Destruction
Destruction is defined as attempts made to destroy the system, data/information and/or physical assets, basically efforts made to cripple the operations of a network.
Such cases generally begins with a repeated attempts using various security tools or methods which can be obtained via searching through Internet or by just asking through newsgroup or more commonly, "chatting". Once the attempts are successful, then the possibility of the network being terrorized will definitely be achieved.
For example by:
inserting a logic bomb, virus or worm into a program to cause loss of data on a disk and impair operations.
Logic Bomb
An application or system virus designed to "explode" or execute at a specified date and time.
Virus
A program that attaches itself to other programs, be it a document, system or application virus.
Worm
An independent program that replicates its own program files until it destroys other systems/programs or interrupts operation of networks or computer system,
monopolize the available space in memory or a system library, or unauthorized modification of a password to a file or a system rendering them inaccessible.
Perhaps the question that should have been asked is the reason behind the so called "attempts", which resulted to the crippling of the company's network. Below are some of the examples.
Internal Exploitation
Problem:
Malicious user whose sole purpose is to hurt the targeted network eg. ex- or dissatisfied employees who already knows the company secrets and knows exactly which target to hit.
Solutions:
Any organizations must update user database to ensure all ex-employees' have been deleted.
Organizations must change all important passwords especially the root as soon as system administrators or any privilege users leave the company.
Watch for disgruntled employees and resolve problems before they escalate.
Problem:
Intentional user whose purpose is to gain something which is useful to them eg. foreign employees who already have access to computers, networks, the company site and many other resources they may need; sabotage the system and assigned password for all access to the system including the hardware; and finally ask for a large sum of money in return for the passwords.
Solutions:
There should be at least two people in charge of the system and the network. The exact number of people needed depends on the size of the system and the network of the organization. Ensure sufficient backup in human resources.
Always create a back up for your system and most importantly your customer data. This will enhance customers trust and confidence in the organization.
Try to create a knowledge sharing environment or transfer of technology session within the organization.
External Exploitation
Problem:
Industrial spies poses as a legitimate person in the organization and tricks users into giving information. This can occur through phone calls, forged E-mail messages, or even in-person visits to the business site. This technique requires extensive research, but is usually very successful.
Solutions:
Create a good company policy on social security which includes physical security and barriers, installed, at business site, the kind of things a representatives should be allowed to say over the phone and shredding or incinerating potentially sensitive documents.
Problem:
Crackers/hackers using variety of tools and techniques to gain access to computers over the Internet just for "kicks".
Solutions:
Build a secure network and maintain the system security by keeping it up to date i.e. monitor access and use via event logging, monitoring system, clock synchronization etc.
Always be informed on latest bugs or security holes in network or operating system software. Install patches as soon as they become available.
Keep abreast on security tools development.
