Proctecting against Threats to Enterprise Network Security
Gellis, Harold C., The CPA Journal
Life has been revolutionized by computer networks and the Internet. Vital sectors of the economy depend upon networks and the Internet for their existence. The financial, health, and government sectors, for example, all rely on networks for their daily operations. Banks transfer money electronically through the banking system's Automated Clearing House Network. Medicare uses an electronic system for patients' billings. And the Teachers' Retirement System of New York and the Social Security Administration make pension payments electronically into pensioners' bank accounts. The Internet also plays an indispensable role in the economy. Witness the explosion in electronic commerce between individuals, businesses, and other organizations. Companies like Amazon, eBay, and other online stores are representative of this new model.
The proliferation of wireless and mobile devices, cellphones, wireless modems, and pagers has created a mobile society consisting of millions of telecommuters, field workers, traveling sales personnel, and home-office workers. Users can connect to their office networks from hotels, airports, and other remote locations, as well as from home.
The very features of connectivity and accessibility that make networks and the Internet so indispensable to contemporary society, however, create dangerous and unforeseen consequences.
Dangers to the Enterprise
Security threats to an enterprise are much higher because of network interconnectivity and mobility. Cisco Systems, a leading provider of security services, maintains that remote users accessing corporate networks are more exposed than ever to attack from the outside. A personal computer on a network is a common point of attack. A user's laptop can also become infected through a remote Internet connection, and then infect the entire network. Some security threats include viruses, worms, Trojan horses, and denial-of-service attacks.
Viruses consist of computer code that secretly reproduce on other computers and perform destructive acts such as deleting files and clogging network performance. Worms are destructive programs, usually hidden in e-mail attachments, that shut down computers and networks. Trojan horses are unauthorized computer instructions hidden in a legitimate program that perform secret or damaging activities. Denial-of-service attacks overload an Internet service provider's e-mail server with hundreds of e-mail messages per second, causing it to shut down, or causing a network or web server to crash.
Last August, Blaster, a worm, shut down 120,000 systems in three minutes and eventually shut down businesses around the world. Slammer, another worm, spread worldwide in 11 minutes and infected 55 million hosts per second. According to Cisco, the cost of viruses and worms is approximately $13 billion a year.
Another insidious threat to an enterprise is hacking. Most businesses are susceptible to attack from both outside hackers and internal personnel. Unauthorized users can break into an organization's network to steal information or create damage. Hackers often target business and financial institutions possessing information that can be further exploited. The names, addresses, credit information, and Social Security numbers of a company's employees or customers can be stolen by hackers in order to rob bank accounts, obtain false credit cards, or perpetrate other fraudulent acts. Hackers, especially terrorists and rogue governments, also target military, government, and financial networks and can create political and economic havoc. Internal hackers might be disgruntled employees that delete corporate files. The proliferation of these illegal and dangerous activities has become a matter of grave concern for industry and government alike.
Protecting the Enterprise
An enterprise's network, information systems, databases, and processes are essential for the enterprise's survival and must be protected from both internal and external threats. …