1.4 DIFFERENT TYPES OF THREATS

Under information security policies, they cover up all issues related to the software hacking. Practically, an organization must be ready to handle different types of attacks on the security of an organization. In this section we discuss the four types of threats for breaching the security of an organization.

  • · Physical Security Threats
  • · Network Security Threats
  • · Software Security Threats
  • · Password Security Threats

1.4.1 Physical Security Threats

Physical security basically describes measures to prevent from attackers for accessing a resource, or information stored on physical media. It also provides guidance to the attackers how to design structures to protect various unfriendly acts. Physical security in an organization is not a trivial task as it might seems to be on the first sight. It might include a closedcircuit television to monitor an intruder’s entry and also to monitor to daytoday functioning of the internal workers so that they might also not be able to tamper with the security of the system, and also includes security lighting and fencing to badge access and heating, ventilation and airconditioning. Another area of physical security is to manage the backup power in the event of power failure. The use of uninterruptible power supplies is usually adopted by most of the organizations which do not have another backup facility such as diesel generators. A physical intruder may penetrate into the system and walk out with the main server of the organization by disconnecting it from other devices or simply he/she might turn off the firewall by disconnecting the cables while the organization still believes that they are very well protected because they have installed an advanced firewall.

Physical security threats may classified into four major categories:

  • · Electrical: Electrical threats are come from insufficient voltage of different devices and hardware systems.
  • · Environmental: these types of threats are due to natural disasters such as fires, flooding, storms etc. Environmental threats can also occur from extreme temperature or humidity.
  • · Hardware: Hardware threats deals with their physical hardware damage or its theft.
  • · Maintenance: Maintenance threats may arise from poor handling of electronic components such as poor cabling, poor device labeling, etc.

1.4.2 Network Security Threats

There are many ways by which attackers can invade a network. Each attacker has his/her own bag of tricks that can be used to break into a system. The basic network invasion involves five main components: reconnaissance, scanning, gaining access, maintaining access and covering tracks. It might seem odd to think of a methodology for hackers; but as with anything else, time matters. So to maximize time most hackers may follow a similar methodology.

The first phase in the methodology is the reconnaissance phase. In this phase, the attacker tries to gain as much information as possible about the target network. There are two primary ways an attacker can do this: active and passive. The passive attacks can often generate a lot of good information about the network the hacker wants to attack. The hacker would often begin by reading through the target organization’s website to see if any information can be gained or look for contact information for key employees, information on other type of technology used at the organization, and any other nugget of information which can be used in the attack. The company’s website may be visited thoroughly or internet search engines can be used to find more information about the network. The attackers may look for information in the DNS servers to attack the organization. This would provide a list of server and corresponding IP addresses. Once this is done, the hacker would move to active attacking.

An attacker would begin scanning, looking for holes to compromise to gain access to the network. The servers available on the internet may be scanned to look for the known vulnerabilities. Organization’s firewall and the routers may also be looked to search for the vulnerabilities. Next phase is gaining access. There are many ways for an attacker to gain access to the target network. Some of the more common entry points into the network are through the target server’s operating system.

To maintain access, an attacker may upload a custom application onto the compromised server which can act as a back door for the attacker which allows him to enter and exit into the network at his/her own wish. Once an attacker has determined his/her mechanism for getting back into the server, the last step in the hacker methodology is to cover his/her tracks. A clever attacker may just modify his/her log entries to show that the traffic was originating from a different IP address.

1.4.3 Software Security Threats

The most sophisticated threat to information systems is from the malicious software or malicious programs. These software programs carry harmful damage to an organization’s data and the software, without the knowledge of the users on the systems they execute on. These programs mostly are deliberately written by professional intruders called hackers and their motive to carry maximum damage to an organization’s data.

The most well known of all types of malicious programs are viruses. A virus is a program code that has a both the ability to replicate itself as well as attach itself to other programs. Viruses exploit the details and vulnerabilities of the particular operating systems and particular hardware platform in order to carry out their work. A virus infected program can be categorized into different phases. The first of these is dormant phase. Here the program just contains a copy of the virus code. When the program in the dormant state is executed, the virus code gain control of the program and uses this opportunity to propagate by copying itself onto other programs. This is called propagation phase .When an infected program is run, the virus may perform the unwanted and dangerous actions that it is capable of. This is called active phase. We will study in detail about the virus and other malicious programs in the next unit.

1.4.4 Password Security Threats

Authentication is the process of determining whether a user is the one who he/she says he/she is , based on the information such as User ID, password, source (network address or called ID number from which he/she is connecting). Most servers of various kinds provide their own builtin authentication. This consists of a user and a password list stored locally. The builtin authentication may range from simple names and passwords stored in clear text form to an encrypted set of information that then points to another set of encrypted data elsewhere on the same system. However, the results are generally the same:

1) The user connects to the server and requests a connection.

2) The server asks for authentication data.

3) The user sends a user ID and password.

4) On more secure systems, this information is encrypted before it is sent, but for many systems, authentication information is sent as clear text.

5) The server compares the password received to the locally stored authentication data and tries to find a match.

6) If there is a match, the user is granted access to the system.

Using the built & in authentication system is usually the easiest option, because it is installed with the server software, and it requires no configuration outside of providing user account information. However for some systems, the builtinauthentication is the weakest point because the authentication data is stored on the same system to which the users are connected. In addition, because each device has its own builtin authentication, that requires you to maintain multiple user lists and passwords and also provides multiple point of attack for a potential cracker. The other disadvantage of using the builtin authentication is that you are restricted to the features provided. If the developers provided no way to force passwords to expire, you would have to clear them manually at regular intervals. If the software accepts only cleartext password authentication, you are left with a security hole that anyone on your network can exploit.

Comments

Post a Comment

Popular posts from this blog

3.8 SECURE NETWORK DEVICES

 In this unit, we have already learnt that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around, your front door (or, firewall). Just as castlesweren't built with moats only in the front, your network needs to be protected at all of its entry points. Secure Modems, DialBack Systems If modem access is to be provided, this should be guarded carefully. The terminal server, or network device that provides dialup access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems which have the feature of a twopart procedure to establish a connection. The first part is the remote user di...
Read more

3.5 SECURITY ISSUES FOR SMALL AND MEDIUM SIZED BUSINESSES

 Small and medium sized businesses use the Internet and networked applications to reach new customers and serve their existing ones more effectively. At the same time, new security threats and legislation puts increased pressure on business networks to be reliable and secure. Business Challenges According to recent studies, security is the biggest challenge facing small and mediumsized businesses. Everchanging security threats from both inside and outside the business network can wreak havoc on business operations, affecting profitability and customer satisfaction. Small and mediumsized businesses must also comply with new regulations and laws created to protect consumer privacy and secure electronic information. Security issues for small and medium – sized businesses are classified into 5 basic categories: Worms and Viruses As per research, Computer worms and viruses remain the most common security threat, with 75 percent of small and medium businesses affected by it.. Worms and v...
Read more

3.4 TOPOLOGIES

Image
 In computer networking, topology refers to the layout of connected devices. You can think of a topology as a structure of a network. This shape does not necessarily correspond to the actual physical layout of the devices on the network. Network Topology is the study of the arrangement or mapping of the elements (links, nodes, etc.) of a network interconnection between the nodes. It also determines the strategy for physically expanding the network, in future Topologies can be physical or logical. Physical Topology means the physical design of a network including the devices, location and cable installation. Logical Topology refers to the fact that how data actually transfers in a network as opposed to its design. Following are the considerations for choosing a Topology: · Costing: Some kind of topology may be less expensive compared to others in terms of installation (for example Bus topology). · Length of cable: It is needed to connect machines in a network. · Network scalability:...
Read more