HostedDB - Dedicated UNIX Servers

UnauthorizedModems_3
Protecting Data Networks by Securing Telephone Networks 2 There is little doubt, as Geide pointed out, that computer crime is on the increase. According to Dick Watson, a member of the White Collar Crime Program in Boston, between 1996 and 1998 the number of FBI cases involving computer intrusions increased over 250%. Similar statistics are reported elsewhere in the community. In their annual survey of over 500 security practitioners from federal agencies, universities, financial institutions, and corporations, the Computer Security Institute, in conjunction with the San Francisco office of the FBI, reported over 57% of the respondents had experienced attacks across the Internet. In the same 1999 survey, 32% of the respondents reported they had experienced attacks serious enough to warrant contacting a law enforcement agency. In addition, for the third year in a row, financial losses due to breaches in computer security exceeded $100,000,000 even though only 60% of those reporting a loss could quantify their loss. What is particularly alarming is the number of corporations that didn’t even know if they had been attacked or had their systems penetrated. In a survey of 4,255 information technology and information security managers by Ernst & Young and Computerworld, 19% stated they were not even aware if they had been attacked via the Internet. All of this makes it abundantly clear computer security is, and should be, a major concern for organizations wishing to connect to the Internet or to provide access to their computer systems or networks via dial-in modems. Computer System And Network Security In general terms, it can be said the goal of computer and network security is simply the protection of information and information processing assets. To accomplish this the basic objectives of computer and network security are confidentiality, integrity, and availability. Confidentiality involves the use of policies, procedures, and mechanisms to ensure information is not disclosed to individuals who do not have the authority to view it. This includes not only individuals from outside an organization but individuals from the inside who don’t have a “need to know.” Examples of information for which confidentiality is crucial include personal data (especially information covered by the Privacy Act of 1974), customer and client data, product information, and data related to a company’s research and development efforts. Loss of confidentiality could result in lost customers and revenues, loss of a market position and advantage, and possibly a proliferation of information protection related lawsuits. Integrity involves those policies, procedures, and mechanisms that ensure information is consistent and has not been modified in an unauthorized manner or by individuals not authorized to change it. Loss of data integrity may result in damage to the same type of information as loss of data confidentiality, and the consequences are often similar. Which of the two is actually more severe depends on the type of organization involved. The Department of Defense, for example, has traditionally been more concerned with disclosure of classified information rather than the modification or destruction of it. While this has changed somewhat over the last few years, it is still generally true. Financial institutions, on the other hand, are often more concerned with the modification of information rather than its disclosure. While it is a serious matter if information about an individual’s account is disclosed, it is much more critical if that same account is modified—especially if the modification goes unnoticed.