontechnical attacks are those that use a perpetrator which uses persuasion to trick people into revealing sensitive information or performing actions that can be use to compromise the security of a network. These attacks are also called Social Engineering. I believe that human error, uneducated users, and employees or former employees with malicious intentions are the largest and most costly type of attack that a network will be subjected to.
Technical attacks are perpetrated using software and systems knowledge or expertise. An expert hacker often uses a methodical approach. Several software tools are readily and freely available the Internet that enables the hacker to expose a system’s vulnerabilities. Denial-of-Service (DDoS) attacks are well known and have affected the lives of millions, and malicious code attacks (viruses, worms, and Trojan horses).
As wireless technology gains popularity, network security issues continue to multiply. However, wireless connectivity isn't the only major concern for IT managers; corporate workers pose heightened threats from within enterprise structures.
One of the most productive — and abused — communication tools in the workplace is instant messaging. IM applications pose new risks for unauthorized passage around firewalls. E-mail, too, is pushing safety concerns to the limit on medium and large corporate networks.
According to Paul Brady, president and COO of security firm Mazu Networks, based on customer response, the No. 1 problem is worm intrusions. In the wake of these growing worm and insider attacks comes increasing government involvement in network security.
A recent extensive review of security posed by internal threats concludes that the majority of U.S.-based organizations are still at considerable risk of exploit.
Corporations typically design their network security around the belief that external networks present the most risk to an organization's critical infrastructure. Thus, most organization's security technologies concentrate on performing border patrol activities through firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).
Such systems look closely at suspicious incoming network packets. The goal is to pass through so-called good traffic and to block any discovered malicious code.
"Security technology has evolved around fortifying the perimeter. But 90 percent of what people are trying to protect is internal," Brady told TechNewsWorld.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s