英国伦敦计算机网络essay代写范文:简谈网络安全问题
www.ukthesis.org
08-12, 2014
Andrew Whitaker一破坏和进入某些事物为职业。作为“白帽子”黑客,他引领着知识咨询领域的一些相关专业人士,一连花费几天的时间对客户的电脑系统进行仔细搜寻寻找漏洞以进行网络犯罪、间谍和其他不法的“黑帽子”行为。团伙得出的结论既令人印象深刻又让人担心不安。这些客户中,有一些是公用事业公司,Whitaker和他的同事往往将目标放在控制水和电力供应等关键基础的软件上。用他的话来说,“每次进入都收获颇多。”
罪犯与间谍仍然可以在计算机领域中有大的收获。二月十五日这天Kickstarter对外宣称他盗取了网站的用户名,密码以及邮箱地址,用户可以直接通Kickstarter把自有资金捐给一些推动新项目的企业家。几天之后,一位网络安全部的负责人研究发现,一家法国航空与航天集团Snecma曾遭骇客袭击,尽管尚不清楚他们是否进入了公司的系统。近日,卡巴斯基实验室表示,发现一个自2007年启动以来,一直在全球范围内从事间谍活动的行动,这一行动代号为“面具”,目标包括从政府到活动人士及能源公司的一切对象。
ANDREW WHITAKER has made a career out of breaking into things. A “white hat” hacker in techie jargon, Mr Whitaker leads a team of security specialists at Knowledge Consulting Group who spend their days trying to worm their way into clients’ computer systems to see how vulnerable they are to cyber-criminals, spies and other nefarious “black hats”. The team’s record is both impressive and alarming. Some of the firm’s clients are utilities, and Mr Whitaker and his colleagues often target software that controls critical infrastructure, such as water and power supplies. “We’re getting in pretty much every single time,” he says.
Crooks and spooks are still finding plenty of chinks in digital armour too. On February 15th Kickstarter, a crowdfunding site that lets users send cash to entrepreneurs promoting novel projects, said hackers had stolen usernames, encrypted passwords and e-mail addresses from it. A few days later a security researcher claimed to have found evidence that Snecma, a French aerospace firm, had been attacked by hackers, though it is not clear if they got into its systems. Kaspersky Lab, a security firm, recently said it had discovered a global spying operation, dubbed “The Mask”, which had been running since 2007 and which targeted everything from governments to activists and energy companies.
The effects of a hacking attack can be devastating for a company’s reputation and its bottom line, as Target is discovering to its cost. At the end of last year the giant American retailer was hit by hackers who swiped the details of credit and debit cards held by 40m of its customers by placing malicious software on thousands of the registers in its stores. In total, intruders gained access to 70m records that contained partial names and e-mail and postal addresses of customers.
Target’s catastrophic breach may come to be seen as the digital equivalent of BP’s disastrous Deepwater Horizon oil spill. The retailer faces a whopping bill for cleaning up the mess the massive data leak has caused. Jefferies, an investment bank, estimates that it may have to pay up to $1.1 billion to the payment-card industry because of the breach. Target is also spending a fortune on such things as free identity-theft insurance for customers.
As more business shifts online, hackers have plenty of targets to aim at. Last year a report published by an arm of Symantec, a security firm, estimated that cybercrime costs the world $113 billion a year; it put the number of victims at 378m. The Ponemon Institute, another research outfit, reckons that in 2012 malicious attacks cost American companies $277 for each customer’s or user’s account put at risk, a lot more than the cost of leaks caused by technical glitches or mistakes by employees. Other countries are not far behind (see chart).
Since Edward Snowden’s leaks about the NSA’s activities, much ink has been spilled about the threat to cyber-security from rogue employees. Yet most breaches are still caused by outsiders. And businesses are struggling to match the wiles of the unknown intruders trying to pinch their data. Hikmet Ersek, the boss of Western Union, said financial-services firms like his are in a “street fight” with hackers.
The threat posed by determined cyber-invaders explains why companies that offer to mimic them and test the vulnerabilities of clients’ systems—a practice known as “penetration testing”—are in demand. Some businesses, such as banks and outfits handling electronic payments, are required by regulators or industry bodies to conduct regular “pentests”. Others hire pentesters because they think outsiders may spot things that internal security teams miss. “You tend to get tunnel vision in-house,” says Charles Henderson of Trustwave, an internet-security firm whose SpiderLabs arm conducts pentests.
Like Mr Whitaker, other white-hat hackers find it a doddle to bust into clients’ systems. Jim O’Gorman of Offensive Security says that his team was asked by an executive at a large electronics manufacturer to test its security. They were stunned by how quickly they broke into its networking and manufacturing systems. “I told him you’ve spent 20 years building up your firm’s reputation and in 20 hours we’ve got control of your company,” boasts Mr O’Gorman. Technology firms, which might be expected to know better, suffer more data breaches than those in other industries, or even the government.
A popular trick used by black-hat and white-hat hackers alike is to send fake “phishing” e-mails, which seem to come from legitimate sources and ask a firm’s employees to enter their usernames and passwords. Mr Whitaker says about a fifth of employees who receive these e-mails are fooled by them. Once inside a network, his team takes an average of four hours to take control of it.
Critics of pentesting say cheap software that automatically scans for vulnerabilities in a firm’s systems can automate much of the work pentesters do. They also claim that tests can create a false sense of security inside companies. Michael Borohovski of Tinfoil Security, which makes software that hunts for security flaws, says firms often make big changes to their systems between pentests, which can accidentally create new vulnerabilities. Moreover, some pentesters may simply lack the skills and ruthlessness to spot weaknesses that cyber-crooks will find。
Executives who have used pentesters acknowledge that clients should choose them carefully, and call them back whenever big changes are made to computer systems. But they reject the notion that they can be replaced with software. “They’re not just testing security tools, but also exploiting vulnerabilities to probe deeper inside companies’ systems,” says Richard Moore of New York Life, an insurer.
To convince sceptical clients that their systems are vulnerable, Trustwave records videos of its hackers breaking into them, to prove that they really did get in. Some white hats go even further, pinching a confidential document from their clients’ servers and then presenting it to them with a flourish. “This makes the threat much more real,” says Deke George of NetSPI, another pentesting firm. When shocked bosses are presented with this sort of evidence, they usually reach for their chequebooks fast to fix the problem.
Still, even a robust pentesting strategy combined with other security measures may not be able to foil dogged intruders. In Target’s case, it appears that the initial breach through which black hats secured access to its systems took place at a heating and ventilation company that was one of Target’s suppliers. More details about how the theft worked will no doubt emerge as investigations proceed.
New risks are constantly emerging, notably in the field of mobile apps. Companies are rolling out lots of these, so that their employees can work on tablets and smartphones as they travel. But pentesters who have begun probing them say that the quality of the security associated with them is years behind that of other corporate apps. So is anyone safe? Knowledge Group’s Mr Whitaker says that only one utility was able to frustrate his hackers’ attempts to break in. Its secret? The engineer whose data they wanted still kept it on old-fashioned floppy disks that he simply took out of his computer every night.
如果您有论文代写需求,可以通过下面的方式联系我们
点击联系客服