| |||||
Intruders and CrackersIn the rest of this discussion, I will not use the term "hacker" which was once a positive term for computer enthusiasts. Rather, I will use the terms "intruder" for anyone who gains or attempts to gain unauthorized access to a computer system and the unambiguous "cracker" for someone skilled in the techniques of gaining unauthorized access to computer systems, often but not necessarily, with malicious intent. Some risks are pretty much constant at any specific point in time. Specifically there are just so many potential intruders operating on the Internet; this number is believed to be increasing. Though a few crackers deliberately target computers believed to be very secure to prove their technical skill, generally most potential intruders target systems that are believed to be poorly defended. By having strong security measures in place, most potential intruders will immediately move on to another system as soon as the measures at a well defended site are detected. Thus certain kinds of risks are pushed towards those who have not taken specific measures to prevent them. The number of Internet based security incidents has been increasing rapidly in the past few years. As the weaker sites implement security measures, it will become increasingly difficult for potential intruders to find undefended sites. What was adequate last year may be less than adequate today. New exploits (specific methods by which particular systems may be compromised) are found and publicized every week if not every day in both the intruder and security communities. Security cannot stand still. It's worth noting that different organizations face different risks regardless of the technical measures they implement to protect their sites. In particular organizations that advocate strong positions on highly controversial topics such as abortion and guns face greater risks than those not involved in any controversy. For about three days in the summer of 2000 an anti- gun organization's entire domain, including web site was hijacked by pro-gun crackers. Not only was the web site replaced but e- mail was rerouted. Abortion and guns are just two of the most obvious examples. Organizations that have public positions on a wide variety of topics are likely to have enemies. The more important and emotional an issue, the better the chance that someone opposed to a position related to that issue possesses the necessary skills and willingness to use them illegally to damage a web site supporting the position. Also simply being very prominent can be cause for someone targeting your site. In late 1999 there were a series of distributed denial of service attacks directed against Yahoo, Amazon and several other extremely prominent web sites. There is no known reason for these attacks other than the size and prominence of the sites attacked. I've never heard of any attacks directed against AARP, AMA or ATLA but these and other highly influential associations could at some time in the future be targeted simply because of their prominence. 
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|
|||||
