The threat of online security: How safe is our data?

Most security threats are made by attackers using a relatively small number of vulnerabilities. Attackers, being relatively opportunistic, take the path of least resistance, and continue to take advantage of these most common failures, rather than seeking out new exploits or taking advantage of more difficult ones. Fortunately, in many cases, their predictability makes it easier to prevent attack by following a few simple rules:

• Apply regular updates and patches as they become available.
• Employ security software and hardware such as firewalls and authentication servers.
• Do not use default passwords and other values that are provided with your software.

The top three threats are:

• Web servers and services. Default HTTP (Web) servers have had several vulnerabilities, and numerous patches have been issued over the past several years. Make sure all your patches are up to date, and do not use default configurations or default demonstration applications. These vulnerabilities may lead to denial-of-service attacks and other types of threats.
• Workstation service. An attacker can obtain full control over a computer by compromising the Windows Workstation service, which is normally used to route user requests.
• Windows remote access services. A variety of remote access methods are included by default on most systems. These systems can be very useful, but also very dangerous, and an attacker with the right tools can easily gain control over a host.

Cyber attacks fall under several general categories:

(1) accidental actions and (2) malicious attacks. Within this latter category there are numerous subgroups, including computer viruses, denial of service attacks and distributed denial of service attacks. A third area of cyber vulnerability, online fraud, comprises issues such as identity theft and data theft.

I. Accidental Actions

Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.

II. Malicious Attacks

Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Malicious code, on the other hand, is at the root of so-called "crackings" and "hackings" - notable examples of which include computer viruses, data theft, and Denial of Service (DOS) attacks.

III. Online Fraud

Online fraud is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials; offers of easy money, such as workat- home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges;
and charity facades, where donations are solicited for phony causes.

Identity theft is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security.

Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data. Examples of data theft abound.