A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other examples of security risks in the network environment.

Hacking

Hacking is any attempt by an intruder to gain unauthorised access to a computer system. Activities carried out by hackers can include denial of service (DoS), dumping, port scanning and sniffing. Denial of service (DoS) prevents or inhibits the normal use or management of communication facilities. The attacker can redirect or suppress all messages to a particular destination. DoS attacks are initiated with software and can be launched by rival businesses or individuals with little or no computer skills (NOIE, 2002). Internet 'dumping', more applicable to small businesses, is when someone utilises the company's modem to place calls to high-cost premium rate or international numbers. This can be achieved by inducing users (often by promising adult content) to download new Internet dialer software, replacing their ISP connection. Proving that dumping was conducted without the user's knowledge can often be difficult. To prevent dumping, telecommunications companies can place a bar on all premium calls starting with 190 (e.g., 1900, 1901, 1902, etc.) and on international phone services. If business computers are not equipped with modems, dumping should not be a problem (NOIE, 2002).

Port Scanning and Sniffing

Port scanning scans a range of TCP (Transport Control Protocol) port numbers, UDP (User Datagram Protocol) port numbers, or both for a single host IP (Internet Provider) address in order to identify services running on the host computers. Sniffing programs can be installed on computer systems to observe traffic, storing information (ID/Passwords) that can be used to access other systems. Sniffer software tracks data travelling over the Internet or a corporate network. Unauthorised sniffers can compromise a network's security because they are difficult to detect and can be inserted almost anywhere.

Viruses

A computer virus is a program that can infect other programs by modifying them to include a copy of itself. A virus can be transmitted through an attachment to an e-mail, and by downloading infected programs and files either from web sites, floppy disks or CDs. Depending on the code in the virus program, some will activate as soon as the file is opened, while others will lie dormant in the computer system until activated by a trigger such as a specific date, execution of a particular key on the keyboard or activation by a particular function such as forwarding an e-mail to another user in the organization. Similar to human viruses, computer viruses can grow, replicate, travel, adapt and learn and consume resources.
Other virus-related attacks include worms. Worms install themselves on a machine, and actively seek to send themselves to other machines to infest those machines. Without any human action worms can spread more quickly than viruses. On January 25, 2003 a worm called Slammer spread with an astonishing speed on the Internet. Within ten minutes the Slammer had infested about 90% of vulnerable hosts on the Internet. Although it was controlled within hours, it had achieved its aim of infesting all vulnerable servers before the world even realised what was happening. The best protection against computer viruses is to use anti-virus software installed on all computers, and updated regularly.

Flaws in Technology and Software or Protocol Designs

If systems obtained from vendors are not aligned to the organization's security system it can lead to easy break-in to networks. When software and systems are first installed they come in a number of default settings, sample programs, and templates that are vulnerable to attack. Ignorance of implementation details by system administrators, sometimes due to a lack of time, a lack of expertise, or improper management also sacrifices security (www.softheap.com). Protocols define the rules and conventions for computers to communicate on a network. If a protocol has a design flaw it is vulnerable to exploitation no matter how well it is implemented. With software implementations, if security is added on later, it sometimes does not respond to security checks as planned, leading to unexpected vulnerabilities.
S-HTTP is exactly what its name suggests: a security-enhanced extension of the Hypertext Transfer Protocol. S-HTTP works at the application level, encrypting the contents of messages relayed between a browser and a server, allowing client and server to negotiate the strength and type of encryption to be used. S-HTTP supports end-to-end secure transactions by incorporating cryptographic enhancements to be used for data transfer at the application level.

Intruders' Technical Knowledge

For an intruder to achieve access to a system, he or she would have to have a good understanding of network topology, operations, protocols, databases and information management structures. Intruders can examine source code to discover weaknesses in certain programs, such as those used for electronic mail. Source code sometimes is easy to obtain from programmers who make their work freely available on the Internet. Programs written for research purposes (with little thought for security) or written by naive programmers become widely used, with source code available to all.
It is difficult to characterise people who cause security incidents. An intruder may be an adolescent who is curious about what he or she can do on the Internet, a college student who has created a new software tool, an individual seeking personal gain, or a 'paid spy' seeking information for the economic advantage of a corporation or foreign country. A disgruntled former employee or a consultant who gained network information while working with a company may also cause a security incident. An intruder may also seek entertainment, intellectual challenge, and a sense of power, political attention, or financial gain.