“Terrorist attacks can shake the foundations of our biggest buildings, but they cannot touch the foundation of America. These acts shattered steel, but they cannot dent the steel of American resolve.”
The above is an excerpt from the speech made by the American President G W Bush on September 11 2001 after the terrorist attacked the World Trade Center complex in New York City. The statement portray courage, it also is a reflection of the confidence the President had in the defense infrastructure possessed by the country.
While some countries like the America can boast in their defense infrastructure and dare the terrorists, others would rather prefer to play safe; allowing the terrorists to be, while they either remain unperturbed or suffer in silence.
Terrorist attack is becoming more common these days than ever before, almost all countries have had their own share albeit on different scales. The same goes on in the cyber space, organizations have at one time or the other suffered in the hands of the cyber-terrorists. The fact that almost everything about organizations is constantly being automated and all activities are moving online has further increased our risks and exposure to the threats of these terrorists.
The amount of defense structure put in place by an organization will eventually determine their disposition and the side they belong – the side of the courageous and confident who can dare the cyber terrorists or the side of those who wish to play it safe!
In the past, hacking meant to possess extra ordinary computer skills to extend the limits of computer or network systems, hacking today is however defined in a different way because there are a lot of automated tools and codes available freely on the internet that make it possible for anyone with a will and desire to hack to succeed.
The Domain Name server; often regarded as the critical infrastructure of the Internet for the role it plays in interconnectivity has not also escaped from this cyber epidemics.
A domain name system server translates a human readable domain name such as ‘example.com’ into a numerical IP address that is used to route communications between nodes. Without a domain name, a given website would be accessed with a cumbersome series of numbers which are subject to change. Normally, if the server does not know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again. When a DNS server has received a false translation and caches it for performance optimization, it is considered ‘poisoned’, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (often an attacker’s). A cure for this was developed and the solution was the implementation of secure DNS (DNSSEC) at the Internet [root] zone servers. DNSSEC aims at protecting the users by validating the source of information coming from a DNS server by using cryptographic digital signatures signed with a trusted public key certificate to determine the authenticity of data returned when a client system queries the DNS for the IP address of a domain name. Although, it is widely believed that securing the DNS is critically important for securing the Internet as a whole, however there are other data security vulnerabilities that can be exploited in the IT system apart from the DNS. An IT system is said to be secured if it is able to provide the following:
Confidentiality: Assurance that the information is accessible only to those authorized to have access
Integrity: the trustworthiness of data/ resources in terms of preventing improper and unauthorized changes
Availability: Assurance that the systems responsible for delivering, storing and processing information are accessible when required by the authorized user.
Authenticity: characteristic of a communication, document or any data that ensures the quality of being genuine.
Non repudiation: guarantee that the sender of a message cannot later deny having sent the message and the receiver cannot deny having received the message.
As Sun Tzu put it in the Art of War “If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat”. It is important for organizations to understand the different sources of attacks so they can better defend against them. This space is obviously too small to highlight all the possible attacks since the list seem in-exhaustive, however I will attempt to categorize them into three, from where the defense points can be created:
- Network threats: An organizational IT network is the collection of all computers and other hardware connected by communication channels to share resources and information within and outside the organization. As the information travels from one computer to the other through communication channels, a malicious person may break into the communication channel and steal the information. It is the duty of Network administrators of any organization to know the different network attack vectors and guard their infrastructure against exploits.
- Host threats: hosts are systems on which valuable information resides. An example is the server. Attackers can exploit the vulnerability in the operating systems of servers to carry out attacks to the organization. To protect against this, System Administrators should carry out a proper configuration of the hosts and ensure that security updates released as patches for these hosts are constantly applied.
- Application threats: Applications are the software used in an organization. Technology, as we know is evolving at an unprecedented rate, as such; new products that reach the market tend to be engineered for easy-to-use rather than secure computing. If proper security measures are not considered during the development of the application, the application might be vulnerable to different types of attacks that expose the information of an organization to theft or damage. A defense against this is for organizations to ensure that their applications go through standard software development process before roll out.
In conclusion, organizations who wish to employ the use of Information Technology in driving their business should put in place adequate security policies that will protect it against cyber attacks as well as from internal attacks (internal attack is considered the most deadly). However, there is no amount of security measures/policies put in place that can protect an organization from the second considered most deadly attack – social engineering; a method of influencing and persuading people to reveal sensitive information in order to perform malicious actions. With it, an attacker can obtain confidential information, authorization and access details of people by deceiving and manipulating them. An effective protection against this cyber vice is to train the staff about social engineering tricks and their counter measures, most importantly let them be aware of their valuable information so they will not be careless with it.
Having said all, organizations who take due diligence and observe all IT security precautions will be able to dare the cyber terrorists and their activities.
“Terrorist attacks can shake the foundations of our biggest buildings, but they cannot touch the foundation of America…
