Skip to main content


Showing posts from January 5, 2014

3.2.18 Client-Side Attacks

Client-side attacks Because that’s where the money is . – Quote apocryphally attributed to bank robber Willie Sutton when ask why he robbed banks. People create structures to provide security from attack for their persons and property. As with most security mechanisms, it becomes an “arms race”; the attacker devising increasingly sophisticated measures to penetrate the defense and the defenders improving their security profile to repel the penetration attempts. Nomadic humans first formed camps as a way leverage resources and protect each other from attacks by marauders and other hostile forces. As the attacks against the camps became more sophisticated, the protections evolved to repel the threat. The camps evolved into forts, forts became castles, castles grow into fortified towns, etc. At each stage, the strength of the fortification becomes a deterrent to the attacker who then cast about for more effective penetration techniques or an easier target. In computing

3.2.15 Malicious Insider Threat

Malicious insider threat We have met the enemy and he is us. – Walter Crawford Kelly, Jr. IT security professionals and laypeople alike are aware of IT security threats posed by external forces such as hackers, malware, denial of service attacks, etc. Systems and policies to mitigate these “outsider” security threats such as firewalls, intrusion detection and prevention systems, antivirus software, etc. are well defined. However these security mitigation efforts are largely ineffective against what several studies have recognized as a significant threat to an organization’s security profile, the malicious insider. † Electronic Crimes most costly or damaging to an organization Bob Bragdon, VP and publisher, CSO puts it this way “Cyber threats can come from outside and inside the organization. Public awareness has been largely focused on the more sensational successful cyber espionage attacks from nation-states, but the fact is insiders with malicious intent also p