Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 233 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
233
Dung lượng
1,31 MB
Nội dung
[...]... writers to find vulnerabilities and launch attacks that can spread around the world in a very short time xv xvi Trojans, Worms, andSpyware Law enforcement agencies and the corporate giants that dominate the computer marketplace label maliciouscode writers and attackers as criminals and at times even as terrorists The maliciouscode writers and attackers view the corporate giants as criminal and parasitic... efforts and international cooperation in fighting computer crimes are also covered At the end of each chapter, action steps that organizations can take to combat maliciouscode attacks are presented These action steps turn the analysis and explanations included in each chapter into tactics and strategies that can help an organization mitigate the impact of maliciouscode attacks Implementation of these action... combination of some of the most successful attack methods of Code Red II and the 1999 Melissa virus, allowing it to spread widely in a short amount of time Security experts estimate that Code Red, Sircam, and Nimda caused billions of dollars in damage 5 6 Trojans, Worms, andSpyware Although these situations and attacks are dramatic in and of themselves, it is important to understand that malicious code. .. is to show organizations how to effectively and efficiently organize and maintain their defenses against maliciouscode attacks Chapter 1 provides an overview of malicious code and explains the basic principles of how maliciouscode works and why attacks can be so dangerous for an organization This includes an analysis of why maliciouscode works so well Present and expected weaknesses in commercial... impact can include a decline in market valuation and/ or stock price, erosion of investor confidence, and reduced goodwill value Table 1.1 shows several ways to measure the impact of maliciouscode attacks on an organization Several of the items shown in the table are relatively easy to calculate The costs of direct damage to an organization’s computer systems and the cost to repair damage or restore... been and will continue to be a problem that organizations need to address As steps are taken to defend against maliciouscode attacks, managers, planners, and technical staff should understand the following rudiments: • Maliciouscode attacks have caused considerable damage and disruption and will grow in intensity in the future • The vulnerabilities in technology and flaws in software continue to grow... organizations like 12 Trojans, Worms, andSpyware SANS (see www.sans.org) also provide advice as well as training to address configuration issues Social Engineering One of the greatest vulnerabilities tomaliciouscode attacks that any organization has is the employees who use computers People can be easily duped into unwittingly and unknowingly helping an attack succeed, and attackers who use malicious code. .. restoring operations as quickly as possible usually overrides the desire to collect data on the direct costs to respond, the loss of productivity, or other types of impact that amaliciouscode attack has on an organization But understanding the costs associated with maliciouscode attacks and the impact that attacks can have on their organizations is what enables managers to make decisions as to how... own unique way of suffering Productivity in work groups and in entire organizations can plummet for days at a time when computer systems and e-mail are rendered unusable Deadlines can be missed Customer support can fall into disarray Perhaps worst of all, momentum can be lost If you have been a manager and have worked to get an organization on xiii xiv Trojans, Worms, andSpyware track and everybody... suspect code, and what to expect from the IT department The model training plan also includes an explanation of how the internal warning system works and what to do if the organization is placed on alert Chapter 9 covers the future of maliciouscode attacks and defenses This includes military-style information warfare, open-source information warfare, and militancy and social action Homeland security . label malicious code writers and attackers as criminals and at times even as terrorists. The malicious code writers and attackers view the cor- porate giants as criminal and parasitic organizations. xix 1 Malicious Code Overview 1 Why Malicious Code Attacks Are Dangerous 3 Impact of Malicious Code Attacks on Corporate Security 6 Why Malicious Code Attacks Work 8 Action Steps to Combat Malicious. Cus- tomer support can fall into disarray. Perhaps worst of all, momentum can be lost. If you have been a manager and have worked to get an organization on xiv Trojans, Worms, and Spyware track