Protecting Against Internet Activists

1454 Words3 Pages

Internet activists are often times a section of people whom meet in the cyber world and collectively deny customers from accessing corporate web sites. The intention of these internet activists is often denial of service. While the intentions of ”traditional” hackers are not just denial of service but stealing valuable insider information and data, internet activists only try to disrupt service.

Organizations these days should guard against cyber-attacks on their web sites by having a very structured security policy. It is not just enough to have a secure infrastructure setup as a one-time effort but continuous monitoring is necessary to ensure no security breach takes place. A well configured intrusion detection system is the first step to ensuring a network that is constantly monitored. Firewalls, constantly updated antivirus programs, frequent and prompt software updates in addition to penetration testing could help organizations falling target to outsider attack.

While organizations deal with trying to keep their business up and running through their websites, activists work hard trying to disrupt the offerings provided by these organizations to their customers. Distributed Denial of Service (DDoS) attacks are a major means of unsettling a business. A DDoS attack often begins with setting up an attack network. The attackers use tools like Nmap and Nessus and find vulnerable machines which become secondary targets using which the attack on the victim is launched from. While organizations cannot prevent attackers from using these secondary targets certain mitigation strategies like load balancing, throttling or dropping requests are security countermeasures that could be applied to address such concerns.

The post-inci...

... middle of paper ...

... process should include questions about the location of servers on which the data gets stored. This is important because significant legal implications would exist depending on the country the data is housed in. Also, the questions about who would manage the data and in which locations, identity access and privacy controls would have to be discussed about. Data encryption techniques that are used by the prospective providers would lead to a good deal of confidence in selecting a provider. Questions on data segregation will need to be asked as well. This would ensure that other clients of the same provider have their data segregated and separated out. The cloud provider should also be asked details about its disaster recovery and business continuity plans. Service Level Agreements (SLA) should be well detailed and documented to avoid confusion and provide clarity.

Open Document