Here's a breakdown of the primary types of system threats security administrators need to protect against to prevent skilled hackers from infiltrating your network:
Malware:
Viruses: Malicious code that replicates by inserting itself into other programs or files.
Worms: Self-replicating malware that spreads across networks without human interaction.
Trojans: Seemingly legitimate software that conceals malicious code for gaining unauthorized access or stealing data.
Ransomware: Encryption-based malware that holds data hostage for a ransom payment.
Spyware: Track user activity, keystrokes, and sensitive data without consent.
Social Engineering:
Phishing: Emails or fraudulent websites designed to trick users into revealing sensitive information or downloading malware.
Pretexting: Creating false identities or scenarios to manipulate victims into divulging information or taking actions.
Baiting: Using physical media (like infected USB drives) or tempting offers to lure victims into compromising their systems.
Network Exploits:
Zero-day attacks: Exploits against vulnerabilities for which no patch exists yet, catching defenses off-guard.
DoS/DDoS: Flooding systems with excessive traffic to overwhelm them, rendering resources unavailable for legitimate users.
Man-in-the-middle (MitM): Intercepting communications between two parties to eavesdrop or manipulate data.
SQL injection: Malicious code insertions in database queries to steal or manipulate data.
Software Vulnerabilities:
Unpatched software: Software updates often contain security fixes. Outdated software leaves systems open to known vulnerabilities.
Configuration errors: Misconfigured systems can create access points or leave sensitive data exposed.
Buffer overflows: Exceeding the memory allocated for a process, overwriting adjacent memory, leading to potential code execution by attackers.
Internal Threats:
Malicious insiders: Employees or contractors with legitimate access intentionally misusing it to cause harm.
Unintentional errors: Careless behavior like clicking on phishing links or mishandling sensitive data creates vulnerabilities.
Physical Threats:
Unauthorized access: Physical break-ins to data centers or theft of devices containing sensitive data.
Natural disasters: Fires, floods, earthquakes, etc., can damage equipment and disrupt operations.
Important Notes:
Overlapping Threats: Attacks often combine techniques (e.g., phishing to deliver malware and exploit a vulnerability).
Although you can never reach a point of complete security, you can achieve a level that prevents all but the most determined and skilled hackers from accessing your system. Security breaches can be instigated or inadvertently created.
A threat can be defined as anything that can identify the vulnerability and potentially exploit it. Threats can be of various types. Threats could be human acts, power outages, and even natural disasters like earthquakes or tornadoes. For instance, if the main door of a house is not equipped with a locking mechanism (or is unlocked). In this case, the threat is the thief, who identifies the vulnerability (which is the lack of a lock for the main door) and exploits it (the burglar will be able to steal all the components from the house). Let us explore the relationship between vulnerabilities and threats, with a possible scenario in everyday life. A woman, in Minneapolis finishes shopping and is walking back to her hotel. She finds herself in an unknown part of the city where there is no law enforcement. There are criminals in the streets, dark alleyways and drug addicts in the alleys. She does not know anyone in this city and is carrying a substantial amount of money and some shopping bags. Let us explore the vulnerability and threat.
What are the Vulnerabilities?
The vulnerabilities are as follows:
The woman is in an unknown city in a seemingly primitive part of town.
She does not know anyone in the city.
She is carrying money and shopping bags in an unsafe area.
The threats are as follows:
The woman will be mugged by a low-life who sees her shopping bags.
Someone in the street might attack or abduct her.
Security Threats
User: Users may unknowingly create a security risk by using weak passwords, or by downloading a file containing a virus.
Password Cracking: Dictionary programs specifically written to break into a password-protected system are frequently used to gain access to network systems.
Trojan horse:
Users can inadvertently download destructive viruses and Trojan horses thereby compromising your network's ability to function.
Denial of Service: To prevent legitimate users of a service from using that service, attackers may attempt to flood a network, or disrupt connections or services.
Packet Sniffer: Sniffers, devices or programs that are used to monitor traffic on a network can be installed anywhere in a networked system.
IP Spoofing: Many hackers can imitate any Internet Protocol (IP) device that has an IP address that allows them entrance into your system.
System Snooping
Using Transmission Control Protocol/Internet Protocol (TCP/IP), a hacker can enter your system through device that does not have specific security mechanisms in place.
Brute-force Attacks
In brute-force attacks, a hacker attempts to defeat authentication by obtaining a legitimate user's password.
A brute-force attack may include a dictionary file[1], a sniffer[2], repeated logon attempts, or an attempt to break a code using combinations of computers and information.
Character and Numeric Passwords
Strong passwords defeat dictionary attacks, by combining lowercase, uppercase, numeric, and nonstandard characters.
Scanners and Crackers
Scanners are usually network tools employed by an attacker to monitor and read network data and communication ports. When
the attacker finds vulnerable ports or sensitive data, he or she would use these weak spots to initiate attacks on the network. Crackers are software programs that an attacker uses to launch dictionary attacks on passwords and other sensitive authentication information present on internal networks.
Coding Problems
Many times, an operating system or program running on the server contains coding problems or bugs that create an unintentional opening. Hackers often know about such problems and exploit them. Also, program designers sometimes intentionally
place a back door[3] in an operating system or program so they can support the product quickly.
Buffer Overflow
A popular bug-based attack is a buffer overflow that works by sending more data than the target system is intended to receive at one time. The extra data overflows the program's storage buffer in memory and then overwrites the actual program data, allowing modification of the target system's programs resulting in the creation of a back door into the system.
Social Engineering
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.
Social Engineering
Be aware that a hacker may attempt to imitate a legitimate user by confusing a switchboard operator or a guard. This is an example of a social engineering attack.
Potential threats to your Resources
Potential threats to your resources are:
Local resources: Viruses and applets can damage local systems
Network resources: IP spoofing, system snooping, and obtaining information
Server resources: Unauthorized entry, interrupted service, and trojan horses
Database and Information Resources: Obtaining trade secrets and customer data
Before we get into detail about what the article is going to cover and help demystify steps need for assessing your current security posture, we would need to understand a few basic terms and what they mean so when used in the context of this article,
you have complete understanding of what it is they mean and are referring to.
Threat: An expression of an intention to inflict pain, injury, evil, or punishment as well as an indication of impending danger or harm. It is also considered a possible danger or menace. In the Information Technology (IT) arena, a threat is anything that is what was mentioned but in the realm of IT. In simpler terms, a threat is anything that you feel would hurt your company's assets, especially those such as your data, or anything else contained on the computer network and its systems as well as the systems themselves.
Assets: Anything of value, a useful or valuable quality or thing; an advantage or resource. Again, in the IT realm, this would be considered data,
the systems that the data is contained on or the infrastructure that connects such systems. Think of the costs associated with your infrastructure,
the human resources needed to run them, and the data (your company data) that those systems contain. Most top level executives today are starting to see that all three pieces of this IT paradigm make up the whole... the systems, the people who run them and the data that they contain in the real word production environments of businesses today, to not consider all three important assets is quite foolish, and together,
that sum of the parts should be considered the complete asset.
Question: Why is it important for you to know such terms?
When we start to talk about the origins of threat which can be internal and external, we would need to understand what a threat is, what the differences are between the different sub categories of threats, and what the threat is against, which is generally your assets. Again, the point of this introduction is to really prime you to think (using specific terminology) like an IT Security Analyst, more importantly, define the terms you will hear me talk about throughout. If you do not know what a threat is in basic terms, or what an asset is to you, then the article may not make much sense. That being said lets move on to the meat of the article, which is what the different kinds of threats are, where they come from, what you need to consider about them, and what damage such threats can have on you, your company, and the network and systems you work with.
[1]Dictionary file:A file comprised of common passwords used by a hacker in an attempt to gain entrance to a network.
[2]Sniffer: A program used to intercept passwords.
[3]Back door: An intentional hole in a firewall or security apparatus that allows access around security measures.
While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.