Difference between revisions of "Team 1 Sec4"
(→Corporate) |
(→Corporate) |
||
| Line 49: | Line 49: | ||
== Corporate == | == Corporate == | ||
| − | Financial Incentives: | + | '''Financial Incentives:''' |
1. To Prevent Exposure of sensitive or personal information - unauthorized people or competitors may be able to access your financial data or sensitive corporate information. | 1. To Prevent Exposure of sensitive or personal information - unauthorized people or competitors may be able to access your financial data or sensitive corporate information. | ||
| Line 63: | Line 63: | ||
6. To prevent loss of employees productivity | 6. To prevent loss of employees productivity | ||
| − | 7. | + | 7. To retain business partners |
| − | 8. | + | 8. To prevent loss of brand name popularity/credibility |
| − | 9. | + | 9. To prevent stock market loses |
10. To avoid dealing with lawsuits on compromise of customers and partners information | 10. To avoid dealing with lawsuits on compromise of customers and partners information | ||
| Line 77: | Line 77: | ||
13. To avoid losses incurred due to data lost beyond replacement | 13. To avoid losses incurred due to data lost beyond replacement | ||
| − | Non-Financial Incentives: | + | '''Non-Financial Incentives:''' |
All incentives for corporate are directly or indirectly financial incentives | All incentives for corporate are directly or indirectly financial incentives | ||
== Financial == | == Financial == | ||
Revision as of 02:46, 22 October 2005
Feasibility and cost of defending against such attacks.
For each class of target (home, corporate, financial), teams should
1) identify existing financial and non-financial incentives for
installing defenses,
2) evaluate the adequacy of these incentives,
3) discuss whether additional protection would be cost-effective,
4) identify the lowest cost provider for upgrading protection
(e.g., Microsoft, Norton, AOL, Corporate IT networks,
computer owners), and
5) list and evaluate possible policy levers for government
intervention (e.g., tax incentives, legal liability, insurance).
back to Team_1_Main
--Hema 08:48, 21 October 2005 (PDT)
Home
Identify existing financial and non-financial incentives for installing defenses,
Buffer flow attacks can use the vulnerability in IIS to gain control of a target machine. Once in control, it can set the computer to scan for other computers with the same vulnerability, and infect them. It can flood corporates or homes or financials with false data or make it inaccessible on prearranged dates. Because it can scan for vulnerable computers all across the Internet it can have a huge impact. It can be even more dangerous because it can create a back door into the computer, allowing unauthorized parties to control an infected computer. The back door can go unnoticed by the user for long extents of time. However infected computers broadcast the fact that they had been back doored by scanning for additional vulnerable computers. Individuals capable of receiving and identifying scans could use that information to break into the infected computers that had scanned them. Malicious users who prepare to identify scans, would receive lists of computers that could be taken over with trivial effort. And so infected computers could then be used to facilitate further attacks on still other computers. Such programs will greatly damage the state of Internet security for some time to come causing huge losses.
Home : Financial Incentives:
1. To prevent exposure of sensitive or personal information/Identity Thefts - Unauthorized people may be able to access your financial or medical data, personal documents or other personal information. The availability of this information may increase your risk of identity theft
2. To prevent cost to replace or repair – Sometimes attacks can totally destroy their machine making it unusable. They would have to get it replaced or spend money to get it repaired.
3. To prevent financial losses when their home based business is crippled. Most home based business owners use their personal computer for also storing information required for their business
4. To Prevent Loss of Communication – they would not be able to do their day to day operations on the computer or internet. This would result in delays in bill payments etc therefore resulting in fines.
Home: Non-Financial Incentives:
1. To prevent Denial of service – Such attacks can cause a significant amount of traffic over the network and relies on certain processes on your computer. This activity may reduce the availability of certain programs on your computer or may limit your access to the internet. What would normally take a couple of minutes to do will now take 10 minutes or more for them to finish.
2. To prevent Loss of Communication – they would be cut off from communicating from their friends or family
3. To prevent the hassle of getting their computer fixed and the inconvenience.
4. To prevent loss of credibility – if the user unknowingly infects other friends then they will be wary in trusting the e-mails from the user in future resulting in loss of credibility
5. To prevent frustration in being unable to complete their work.
6. To prevent unnecessary spamming. This might also make parents restrict their children from accessing the computer
--Hema 19:45, 21 October 2005 (PDT)
Corporate
Financial Incentives:
1. To Prevent Exposure of sensitive or personal information - unauthorized people or competitors may be able to access your financial data or sensitive corporate information.
2. To prevent Denial of service within corporate networks – Such attacks can cause a significant amount of traffic over the corporate network. This activity may reduce the availability of certain programs on your computer or may limit your access to the internet.
3. To prevent Denial of service of Company websites – DOS attacks of Company websites can result in loss of business especially if the companies are web based.
4. To prevent tampering of data
5. To retain Customers
6. To prevent loss of employees productivity
7. To retain business partners
8. To prevent loss of brand name popularity/credibility
9. To prevent stock market loses
10. To avoid dealing with lawsuits on compromise of customers and partners information
11. To prevent undue advantage to competitors during downtime
12. To avoid losses incurred to repair
13. To avoid losses incurred due to data lost beyond replacement
Non-Financial Incentives:
All incentives for corporate are directly or indirectly financial incentives
