Businesses and individuals around the globe have felt the sting of cyber intruders who attack organizational networks with relative impunity. Some attacks only deface a website, while others result in significant embarrassment or financial loss. While it is almost impossible to stop some attacks, it is important for organizations to recognize the difference between passive attacks and active attacks -- and the surprising risks of passive attacks.
The motive for an attack depends on the attacker. A teenager with too much time on his hands may be just playing around to see what he can do without getting caught. On the other hand, an experienced cyber criminal may be looking for user credentials or credit card information that he can steal and sell to others for illegal use. The motive determines to some degree the degree of impact on the organization and its reputation.
A passive attack involves someone listening in on telecommunications exchanges or passively recording computer activity. An example of the former is an attacker sniffing network traffic using a protocol analyzer or some other packet capturing software. The attacker finds a way to plug into the network and begins capturing traffic for later analysis. Other attackers rely on keyloggers, usually as a Trojan horse in a "free download," to record keystrokes such as user IDs and passwords. The goal, regardless of the method, is just to listen and record the data passing through. The passive attack itself is not harmful, per se, but the information gathered during the session could be extremely damaging.
Active attacks on computers involve using information gathered during a passive attack, such as user IDs and passwords, or an outright attack using technological "blunt instruments." Such instruments include password crackers, denial-of-service attacks, email phishing attacks, worms and other malware attacks. In an active attack, the attacker is out to bring a website down, steal information or even destroy computing equipment. As network administrators install defenses against existing attack tools, hackers develop more sophisticated tools and the game of technology leapfrog continues.
Any individual or organization with an Internet connection should deploy a set of defenses that includes an Internet firewall, intrusion prevention systems, spam filters and personal firewalls at the very least. Network and security administrators should automate log analysis to spot attacks in progress or trends that indicate attempted intrusions. For instance, a number of failed login attempts might indicate that someone is attempting to guess a password and gain unauthorized network access. Failure to take measures to prevent attacks is an abdication of responsibility on the part of network and security administrators. Fortunately, most people in these positions are well aware of the risks and have taken solid measures to prevent their networks and computers from attack.
User Education for Business
Many attacks rely on a person to do something, such as open an email or click on a link, so one of the best security defenses is a security-aware workforce. Companies should train employees how to handle a suspicious email, how to avoid suspicious Web sites and how to detect a virus or worm attack in progress. Technology is good, but a well-trained group of employees can provide a high level of protection -- and employees who aren't trained can be your business' Achilles Heel.