Experts who track online attacks say the perpetrators can be categorized into five broad groups: the archetypical hacker who takes perverse pleasure in successfully breaching a network or in the creation of a new worm or virus; an insider acting out of anger or greed; industrial spies opening online pathways to steal intellectual property; individual or organized criminals committing web-based fraud; and governments and non-government groups using cyber attacks to further their political objectives.

When internet security issues were first raised more than 15 years ago, most intrusions amounted to little more than the exploitation of passwords or other clear vulnerabilities.

In today’s far more complex world, the intrusion profile includes the exploitation of known flaws in protocols, source code and executable files, sniffer programs, IP source address spoofing, DoS attacks, automated scanning, distributed attacks, and the creation of command and control networks that use compromised computers to launch attacks.

A growing threat

In the early years of the internet, most attacks were launched against individual computer systems or networks. But with the rapid growth in home PCs, broadband access and the size and complexity of the internet itself, attacks today are characterized increasingly by the use of easily available exploitation scripts, by compromising large groups of computers for use as DoS weapons, and by leveraged attacks on the infrastructure itself.

The CERT Coordination Center is an internet security clearinghouse located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

According to CERT, in 1988 the organization received just six reports of internet security incidents, a number which swelled to 3734 a decade later, and by 2003 the number of internet security incidents reported to CERT numbered a staggering 137,529.


“The complexity of administration of computer and network infrastructures makes it difficult to properly manage the security of computer and network resources,” CERT noted in a 2003 report.

“As the number of internet users grows and intruder tools become more sophisticated and easy to use, more people can become 'successful' intruders.”

Countermeasures

As the threats to networks and systems have evolved, so too have the technologies deployed to meet those threats.

Most companies and agencies long ago installed firewalls, antivirus scanning software and user authentication systems. But to fully understand both the current status of their systems, and to detect and counteract developing threats, organizations are fortifying those static defense measures with more proactive and predictive security technologies.

To really understand what is going on in your network, you must do more than deploy security devices, you must also monitor your security situation on a constant basis. Intrusion detection monitoring is a major trend in the security industry.

One early form of intrusion detection, called knowledge-based monitoring systems, continuously scans strategic points in a network, and then compares current activity against a periodically updated database of known worms, viruses and other threats.