Things that we considered science fiction a decade ago arenot only a reality, but an engrained part of our life. Heck, if the dedicated line at myhouse goes down for more than 30 minutes, my wife is screaming at me to fix it. This istruly the age of computers.

From a functionality standpoint, computers are great when they are stand-alone devices.If I have a computer in my home with no network connection, do I really need anycomputer security? The house usually provides enough security to protect it. But nowthat everyone is connecting their computers together via the Internet, we are buildingthis web of trust where everyone trusts everyone else. There is just one problem:everyone does not trust everyone else. Yet, in most cases, we are giving everyone fullaccess to this information. At this point, let’s step back and look at how this happened.

This happened because people got so caught up in technology and functionality that noone worried about security yet security is critical in this day and age.Ten years ago when I worked in security, I remember that no one wanted anything to dowith me. The security guy was like the smelly kid in school. No one would sit next to meat meetings. No one would even want to go to lunch with me out of fear that hismanager would see him with the security psycho, and he wouldn’t get that bigpromotion. Why did people hate security so much? People did not see the value ofsecurity; they thought it was a waste of money and did not think the threat was real.

With most other technologies, there is an immediate tangible benefit. For example, youcan directly see the benefit of installing a new network or a new server for a company faster access, more storage space, more efficient calculations, and so on. With security,there is no direct benefit, only an indirect benefit your data and information will besecure. In most cases, a company does not realize the benefit of security until it is toolate. Only after an attacker breaks into its system and steals $10 million does a companysee the need for security and becomes willing to pay the money. Think of how muchmoney the company would have saved if it had invested in security originally.

As more and more companies suffer losses, hopefully, more and more companies willstart investing in security from the beginning and not wait for a major breach in securityto realize how much they need it. Think about car insurance. Everyone who buys a cargets insurance immediately, just in case an accident occurs. I know people who havenever been in an accident for 30 years and still get insurance because they know that itis cheaper to have insurance and not have an accident than not have insurance and getinto an accident. Companies need to use the same logic with security. No matter whatsize company you are or what type of business you do, security is always a wiseinvestment.

No systems are safe. Any system that is connected to the Internet is getting probed andpossibly broken into. If you do not believe me, run the following simple experiment.Because most home computers have either direct connections or dial-up connections,you can use your home computer for this experiment. Purchase or download one of thepersonal firewall products that are available on the Internet. There are several programsout there, but Zone Alarm, available from www.zonelabs.com, has a free version for noncommercialuse. Install the program on your system, keep your system up for at least 48hours, and get ready to be amazed. Usually within less than two days, your systems willbe probed several times and even broken into. For example, I called up an ISP, receivedan IP address, connected, and within 30 minutes, I received over five probes of thesystem. Think about this for a minute. If your home computer, with no domain name,that no one cares about, gets probed and attacked, what does that say for a company? Itbasically says that systems will be attacked, and without good security, they will bebroken into and compromised.

I have had companies tell me that they have never had an attempted attack against theirsystems. That statement is false. The correct statement is that they have never had anattempted breach that they detected. Just because you are looking in the wrong placesdoes not mean that your site is secure. It is critical that companies know the right placesto look and the proper way to secure their systems. Hopefully, this article will show youwhat attackers are up to and give you insight into their tools and techniques so that youcan look in the right places and better defend your sites.

Remember, the best way to have a good defense is to understand the offense. That isthe main goal of this article: to make people aware of the techniques, methods, and toolsattackers are using to compromise systems and use that knowledge to build securenetworks. Security cannot be done in a vacuum; you must understand what the threat is.In this field, ignorance is deadly and knowledge is power.