Routing Vulnerabilities

The graphic visualization of the Internet is usually presented as a mesh of connections among millions of nodes engaged in the transmission of billions of messages. These connections can be local (administered by the owner of the systems connected to the node) or general (the owner is responsible for a node or several nodes). The primary difference is the extent of control over the connected systems to the node(s).

Web Defacements and Semantic Attacks

The mass use of the Internet as a trade and distribution tool has become the source of a new type of attack—the defacement of Web page content. Due to the nature of this activity, it is frequently referred to as Web graffiti. Indeed, there is a lot of commonality between real graffiti sprayed on walls and fences and its computer-based Web counterpart.

Information and Computer Security

The current state of the information security domain in the United States and much of the rest of the industrialized world can best be characterized as overly optimistic. The protection of computing systems and telecommunication infrastructures from unauthorized usage, manipulation, and sabotage faces serious challenges to ensure ongoing serviceability. This is especially true when we consider our growing dependence on these infrastructures. The state of affairs regarding the security aspects of these systems is even worse. Peter G. Neumann of the Computer Science Laboratory at SRI International in Menlo Park, California states:

Business Continuity Management

Business continuity management is a process aimed at reducing disruptions caused by disasters and security failures that could be the results of natural phenomena, accidents, failure of equipment, or deliberate human acts. Among the last of the results are cyber-terrorist attacks or acts of information warfare. A long time ago, it was proven that the present level of technology allows for the elimination of pilots from the cockpits of large commercial jets. A huge jumbo jet is able to take off, fly to the opposite side of the globe, and land safely without human intervention. With this knowledge, we must wonder why airline pilots spend so much time on flight simulators, and why pilots are still needed in the front of the plane. The answer is really quite simple: they are rigorously trained to handle emergency situations.

Operations Management

A major focus of this book is guiding IT managers on how to secure the operations of their facilities due to increased threats from terrorist oriented attacks. As it was presented in the earlier part of the text, there are many procedures that would decrease such threats. However, the best protection is just to run the facilities, keeping in mind the systems approach to information security. In this way, we are able to optimize the protection of the workplace from any form of attack, including those from cyber-warriors and cyber-terrorists. In this chapter, we will present the essence of managing IT facilities from the security point of view.

Identity Stealing Attacks

In recent years, several feature films have been produced based on the concept of stealing an identity. As a result of deliberate or accidental changes to personal records, a person can cease to exist on paper, or someone else can acquire a person’s identity. These film directors’ concepts are not products of their rich imaginations, but are a reflection of reality. Quite often, we read about such accidents happening. Stealing an identity is a favorite step in the preparation of terrorist and cyber-terrorist attacks, and all of us, IT managers in particular, should be vigilant about such possibilities.

Physical Security

The final stage in the execution of the majority of the current waves of terrorist attacks is in the form of an intruder positioning a bomb in the proximity of the target. While terrorists may not directly target IT systems, attacks against computer facilities do happen. These attacks are in addition to telecommunication-based attacks and fall into the realm of physical security.

Denial of Service Threat

n the early 1960s, programmers used to play memory games on a computer. The objective of the game was to disable as much of the operating system memory as possible in order to make their opponents unable to run their applications. In those days it was not anticipated that the whole idea would reemerge some 35 years later to become one of the most treacherous concepts in disabling vast computer networks. Denial of Service (DOS) attacks are here to stay for the foreseeable future.

Information Security Policy

In Chapter 12, we discussed most of the information security issues that are important to IT managers, especially in the current situation of increased attacks. Perhaps the most visible and important document that relates to the attitude of management towards security issues is the Information Security Policy (ISP). (Please note that the most common understanding of the abbreviation ISP is Internet Services Provider. For clarity within this chapter only, ISP means Information Security Policy.) This document reflects all the decisions and activities required to set up a clear set of rules and procedures for company employees in terms of protecting information assets. The ISP is also used to:

Personnel Security

The importance of security issues relating to personnel policies has and continues to be a factor in the overall protection of organizational systems. Apart from the general managerial issues related to information security discussed earlier in the book, this chapter will concentrate on discussing the security issues related to contractual agreements between companies and their employees, and what the implications are. These issues include the following: