Chapter 2 - What Are We Trying to Prevent?

Abstract

This chapter discusses the different threats that are faced in an Internet protocol (IP) network along with their solutions. A threat to a network might come from actual intent to harm it, or from a malicious source a user may inadvertently activate. Administrators need to understand the risks they are facing, and assign resources to reduce and manage those risks. Writing down every potential adverse event is a complex and time-consuming task as risks because of information security events are highly variable, and change over time as new tools emerge and new malicious code is distributed. However, it is a necessary task to prevent monetary loss. The severity of the risk is classified in one of four categories such as critical, severe, moderate, and low. The probability ranking is also categorized in one of four different classifications such as frequent, probable, occasional, and possible. The chapter uses these classifications to explain different type of threats discussed. It also emphasizes that the sources of harm are related to goals of information security and results in losses such as loss of confidentiality, loss of integrity, and loss of availability. There are a wide variety of sources that threats can come from. A good way to classify them is based on their skills, knowledge, resources, authority, and motives. Based on these classifications, different types of attacks can also be categorized such as malicious mobile code attack, which include worms, viruses and Trojan horses, and denial of service (DOS) attack. The chapter describes all these types of attacks illustrating various techniques that can be used to prevent these attacks. It also highlights methods that are used to identify these breaches in a network.