The insecurity of computer systems and networks goes much further than the well-known computer viruses, and has now become a priority. In the networked world, the new generation of vandals and data thugs do not need to have physical contact with the victim. Data can be easily copied, transmitted, modified or destroyed. As a result, the scene of crime is a particularly difficult one: there are no traces, identification of the culprits is nearly impossible, apprehension even more so and the legal framework does not make adequate provision for justice in this kind of crime.
The real-time nature of the Internet adds a further dimension to crime: it’s instantaneous.
While many causes exist for security problems, at least three types of fundamental weaknesses open the door to security problems.
Obviously, we could probably add human weakness and some others, but our purpose is to concentrate on those issues that, once recognized, can be managed, monitored, and improved within a security strategy.
Every technology has some known or unknown inherent weaknesses, or vulnerabilities that can be exploited by a sufficiently motivated troublemaker. Some weaknesses are publicized widely in the media because they are associated with a well-known product. Don’t fall into the faulty logic that because you don’t hear about the other products, they must be secure. The fact that no one cares enough to hack a product does not mean that it is necessarily secure.
Among others, we can mention the following weaknesses:
Policy weakness is a catchall phrase for company policies, or a lack of policies, that inadvertently lead to security threats to the network system. The following examples are some of the policy issues that can negatively impact a business’s computer system:
Many network devices have default settings that emphasize performance or ease of installation without regard for security issues. Installation without adequate attention to correcting these settings could create serious potential problems. Some common configuration issues include the following:
Monitoring vendor announcements and advisories, combined with industry news services, can identify the most common, best-known vulnerabilities and often include the appropriate mitigation solution.