Tuesday, May 24, 2005

A Risk Strategy for Corporate Business Survival - Lesson 3 – Defend

“4D”
A Risk Strategy for Corporate Business Survival
Deter. Detect. Defend. Document.

By Peter L. Higgins

Lesson 3 of a 4 Part Series


The Mission
Defend the target from any actions by the attackers tools. Targets may include a person, facility, account, process, data, component, computer, Intranet network or Internet. Actions against the target are intended to produce the unauthorized result. Some action categories are labeled:

· Probe
· Scan
· Flood
· Authenticate
· Bypass
· Spoof
· Read
· Copy
· Steal
· Modify
· Delete

The Take Away
In order to understand how to defend your corporate assets, you have to attack them yourself using a continuous combination of tools and tests. Only then will you find out where your single point of failure lies and where the attacker is going to successfully exploit a vulnerability you didn’t know exists.

No comments: