More Simple Software/Security Threats
More Simple Software/Security Threats
There are more type of Software/security threats-
This is a technique attacker’s use to surreptitiously gain system access through another user’s account. This is possible because users often select weak passwords. The two major problems with the passwords are when they are easy to guess based on knowledge of the user and when they are susceptible to dictionary attacks (that is, using a dictionary as the source of guesses).
This attack exploits the need to have a service available. It is a growing trend on the internet because websites in general are open doors ready for abuse. People can easily flood the web server with communication in order to keep it busy.
Therefore, companies connected to the internet should prepare for (DoS) attacks. They also are difficult to trace and allow other types of attacks to be subdued.
The sender address on internet e-mail cannot be trusted because the sender can create a false return address. Someone could have modified the header in transit, or the sender could have connected directly to the Simple Mail Transfer (SMTP) Port on the target computer to enter the e-mail.
This refers to the recording and retransmission of message packets in the network. Packet replay is a significant threat for programs that require authentication sequences because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable, but can be prevented by using packet time stamping and packet sequence counting.
This involves one system intercepting and modifying a packet destined for another system. Packet information may not only be modified, it could also be destroyed.
This is a common form of cracking. It can be used by outsiders and by people within an organization. Social engineering is a hacker term for tricking people into revealing their password or some form of security information.
In these attacks, a hacker uses various hacking tools to gain access to the systems. These can range password-cracking tools to protocol hacking and manipulation tools. Intrusion detection tools often can help to detect changes and varies that take place within systems and networks.
The reason for doing this is that system tend to operate within a group of other trusted systems. Trust is imparted in a one-to-one fashion; computer A trusts computer B (this doesn’t imply that system B trusts system A). Implied with this trust is that the system administrator of the trusted system is performing the job properly and maintaining an appropriate level of security for the system.
Network spoofing occurs in the following manner:
If computer A trusts computer B and computer C spoofs computer B, then computer C can gain otherwise-denied access to computer A.
Information system threats are classified mainly into 4 categories,
These are the types of threats which include the physical damage to the computer system. This damage could be to either hardware or software. These damages could be due to natural calamity like earthquakes, hurricanes, floods, etc.
These are the type of threats that occur accidently like occurrence of any unexpected error or system falling short of the storage space. Accidental error can cause corruption of data when an unexpected error occurs.
It consists of any kind of tampering done with the system or the communication channel or the network with the intention of causing harm to the system or interruption in the communication. It consists of viruses, malware, Trojan horse, spyware etc.
System must have an antivirus or anti-spyware software to counter the act of spying from any attacker.
This kind of threat describes the case when a person who is not authorized gets an access to the restricted areas of the system. If this happens, the data that are stored in the system becomes highly vulnerable to any kind of tampering.
To overcome these kinds of threats we use authentication and authorization.
You May Also Like-
What do you mean by Information Security?
What are imperfection or defects of Solids
What Do you know about Solid State?
What do you know about Solid Waste??
Processing of solid waste and On-site Handling by engineering System
What do you know about Hazardous Waste??
Landfill Disposal of Solid Waste
Right Understanding We all know that the Human Desire is to be in continuous happiness which is the need of I (self). But do you know, from where Continuous happiness will come? No, right! So continuous happiness is to be in Right Understanding, Right Feeling, and Right Thought that is Activity of I (Self). Do…
Where We Are (Self-Evolution) We exist as human being. We want to live a fulfilling life. We have some desires and we have some programs for the fulfilment of it. We need to understand our basic aspiration and program for its fulfillment correctly and comprehensively. Only then, we can ensure fulfillment. We should explore ourselves…
Highway Construction Embankment Construction Materials and General Requirements The materials used in embankments, subgrades, earthen, shoulders, and miscellaneous backfills shall be soil, moorum, gravel, a mixture of these. Clay having liquid limit exceeding 70 and plasticity index exceeding 45; shall be considered unsuitable for embankment. Sub-grade and top 500mm portion of the embankment just below…
Special Concretes Concrete is most vital material in modern construction. In addition to normal concrete, other varieties in use are, high strength and high-performance concrete, self-compacting, lightweight, high density, fiber reinforced, polymer, colored concrete, etc. The making of concrete is an art as well as a science. Special types of concrete are those with out-of-the-ordinary…
Marketing Practices Success in the world of business, no matter how you earn it, you have to rule on the marketplace. Although luck plays a role in the outcome of the market strategies. In the business decisions, there should be the understanding of market otherwise the failure will take place by the marked decisions. While…
Risk Analysis The risk that remains after the implementation of controls is called the residual risk. All systems will have residual risk because it is virtually impossible to completely eliminate risk to an IT system. In other words, we can say that there are two main parts of the security risk analysis known as Quantitative…