IEC 818 SECTION 2 ©

Prevention, Detection, Reaction
Internal Threats
Logic bombs
Risks with Business Partners
Business Partners may pass on viruses
Types of attacks
- Criminal Attacks
- Privacy Violations
    - Traffic Analysis
- Publicity Attacks
- Legal Attacks
Virus Protection
Viruses and web browsers
Denial of Service
White House DNS attack
Intranet risks

changes last made to this page 2001, Aug 01

In Section Two we will use material from the following texts
 
Chpt 5
Chpt 2
Chpt 3
Chpt 4
Chpt 1
Chpt 2
course author:Tim Richardson
 
 
. Learning Objectives for Section 2

Section 2 is organized to 

After completing this section participants will be able to

  • understand that good security involves more than just prevention
  • identify what a company can do beyond prevention
    • detection
    • reaction
  • identify the risks of insecure systems faced by business partners
  • appreciate that business partners can pass on vulnerabilities to your clients
  • differentiate between the relative risk benefits of intranets, extranets and the Internet
  • understand the risk management paradigm and methodology
  • differentiate between control weakness and control risk
.
Secrets & Lies: Digital Security in a Networked  World
Schneier talking about the "relationship between prevention, detection and reaction.

"Good security encompasses all three"
  • prevention - facilities and systems to prevent people getting in and taking information
  • detection - to find out if anybody has gotten in, and compromised important information or processes
  • reaction - to allow the "bad guys" to be identified and their activity stopped
Schneier points out widely that "digital security tends to reply wholly on prevention: cryptography, firewalls and so forth. There's generally no detection, and there's almost never any response or auditing"
 
. Schneier's statement about the relationship between prevention, detection and reaction is very important. The reason it is important is that most companies are focusing on e-commerce security by spending money to develop firewalls, filtering etc. - but if someone is successful in getting past that - very few organizations will know about it.

This is like putting steel bars on your patio sliding doors hoping your house will not be broken into - but not knowing whether or not someone has snuck in through a basement window.

Security doesn't work - if you cannot determine if it is working !!!

.
.

Chpt 5
 
 
 
 
 
 
 
 


Chpt 5
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


Chpt 5
 
 
 
 
 
 
 
 
 
 

 

"Electronic Commerce": Greenstein & Feinman, Chpt 5 The Risks of Insecure Systems

the powerpoints for Chpt 5 can be obtained from
http://homepages.cambrianc.on.ca/timrichardson/ecommerce/ECP1220/greensteinchap5.ppt
 
 

Before you begin reading Chapter 5 in the Greenstein book, it would be a good idea to go to the website for the book and scan through the online list of "Key Terms"

clicking on the screen capture to the right will take you directly to this "glossary"

http://www.mhhe.com/business/accounting/greenstein/keyterms.mhtml#five
Page 133 Greenstein Text

"Until recently, most information security breaches were initiated by insiders. However a study by the CSI Computer Security Institute and FBI indicates that this trend is rapidly changing. The findings indicate that the number of external attacks is growing because if the increased use of the Internet"

Overview of Risks Associated with Internet Transactions
Greenstein page 135

  • Internet Associated Risks
    • Risks to Customers
    • Risks to Selling Agents and Vendors
  • Intranet Associated Risks
    • Sabotage by Employees
    • former employees
    • threats from current employees
    • social engineering
  • B2B Risks

  • risks associated with transactions between business partners
    • Data Interception
  • Archives

  • risks associated with confidentially-maintained archival, master file and reference data
  • Viruses

  • risks associated with viruses and malicious code overflows
    (in addition to the information in the Greenstein text, scroll down to viruses)
    • trojan horses
    • hoaxes
    • buffer overflows
    • denial of service
.
 

Chpt 3

Types of
Attacks
 
 
 
 
 
 
 
 
 
 


Chpt 3

Types of
Attacks

Secrets & Lies: Digital Security in a Networked  World
by Bruce Schneier

Chpt 3 Attacks
 
. Schneier's third chapter in the book is an excellent overview of the different classes of attacks. You are strongly encouraged to read the entire chapter. The main themes, summarized in point form, are arranged below.
.
  • Criminal Attacks
    • fraud
    • scams
    • destructive attacks
    • intellectual property attacks 
      • piracy
      • unauthorized copy of text and images from one site to another
    • identity theft
    • brand theft
    • prosecution
  • Privacy Violations
    • data harvesting
    • surveillance
    • databases
    • traffic analysis
    • massive electronic surveillance
  • Publicity Attacks
    • denial of service attacks
    • defacing web pages
  • Legal Attacks
.
 

Chpt 3

Types of
Attacks

- Frauds

In addition to the resources of the National Consumers League, you can also access the web page of the National Fraud Information Center. The NFIC also has a special section on their web site dealing with Internet Fraud
 www.fraud.org
http://www.fraud.org/
In their own words "Internet Fraud Watch was launched in March of 1996 enabling the NFIC to expand its services to help consumers distinguish between legitimate and fraudulent promotions in cyberspace and route reports of suspected fraud to the appropriate law enforcement agencies. "
 
. The NFIC web site is very extensive and you should time looking at the various links and read about some of the types of scams and frauds.

They also have an "Internet Tips" page which is simply worded, but useful.

You could earn some class contribution points by thoroughly reviewing this site and picking out some additional information which could be added in to this ECP 1220 page.

.
.
 

Chpt 3

Types of
Attacks

- Scams

Scams
Schneier quotes the National Consumers League (Chpt 3, page 24)
"the five most common online scams are
  • sale of internet services
  • sale of general merchandise
  • auctions
  • pyramid and multi-level marketing schemes
  • business opportunities"
  • .
    the National Consumers League (Chpt 3, page 24)
    http://www.natlconsumersleague.org/essentials/index.html
    It would be very worthwhile for ECP participants to spend some time on this site since
    it has some links and tips that are helpful
    .

    Privacy Violations

    In many countries, people do not own the information which is collected about them, that is to say, their personal data.

    This information is considered the property of whatever credit card company, insurance firm, educational institution that collected the information.

    As a consequence of some outrageous violations of collecting and disseminating personal information, Canada, New Zealand and other countries have enacted tough laws which are binding on the companies that collect and pass on personal profile information (which we noted in Section 1 of this course when we presented the federal and provincial legislation dealing with this).

    Privacy violations are not, strictly speaking, criminal activity, but, depending on what is done with the information, it can be used for criminal purposes - such as assuming an identity for the purposes of obtaining credit, which could then be used to fraudulently buy products and services.

    As a person studying ECP 1220, it would be your responsibility to understand that protecting the private personal information of people that have data held within your firm's IT systems, is critical to conduct effectively and without risk.

    .

    Chpt 3

    Types of
    Attacks

    - Privacy Violations

    Privacy Violations

    Schneier, page 29
    "There are two types of privacy violations 

    • Targeted Attacks, and
    • Data Harvesting"
    Targeted Attacks
    If the attacker wants to know everything about 
    • a person, it is called stalking
    • a company, it is called industrial espionage and corporate intelligence
    • a country, it is called  national intelligence gathering, or spying
    Data Harvesting
    As Schneier says, "this attack harnesses the power of correlation"

    Data harvesting is only worthwhile doing if it can be automated, and computers allow the automation process to be done very effectively. Using good cryptography will thwart harvesters since they will not be easily able to identify if what they are looking for is in the target they are attacking.
     

    .
     

    Chpt 3

    Types of
    Attacks
    - Traffic Analysis
     
     
     
     
     
     
     
     
     
     


    Chpt 3

    Types of
    Attacks
    - Traffic Analysis

     

    Secrets & Lies: Digital Security in a Networked  World
    by Bruce Schneier
    Chpt 3 Attacks
    • Privacy Violations
      • traffic analysis
    "Traffic analysis is the study of communication patterns. Not the content of the messages themselves, but characteristics about them"
     
    . Explanation:

    If Joe sends a long message to Bill, then Bill sends a short reply back to Joe, and additionally a long message to Sue, Kevin, Greg and Alice, then we can assume there is some degree of hiearchy in this structure and regardless of the content, there must be some directions coming from Big Joe, which need to be passed on. If you wanted to spend time hacking these messages, the most effective thing to do is hack the single message from Joe to Bill since the information in that would probably tell you what Sue, Kevin, Greg and Alice received from Bill.

    The purpose of this explanation is to show that sometimes the patterns of communication are just as important to understanding as the actual text of the message sent.

    .
    Schneier gives an amusing example noting that in the hours leading up to the 1991 bombing of Iraq, pizza deliveries to the Pentagon increased one hundredfold - even if you did not know what the generals and admirals were talking about, it had to be something important from which there would be some serious time spent on decision making.
     
    . Although we have cautioned in ECP 1220 that it is wise to encrypt your communications, we also have to mention that sometimes people can figure out what you are doing anyway because even if the message is encrypted, people could know the volume of traffic and this might be an indicator of something important - depending on the context.

    Therefore: not only do you prevent people knowing the content of your messages, you should endeavour to let people know the messages even exist !!!

    .
    .
    Internal
    Threats
    Internal Threats
     
    "The threat that is most often overlooked, yet is most likely to occur, is the inside threat. Provding internal access to an organization's digital assets can be the Achille's heel of many security plans through either malicious intention or carelessness... Few modern systems can withstand attacks from  users who are logged on to internal machines"
    page 9, Chpt 1

     
    . Dr. Gnosh's book, E-Commerce Security, and other books and several on-line resources emphasize that good security requires a blend of computer security tools with policies that are judiciously applied - meaning if situation "x" requires the person only has a password to section"1", then do not give them a password for all sections just because it is too time consuming to block them off from thos they should not have access to.

    Gnosh says "The principles of need-to-know and compartmented information can be useful in determining to whom privaleged accounts and paswords should be given".

    .
    .
     
    Internal
    Threats
    Internal Threats, Logic Bombs
     
    Examples
    of how
    internal
    threats
    are 
    carried out
    by
    disgruntled
    employees
    A true story.

    "Lloyd built the Novell NetWare computer network at Omega South and  then blew it up with a software time bomb after he fell from corporate grace and was ultimately fired  for performance and behavioral problems....Ralph Michel, Omega's chief financial officer, testified that the software bomb destroyed all the programs and code generators that allowed the company to  manufacture 25,000 different products"

    CNN 
     www.cnn.com/2000/TECH/computing/06/27/omega.files.idg/

    "On May 9, the U.S. District Court jury in Newark, N.J., found Tim Lloyd, 37, of Wilmington, Del., guilty of setting a software time bomb that crippled his  former employer's manufacturing capabilities and cost the company more  than U.S.$12 million.
     www.rsasecurity.com/newsletter/v1n1/securitywatch.html

    "Omega Engineering learned firsthand the dangers of the disgruntled employee after a timed virus, known as a logic bomb, wiped out all of its research, development, and production programs in one fell swoop. The tape backup also was destroyed."
     www.computingsa.co.za/1998/04/27/ANALYSIS/NAN01.htm
     


     
    . The story of Tim Lloyd is well known and appears in several online news sites. Finds some additional information which targets how companies are dealing with this risk once the sensationalism of the story had passed.
    .
    .
     
    The disgruntled employee poses but one of many  insider threats to information systems and the valuable data stored therein. Unauthorised access from  insiders, rather than outside hackers, accounted for 44% of network security breaches last year, according to the March 2000 survey by Computer Security Institute (CSI) and the FBI.

    "The greatest exposure to any organisation is what I call the knowledgeable insider - anybody from a  janitor to a vendor or an active or ex-employee," says  Steve Dougherty, director of information security at  the Fulsom, California-based California Independent  System Operator, which is taking over management of power grid transmissions for 27m Californians with the stateís recent industry deregulation.

    American Society for Industrial Securityís (ASIS).  89% of respondents to the ASIS 1997/1998 Intellectual Property Loss Special Report indicated that their  biggest concern regarding system security is  retaliation from disgruntled employees..

    .
     
    University
    College
    computers
    - a weak link
    . Several columnists and experts have spoken and written about one of the more distasteful sources of IT risk and that is namely the hackers from within colleges and universities.

    The very nature of academic institutions fosters freedom and access together with learning. It is also at universities and colleges that people have access to massive computing power with very little human security measures.

    Since some of the more spectacular security breaches require lots of computing power, it has happened in the past, and will happen again that people will use interconnected computers in campus labs to launch attacks, either for the thrill of the process, or to accomplish a criminal act.

    You can earn some class participation / contribution points by finding an online news story about any recent attacks that originated from a college or university. It would be particularly useful if the story also included the "what happened later" information so that it can be known what was the consequence of the event being made public.

    .
    .
    Risks with Business Partners
     
    Risks
    With
    Business
    Partners

    they may
    pass on
    infections
    to your clients
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    Risks
    With
    Business
    Partners

    they may
    pass on
    infections
    to your clients

    A SANS Institute email alert about a "fix" which itself contains a virus
    Medium and large size companies make themselves vulnerable to risk when they outsource various services to intermediary parties.

    Microsoft - which one would presume is very very careful about who they partner with, is often vulnerable when the partner makes a bad mistake.

    Some of these mistakes happen when the intermediary is responsible for dispensing some service, such as making downloads available. In the screen capture below, you can see Prof. Richardson has received an email from SANS. This email details how Microsoft Hotfixes downloaded from the Premier Support and Gold Certified Partner web sites were infected with the Fun Love virus. 

    http://homepages.cambrianc.on.ca/timrichardson/ecommerce/SANalert1.htm

    The original email has been uploaded to the ECP site and you can read the full text, including other warnings and info at
     http://homepages.cambrianc.on.ca/timrichardson/ecommerce/SANalert1.htm
     

    . So the irony of the situation is almost funny if it weren't so dangerous - here is the world's most powerful softare company providing "fixes", through an intermediary, and the "fixes" themselves contain a virus !!

    One of the ways you protect yourself from these situations is being very diligent and reading all the email from organizations like SAN, which provide news and info on these vulnerabilities..

    .
    .
     
    It is not the intention of this part of the course to be able to adequately cover all the various types of viruses that may effect e-commerce since do not have the time nor resources to do that satisfactorly - 
    but, 
    it is important to have some understanding of the business risk at stake here and try to evaluate if it is a serious problem, because - if it is a serious problem, then every e-commerce professional needs to add to their portfolio of knowledge, some degree of understanding about viruses.
    .
     
    http://www.mcafee.com/anti-virus/virus_glossary.asp? This web site is very helpful and you are encouraged to bookmark it and check it for terms you do not know.
     
    .

    Virus
    Protection
    and
    business
    risk
     
     
     
     
     
     
     
     
     

    Virus
    Protection
    and
    business
    risk

    "The internal threat is clearly a danger, but most companies are concerned about the external threat - the extent of which is unknown"
    page 10, Chpt 1

    "IT's Battleground: The Quest for Virus Protection"
    is the title of an August 4th, 2000 in Computing Canada
     www.plesman.com/Archives/cc/2000/Aug/2616/cc261614a.html
     

    In this August 4rth article it is noted that
    "A recent survey estimated that viruses and other destructive acts will cost large businesses (over 1,000 employees) worldwide $US1.6 trillion this year and result in almost 40,000 person-years of lost productivity ...It's no wonder the anti-virus software market has hit almost $US70 million so far  this year [2000]"
     

    . Is the problem getting worse? At this stage statistics on known virus attacks seem to indicate the problem is getting worse. For the most part, security experts believe the majority of virus attacks are made by unhappy employees and egotistical hackers and crackers - it does not appear to be something that companies are employing against each other to give themselves a competitive edge - but it may not be long before this happens since businesses large and small have been known to use very "illegal and immoral" tactics to gain advantage.
    .
    From the August 4rth article
    "Symantec,  publisher of the market-leading Norton Anti-Virus, has seen an average of 115 new viruses each month this year, up 30 per cent from 1999." 
    .
     
    Viruses "Virus Vigilance "
    is the title of a December 11, 2000 article in Computerworld written by Deborah Radcliff 
     http://www.surfcontrol.com/news/articles/content/12_11_2000_cw.html

    In this Dec 2000 article it is noted that

    "The problem with today's viruses is twofold: Not only can they be easily rewritten to change their signatures and bypass antivirus tools, but they are also tempting attachment types for click-happy users who see nothing wrong with opening mail attachments from trusted sources. "

    translated

    1. viruses can change form so the anti-virus software you installed, and obediently updated, cannot recognize the new virus as a threat, and does not screen it out
    2. too many people are indiscrimantly passing on viruses without following basic security procedures
    So, what is the problem when people don't listen, andfollow proper procedures to protect against viruses?

    Radcliff quotes Roland Cuny, chief technology officer at Webwasher.com, an Internet content filtering vendor
    Cuny says
    "Training is not enough. You also need a technical solution,"
     

    . It would seem obviously self-serving for Cuny to say the solution is technical since his company makes the solution marketed for this - but there seems to be more and more people saying that it is hopeless to get IT persons to do the right procedural thing - therefore we have to have software to protect us..
    .
    What is part of a technical solution to block viruses?

    Radcliff quotes experts saying you can "...set up filters to block executable attachments before they get to desktops. Blocking file types known to carry viruses and Trojan horses (hidden programs) may sound extreme. Bruce Moulton, vice president of infrastructure risk management at Fidelity Investments in Boston said he first reviewed how his company uses these file types. Once he determined that these attachments weren't even  used for business purposes, making the decision to block them was easy. "The business impact of shutting out  these file types is zero because 99.9% of these attachments that come in are for personal viewing, like animated  Christmas cards, movie clips, things like that,"
     

    .
     
    Worm
    Viruses
     
     
     
     
     
     

    Worm
    Viruses
     
     
     
     
     
     

    Worm
    Viruses
     
     

    Viruses

    Worm
    Viruses
     
     
     
     
     

    Worm
    Viruses
     
     
     
     
     
     

    Worm
    Viruses

    .
    . There are many specific virus and DNS attacks that could be mentioned but for the sake of time, and for the sake of learning from focusing on just a few examples, we will look at the July / August 2001 case of the CODE RED worm virus that gathered much attention worldwide.

    WTGR

    .
     
    image comes from yahoo.com July 2001 "Code Red is a time-linked worm that awakens on the first of the month and goes dormant on the 20th; computer security watchers noticed the first version of it in mid-July (2001), with the worst virulence appearing on July 19, when  even the White House had to take evasive action to keep it from affecting its official Web site 

    It works by installing itself on server computers running Microsoft Corp.'s Windows NT and 2000 operating systems and IIS software. It then blitzes Web sites with data, in an attempt to knock them out of commission known as denial-of-service."
     

    What does it do?

    "Code Red, named for a caffeinated soft drink favored by computer programmers, scans the Internet for other computers to infect, and as more computers are infected the scanning gets more widespread and could slow Internet traffic to a crawl.

       The worm can also defaces sites, though in two of the three known variants   no vandalism is apparent to computer users. In last week's hits, some U.S.  government sites showed the message ''Hacked by Chinese!'' but the Chinese government said the worm probably did not come from China."
    from yahoo.com

    "Government agencies in Canada and the United States, as well as academics and Web security experts, were monitoring the situation closely, but did not detect any slowdown right after the worm's expected arrival at 8 p.m. EDT., July 31, 2001"
    National Post Aug 1, 2001
     

    .

     
    Before we finish the section on viruses, it would be worthwhile to visit the Security Section on Netscape's site. There is a short Q&A about viruses and a helpful glossary. http://home.netscape.com/security/basics/viruses.html

     
    Denial
    of
    Service
    Denial of Service    What is DOS?

    "DoS attacks are relatively  simple to perform but can have  devastating effects. They  disable Web sites and routers  by flooding them with false  information requests. In order to discover the source of the requests, technicians must sort through thousands of lines of computer code. DoS attacks can last hours or
     days, depending on how quickly they are detected."
    Tim McDonald
    .

    .
    Denial
    of
    Service
    "Denial of service attacks have been called the ultimate Internet Security nemesis."

    "DOS attacks are aimed soley at making service unavailable. The attacks are particularly difficult to defend against, because they exploit structural weakness or flaws in widely used protocols"
    page 20, Chpt 1

    .
    .
     
    Denial
    of
    Service
    Attacks
    Reported
    in the
    Online
    Media
    Denial of Service Attacks

    First became known in the general public in February 2000 when several large sites were crippled, some of them for several hours.
     

    BusinessWeek article interviewing Bruce Schneier about "distributed denial-of-service attacks"
     http://www.businessweek.com/2000/00_10/b3671089.htm.
    " The nature of distance has also changed. In the world offline, your house only has to be secure from criminals within driving distance. On the Net, eBay (EBAY) and Yahoo! (YHOO) must be concerned about everyone on the planet. The hackers  need not be in America. This is the death of distance: Crime is no longer based on proximity."
     
    . One of the things that challenges security experts like Schneier, is the fact that such crimes can by launched by people with no close proximity to the target. In a traditional security and risk situation, at some time, for the threat to be "launched", there has to be some resources brought within striking distance of the target - in the case of DOS, it can be done with relatively small resources halfway around the world..
    .
    "We are dealing with fact that software products are always buggy, and probably always will be. At the same time, systems are too complex to secure. We actually can't test security to the level we need to. We'll see three or four major bugs in each new version of Windows or Explorer or Java. New products are coming out faster and faster, so we keep losing ground. We've been finding and fixing security bugs in past years, but none of those fixes transfers forward. For all these programs, a new version comes out, the new version is more complex, and there are new bugs."

    Q: BusinessWeek - Is there any defense against distributed denial-of-service attacks?
    A: Schneier, - "We don't really know how to defend against this kind of thing. All the defenses
    I've heard of are of the civic hygiene variety--in other words, making sure all computers on the Net are secure. But that isn't possible, technically. Even if you put firewalls around 99.99% of computers--which is very unlikely--malicious programs would sniff out the remainder that weren't secured".

    .
    http://www.witiger.com/ecommerce/hackingexample.htm We have our own example of hacked, and original pages which you can view by clicking on the screen capture to the left.
     .
    Denial
    of
    Service
    Attacks
    Reported
    in the
    Online
    Media
    Denial of Service Attacks
     
    E-commerce Times reported on Denial of Service Attacks in February 2000 and a year later ran some stories on how this new threat was significant at the time.
    By Tim McDonald, writing for the site  www.NewsFactor.com, produced and article February 6, 2001 titled
    "Companies Race To Solve Denial-of-Service Riddle
    which was carried in E-Commerce Times  www.ecommercetimes.com/perl/story/7282.html

    McDonald's short piece centers on some of the new technologies that are helping companies at risk, detect a DOS attack in the beginning and head it off.

    "Adding to a growing list of Internet security firms jockeying to establish a viable defense against costly Denial-of-Service (DoS) attacks, an Internet security firm claimed Monday that it has developed a new way to detect, trace and block DoS attacks before they reach their intended online targets.  The company, Arbor Networks of Waltham, Massachusetts,...claims its technology, which uses 'fingerprints' to monitor and
     trace sharp spikes in Web traffic, allows operators to block a DoS attack from
     the company's operations center."
     

    http://www.arbornetworks.com/ From Arbor's web site  www.arbornetworks.com
    "The Arbor solution uses network topology data and fine-grained traffic statistics to detect, trace, and filter network threats, such as Denial of Service attacks...By regularly sampling network traffic statistics, Arborís technology establishes a dynamic profile of typical traffic patterns in different zones of the network. Sampling against this dynamic baseline allows the solution  to flag anomalies."
    .
    .
     
    Denial
    of
    Service
     
     
     
     
     
     
     

    Denial
    of
    Service


    Chpt 3
    Schneier, page 38

    "Denial of Service attacks can be preludes to criminal attacks"

    .
    Schneier provides the scenario

    Burglers come to a warehouse. They cut the connection on the alarm, hoping to trigger a response from the police. The police arrive - see nothing. Property owners representative arrives - sees nothing, everybody leaves. Later that same night, after all the authorities have retreated, the burglers (watching all the time) come back to the premises, break-in again (this time the alarm doesn't go off cause it hasn't been fixed from before) and the bad guys steal everything !!!

    Schneier goes on further to describe denial of service attacks in detail in Chpt 11 of his book
    Secrets & Lies: Digital Security in a Networked  World

    from chpt 11, page 181

    "In Sept 1996, an unknown hacker attacked the Public Access Networks Corporation (aka Panix) - which was a New York based internet service provider. What they did was send hello messages (SYN packets) to the Panix computers. What's supposed to happen is for the remote computer to send Panix this hello message, for Panix to respond, and then for the remote computer to continue the conversation. What the attackers did was to manipulate the return address of the remote computers, so Panix ended up trying to synchronize with computers that essentially did not exist. The Panix computers waited 75 seconds after responding for the remote computer to acknowledge the response before abandoning the attempt. The hackers flooded Panix with as many as 50 of these wake-up messages per second. This was too much for the Panix computers to handle, and they caused the computers to crash. This is called SYN flooding, and was the first publicized example of a denial of service attack against an internet host"

    .

    Denial of Service attacks can happen to anyone.

    The building housing the offices of POTUS - President of the United States
    - is perhaps the most secure piece of architecture on the planet; the communications are
    top secret "state-of-the-art", and yet, even they are vulnerable to the types of "flooding"
    that can be caused by a DNS attack.
    "Keynote Systems of San Mateo, Calif., a company that monitors Web site  performance, said that around 7 a.m. EDT the site began experiencing  problems, which it said lasted for about six hours....problems were first noticed at 8 a.m. EDT and that the site was totally blocked for about two hours and 15 minutes.  Altogether, he said, the problems lasted for no longer than three hours and 15 minutes. The attack is similar to the February 2000 assaults on popular Web sites such as CNN.com and eBay that effectively shut them down."
    .
     
    In the on-line version of Chpt 6 of his book,  The Business of the Internet Neil Hannon, notes a link to an article about Netscape Communications Corp. white paper that deals with the issue of intranet security and some of its many challenges.
    "Cryptography Is The Key To Intranet Security Needs"
     http://www.techweb.com/se/directlink.cgi?CRN19970630S0089
    Copyright (c) 1997 CMP Media Inc.
    http://www.techweb.com/se/directlink.cgi?CRN19970630S0089

    You can read the original article on CRN's site at
     www.techweb.com/se/directlink.cgi?CRN19970630S0089
    The following is a summary of some of the main points in case the article is no longer available online.

    "There are many challenges in building a full-service intranet that provides safe communications and collaboration. As the exponential growth of the publicInternet demonstrates, TCP/IP solves many problems in a remarkably scalable way. However, TCP/IP was not designed to offer secure  communication services. Because TCP/IP was not designed with security in mind, we must bring additional technology and policies to bear to solve typical security problems..."

    If you go to the web site you can read further about the problems and the cryptographic solutions

    .

    Online Quiz # 2
    for the preceeding material
      www.witiger.com
    /senecacollege/
    IEC818/
    quiz~IEC818~2.htm

    1. Could you explain to someone what the Trojan Horse virus is (as explained in Greenstein text, Chpt 5, page 162)
    2. Why do most companies not report IT security situations to authorities?
    3. Why are macro viruses so troubling, and how can they be prevented? (as explained in Greenstein text, Chpt 5)