There are some statistics relating to the security of information systems that can be displayed here. The data shown are generally considered conservative given the many companies that do not
wants known to have experienced "security breach" because this information can lead to "negative publicity". These companies chose to remain silent and try to handle their own security problems without publicity.
• In 1996, U.S. Federal Computer Incident Response Capability (FedCIRC) reported that more than 2500 "incident" on a computer system or computer network caused by the failure of the security system or any attempt to break into security systems.
• Also in 1996, the FBI National Computer Crimes Squad, Washington DC, estimates that computer crime is detected less than 15%, and only 10% of that number was reported.
• A study in 1997 conducted by the firm Deloitte Touch Tohmatsu shows that of 300 companies in Australia, 37% (two out of five) had experienced computer system security problems.
• Research in 1996 by the American Bar Association show that from 1000 companies, 48% had experienced "computer fraud" in the next five years.
• In the UK, 1996 NCC Information Security Breaches Survey indicates that computer crime rising 200% from 1995 to 1996. This survey also showed that the losses suffered by an average of U.S. $ 30,000 for each incident. Shown are also several organizations that suffered losses of up to U.S. $ 1.5 million.
• The FBI reports that the trial of cases relating to computer crime skyrocketed 950% from 1996 to 1997, with the arrest of 4 to 42, and proved (convicted) in the courts increased 88% from 16 to 30 cases.
• John Howard in his research on the blokes CERT at Carnegie Mellon University studied the incident on the Internet which lasts during the period 1989 to 1995. Research results, among others, that each domain will experience the incident once in a year and a computer (host) will experience the incident once in 45 years.
• Winter 1999, Computer Security Institute and the FBI conducted a survey which then results are published in a report. In this report there are a variety of interesting statistics, among others, that 62% of respondents felt that in the last 12 months is 57% feel that connection to the Internet is a source of attack, and 86% felt the possibility of attack from within (disgruntled employees) compared with 74% who feel the attacks from hackers.
• The number of weaknesses (vulnerabilities) system information reported to the Bugtraq increased four times (quadruple) since 1998 until 2000. In the beginning there are about 20 reports to 80 per bulannya1.
• In 1999 CVE2 (Common vulnerabilities and Exposure) publishes more than 1000 system weaknesses. CVE security consists of 20 organizations (including security companies and educational institutions).
• July 2001 appear SirCam viruses and worms Code Red (and then Nimda) that impact on the endless bandwidth. Virus SirCam send the files from the disk of the victim (along with the virus as well) to people who have sent emails to the victim. As a result the victim confidential files can be sent without being noticed by the victim. On the other hand, the person who sent this email to this SirCam virus infected and also felt "bombed" with an email that big. For example, a friend of the author gets the "bomb" an email from the victim as much as hundreds of emails SirCam virus (a total of more than 70 MBytes). While the Code Red worm attacked Microsoft IIS server that activates a specific service (indexing). After successfully login, this worm will scan the network to detect whether there is a server that can be entered by this worm. When available, the worm sent
to the target server. On the target server that is infected is happening again and repeat the scanning process. As a result of scanning the network out to each other and send this worm. Two pieces of this security hole dieksploit at almost the same time so that the network load becomes heavier. Jebolnya security system certainly had an impact. There are several examples of the consequences of jebolnya security system, among others:
• 1988. Sendmail mail security system be exploited by Tapan Robert Morris so crippled the Internet system. This activity can be classified as a "denial of service attack". An estimated cost to repair and other things that's missing is about $ 100 million. In 1990 Morris was sentenced (convicted) and only fined $ 10,000.
• March 10, 1997. A hacker from Massachusetts managed to shut down the telecommunications system at a local airport (Worcester, Massachusetts) that shut down the communication in the control tower and banish the plane you want land. He also disrupt the telephone system in Rutland, Massachusetts. http://www.news.com/News/Item/Textonly/0, 25,20278,00. html? pfv http://www.news.com/News/Item/0, 4,20226,00. html
• February 7, 2000 (Monday) until Wednesday morning, February 9, 2000. Some of the world's leading web attacked by a "distributed denial of service attack" (DDoS attack) so as not to provide services (down) for several hours. The place that was attacked, among others: Yahoo, Buy.com, eBay, CNN, Amazon.com, ZDNet, E-Trade. The FBI issued a new tool to search for programs trinoo or Tribal Flood Net (TFN), which allegedly used to carry out attacks from across the world.
• May 4, 2001. Gibson Research Corp. Site. (Grc.com) attacked Denial of Service attack by 13-year-old child so that the bandwidth of grc.com consisting of two (2) T1 connection becomes exhausted. Steve Gibson then examines the software used to attack (DoS bots, SubSeven trojan), the channel that used unstuck communicate (via IRC), and finally found a few things about this DoS attack. The full information on the site www.grc.com.
• June 2001. Researchers at UC Berkeley and the University of Maryland, successfully intercepting the data residing on the wireless LAN (IEEE 802.11b), which began rapidly adopted by companies.
No comments:
Post a Comment