Reports of computer security failures appear frequently in the daily new. Cite a reported failure that exemplified one (or more) of the principles listed in the chapter: easiest penetration, adequate protection, effectiveness, weakest link.
There has been a lot of reports of security breaches in the news, for example the Sony Playstation Network, RSA Lockheed Martin compromise, Hyundai and so on, these have been of recent and these all show how vulnerable we are to security threats out there on the world wide web which has very little to do with borders of the country or state.
The Internet is a gateway of information all over the word where people are connected and providing and absorbing information. Many of the security restrictions that apply in a physical sense do not in the cyber world.
I have picked the Sony Playstation Network (PSN) compromise as my topic of discussion to show the areas covered in chapter one that talk about penetration, protection, effectiveness, weakest link. A successful penetration into the PSN by the attacker, has compromised peoples credit card information, birthdates, addresses, phone numbers and more. The successful penetration was delivered disguised in the form of a purchase as stated by Sony Chief Information Officer Shinji Hajesima (Ogg, 2011).
The systems were unable to detect the attack going through as it went through has a purchase transaction. This show lack of adequate protection, in the article it also mentions that the vulnerability that was exploited by the hacker was also known. This shows that it is absolutely important to make sure that the patches for known vulnerabilities are deployed and the systems are patched accordingly, though one may argue if the patching introduces other forms of vulnerability.
The successful exploitation of the system led to the loss of personal details of up to 70 million (Schreier, 2011) customers, this information could be used for identity theft, credit card theft, and besides that the down time for customers who are using the system that they have paid for. The effectiveness of this attack is shown by the shutdown of the PSN for a number of days. This shows that the effectiveness of the protection on this system was lacking, the inability to pickup on the intrusion as it happened and thus showing us a weak link in the system security.
The article shows us the combination of things that have come into play that have led to the successful compromise of the PSN network. Starting with the vulnerability that was known by Sony with the systems and left unattended, secondly the inability of the intrusion detection system to pick up the actual attack or the delivery of the malformed data that exploited the vulnerability to permit access to the attacker, lastly the storage of data in an unencrypted but hashed form which is reversible to obtain the credentials and personal details of the PSN users or customers.