英國倫敦計(jì)算機(jī)網(wǎng)絡(luò)essay代寫范文:簡談網(wǎng)絡(luò)安全問題
www.mythingswp7.com
08-12, 2014
Andrew Whitaker一破壞和進(jìn)入某些事物為職業(yè)。作為“白帽子”黑客,他引領(lǐng)著知識咨詢領(lǐng)域的一些相關(guān)專業(yè)人士,一連花費(fèi)幾天的時間對客戶的電腦系統(tǒng)進(jìn)行仔細(xì)搜尋尋找漏洞以進(jìn)行網(wǎng)絡(luò)犯罪、間諜和其他不法的“黑帽子”行為。團(tuán)伙得出的結(jié)論既令人印象深刻又讓人擔(dān)心不安。這些客戶中,有一些是公用事業(yè)公司,Whitaker和他的同事往往將目標(biāo)放在控制水和電力供應(yīng)等關(guān)鍵基礎(chǔ)的軟件上。用他的話來說,“每次進(jìn)入都收獲頗多。”
罪犯與間諜仍然可以在計(jì)算機(jī)領(lǐng)域中有大的收獲。二月十五日這天Kickstarter對外宣稱他盜取了網(wǎng)站的用戶名,密碼以及郵箱地址,用戶可以直接通Kickstarter把自有資金捐給一些推動新項(xiàng)目的企業(yè)家。幾天之后,一位網(wǎng)絡(luò)安全部的負(fù)責(zé)人研究發(fā)現(xiàn),一家法國航空與航天集團(tuán)Snecma曾遭駭客襲擊,盡管尚不清楚他們是否進(jìn)入了公司的系統(tǒng)。近日,卡巴斯基實(shí)驗(yàn)室表示,發(fā)現(xiàn)一個自2007年啟動以來,一直在全球范圍內(nèi)從事間諜活動的行動,這一行動代號為“面具”,目標(biāo)包括從政府到活動人士及能源公司的一切對象。
ANDREW WHITAKER has made a career out of breaking into things. A “white hat” hacker in techie jargon, Mr Whitaker leads a team of security specialists at Knowledge Consulting Group who spend their days trying to worm their way into clients’ computer systems to see how vulnerable they are to cyber-criminals, spies and other nefarious “black hats”. The team’s record is both impressive and alarming. Some of the firm’s clients are utilities, and Mr Whitaker and his colleagues often target software that controls critical infrastructure, such as water and power supplies. “We’re getting in pretty much every single time,” he says.
Crooks and spooks are still finding plenty of chinks in digital armour too. On February 15th Kickstarter, a crowdfunding site that lets users send cash to entrepreneurs promoting novel projects, said hackers had stolen usernames, encrypted passwords and e-mail addresses from it. A few days later a security researcher claimed to have found evidence that Snecma, a French aerospace firm, had been attacked by hackers, though it is not clear if they got into its systems. Kaspersky Lab, a security firm, recently said it had discovered a global spying operation, dubbed “The Mask”, which had been running since 2007 and which targeted everything from governments to activists and energy companies.
The effects of a hacking attack can be devastating for a company’s reputation and its bottom line, as Target is discovering to its cost. At the end of last year the giant American retailer was hit by hackers who swiped the details of credit and debit cards held by 40m of its customers by placing malicious software on thousands of the registers in its stores. In total, intruders gained access to 70m records that contained partial names and e-mail and postal addresses of customers.
Target’s catastrophic breach may come to be seen as the digital equivalent of BP’s disastrous Deepwater Horizon oil spill. The retailer faces a whopping bill for cleaning up the mess the massive data leak has caused. Jefferies, an investment bank, estimates that it may have to pay up to $1.1 billion to the payment-card industry because of the breach. Target is also spending a fortune on such things as free identity-theft insurance for customers.
As more business shifts online, hackers have plenty of targets to aim at. Last year a report published by an arm of Symantec, a security firm, estimated that cybercrime costs the world $113 billion a year; it put the number of victims at 378m. The Ponemon Institute, another research outfit, reckons that in 2012 malicious attacks cost American companies $277 for each customer’s or user’s account put at risk, a lot more than the cost of leaks caused by technical glitches or mistakes by employees. Other countries are not far behind (see chart).
Since Edward Snowden’s leaks about the NSA’s activities, much ink has been spilled about the threat to cyber-security from rogue employees. Yet most breaches are still caused by outsiders. And businesses are struggling to match the wiles of the unknown intruders trying to pinch their data. Hikmet Ersek, the boss of Western Union, said financial-services firms like his are in a “street fight” with hackers.
The threat posed by determined cyber-invaders explains why companies that offer to mimic them and test the vulnerabilities of clients’ systems—a practice known as “penetration testing”—are in demand. Some businesses, such as banks and outfits handling electronic payments, are required by regulators or industry bodies to conduct regular “pentests”. Others hire pentesters because they think outsiders may spot things that internal security teams miss. “You tend to get tunnel vision in-house,” says Charles Henderson of Trustwave, an internet-security firm whose SpiderLabs arm conducts pentests.
Like Mr Whitaker, other white-hat hackers find it a doddle to bust into clients’ systems. Jim O’Gorman of Offensive Security says that his team was asked by an executive at a large electronics manufacturer to test its security. They were stunned by how quickly they broke into its networking and manufacturing systems. “I told him you’ve spent 20 years building up your firm’s reputation and in 20 hours we’ve got control of your company,” boasts Mr O’Gorman. Technology firms, which might be expected to know better, suffer more data breaches than those in other industries, or even the government.
A popular trick used by black-hat and white-hat hackers alike is to send fake “phishing” e-mails, which seem to come from legitimate sources and ask a firm’s employees to enter their usernames and passwords. Mr Whitaker says about a fifth of employees who receive these e-mails are fooled by them. Once inside a network, his team takes an average of four hours to take control of it.
Critics of pentesting say cheap software that automatically scans for vulnerabilities in a firm’s systems can automate much of the work pentesters do. They also claim that tests can create a false sense of security inside companies. Michael Borohovski of Tinfoil Security, which makes software that hunts for security flaws, says firms often make big changes to their systems between pentests, which can accidentally create new vulnerabilities. Moreover, some pentesters may simply lack the skills and ruthlessness to spot weaknesses that cyber-crooks will find。
Executives who have used pentesters acknowledge that clients should choose them carefully, and call them back whenever big changes are made to computer systems. But they reject the notion that they can be replaced with software. “They’re not just testing security tools, but also exploiting vulnerabilities to probe deeper inside companies’ systems,” says Richard Moore of New York Life, an insurer.
To convince sceptical clients that their systems are vulnerable, Trustwave records videos of its hackers breaking into them, to prove that they really did get in. Some white hats go even further, pinching a confidential document from their clients’ servers and then presenting it to them with a flourish. “This makes the threat much more real,” says Deke George of NetSPI, another pentesting firm. When shocked bosses are presented with this sort of evidence, they usually reach for their chequebooks fast to fix the problem.
Still, even a robust pentesting strategy combined with other security measures may not be able to foil dogged intruders. In Target’s case, it appears that the initial breach through which black hats secured access to its systems took place at a heating and ventilation company that was one of Target’s suppliers. More details about how the theft worked will no doubt emerge as investigations proceed.
New risks are constantly emerging, notably in the field of mobile apps. Companies are rolling out lots of these, so that their employees can work on tablets and smartphones as they travel. But pentesters who have begun probing them say that the quality of the security associated with them is years behind that of other corporate apps. So is anyone safe? Knowledge Group’s Mr Whitaker says that only one utility was able to frustrate his hackers’ attempts to break in. Its secret? The engineer whose data they wanted still kept it on old-fashioned floppy disks that he simply took out of his computer every night.
如果您有論文代寫需求,可以通過下面的方式聯(lián)系我們
點(diǎn)擊聯(lián)系客服