Network Security & Ethical Hacking
Neal Patrick and his friends did not realise they were doing anything unethical, in fact: when asked by Congress “At what point he questioned the ethics of his actions” – he answered “Once the FBI knocked upon my door.”
“I have found that inadequate network security is usually caused by a failure to implement security policies and make use of the security tools that are readily available. It’s vital that companies complete professional risk assessments and develop comprehensive security plans and infrastructures that are publicly supported by upper ...view middle of the document...
It is fair to assume that the original LANs where based on a very basic topology, select personnel used them (normally IT associated people), they were cumbersome and slow and everything took an age to do anything on them. There was no need for security at the time as there was no perceived threat from within as everyone was trusted and as the Internet did not exist there was no externally posed threat either.
Once LANs became linked up and WAN links were the norm plus the birth of the Internet and an increase in LAN exposure to working professionals (Non IT personal) there became a need to safeguard the network not only from external threats but also internal threats as well.i
It’s worth mentioning that the need to safeguard personal information is now a legal requirement under the Data Protection Act 1998 – if information is kept pertaining to a living person then that information must be stored in an adequately secure environment scaling to the severity of the data. For example, your email address does not have to have large security back ends, a simple encryption in a database would be fine, but medical records which are incredibly personal do require larger amounts of security to ensure they cannot be viewed or edited by unauthorised individuals.
Some governments in different countries are paving the way for the future by introducing legislation with regards to network security. By forcing people’s hands and introducing security principles to safeguard data on a network this can only be a good thing. Once these laws become enforceable, a badly designed or security lacking network will be made accountable and companies or individuals will be penalized accordingly.
An up to date example of the Government level IT Security legislation is the E-PARASITE Act being pushed through the US Congress as this report is written. The E-PARASITE act solicits the use of IT Security measures within the US to “unilaterally censor foreign websites.” This act provides the prime example of how the use of Security can trip the fine line between keeping people safe and censoring their lives – this act has become hot topic across the internet, companies such as Google, AOL and Facebook has opposed such a law that would pose huge risks to the internet. The precedent this sets, by allowing individuals and companies to file litigation to force ISP’s, Search Engines, Payment Processors and Ad networks to block and cease business with websites linked with online Piracy, and by extension, anything they consider illegal by US law.
Whilst enforcing Security measures may be prudent, this law has given way to a debate with excellent arguments: Critics say “The bill as drafted would expose law-abiding US internet and technology companies to new uncertain liabilities, private rights of action and tech mandates that would require monitoring of websites.”
This opens the floor to a larger debate of whether it is right to be able to do this, is this bill...