The Security

Better Security & Security Risk

Common Security Threats against Networks

Attackers have different motivations—profit, mischievousness, glory—but they all work in similar  ways. Several basic threats exist, all of which are capable of infinite variation. Spam. Spam, or unsolicited commercial e-mail messages, wastes bandwidth and time. The  Sheer volume of it can be overwhelming, and it can be a vehicle for viruses. Much of it is of an explicit sexual nature, which in some cases can create an uncomfortable work environment and, potentially, legal liabilities if companies do not take steps to stop it.

Spoofing

A couple of kinds of spoofing exist. IP spoofing means creating packets that look as though they have come from a different IP address. This technique is used primarily in one-way attacks  packets appear to come from a computer on the local network, it is possible for them to pass through firewall security

IP spoofing attacks are difficult to detect and require the skill and means to monitor and analyze data packets. E-mail spoofing means forging an e-mail message so that the From address does not indicate the true address of the sender. For example, a round of hoax e-mail messages circulated the Internet in late 2003 that were made to look as though they carried a notice of official security updates from Microsoft by employing a fake Microsoft e-mail address. Dozens of industry leaders, including Microsoft, have co-developed a technology called the Sender ID Framework (SIDF) that helps to counter e-mail spoofing and phasing by validating that message come from the mal servers they claim to come from.

 Phasing

 Phasing is Increasingly becoming a tactic of choice for hackers and organized crime. Typically, an attacker sends an e-mail message that looks very much like it comes from an official source (such as eBay or Microsoft). Links in the message take you to a website that also looks like the real thing. However, the site is just a front, and the goal of the scam is to trick you into giving away personal information, sometimes for spam lists, sometimes so that the perpetrators scan steal your account information or even your identity. The victims of these scams are not only the users who may divulge personal and confidential information, but also the spoofed business’ brand and reputation.

Viruses

Viruses are programs designed to replicate themselves and potentially cause harmful actions. They are often hidden inside innocuous programs. Viruses in e-mail messages often masquerade as games or pictures and use beguiling subjects (for example, “My girlfriend nude”) to encourage users to open and run them. Viruses try to replicate themselves by infecting other programs on your computer. forms.

Worms

are like viruses in that they try to replicate themselves, but they are often able to do so by sending out e-mail messages themselves rather than simply infecting programs on a single computer.

Trojan horses

These malicious programs pretend to be benign applications. They don’t replicate like viruses and worms but can still cause considerable harm. Often, viruses or worms are smuggled inside a Trojan horse.

Spy ware

Spy ware refers to small, hidden programs that run on your computer and are used for everything from tracking your online activities to allowing intruders to monitor and access your computer. You might be the target of spy ware or other unwanted software if you download music from file-sharing programs, free games from sites you don’t trust, or other software from an unknown source.

Tampering

Tampering consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after a network has been penetrated. For example, an attacker might place a tap on a network line to intercept packets as they leave your establishment. The attacker could eavesdrop or alter the information as it leaves your network.

Repudiation

Repudiation refers to a user’s ability to falsely deny having performed an action that other parties cannot disprove. For example, a user who deleted a fi le can successfully deny doing so if no mechanism (such as audit records) can prove otherwise.

Information disclosure

Information disclosure consists of the exposure of information to individuals who normally would not have access to it. For example, a user on your network might make certain files accessible over the network that should not be shared. Employees also tend to share important information, such as passwords, with people who should not have them.

Denial of Service

DoS attacks are computerized assaults launched by an attacker in an attempt to overload or halt a network service, such as a Web server or a file server. For example, an attack may because a server to become so busy attempting to respond that it ignores legitimate requests for connections.

Elevation of privilege

Elevation of privilege is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.

Pirated software

The use of counterfeit software is widespread. In some parts of Asia and the former Soviet Union, at least 90 percent of the software used is counterfeit. Even in the United States, an estimated 25 percent of software is counterfeit. While the low prices of counterfeit software can be attractive, such software comes with a potentially much higher price: Counterfeit software can contain bugs and viruses and is illegal. Genuine Microsoft software provides up-to-date protection against hackers and e-mail viruses.

Top

Attackers have different motivations—profit, mischievousness, glory—but they all work in similar  ways.

Protect your Network with a firewall

Wireless networks not more secure

Never open suspicious files