Threats




Malicious softwareedit

An internet user can be tricked or forced into downloading software that is of malicious intent onto a computer. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

  • Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.
  • A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.
  • Computer viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.
  • Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.
  • Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
  • Scareware is scam software of usually limited or no benefit, containing malicious payloads, that is sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.
  • Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent.
  • One particular kind of spyware is key logging malware. Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard.
  • A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user will be convinced to download it onto the computer.

Denial-of-service attacksedit

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Another way of understanding DDoS is seeing it as attacks in cloud computing environment that are growing due to the essential characteristics of cloud computing. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. According to businesses who participated in an international business security survey, 25% of respondents experienced a DoS attack in 2007 and 16.8% experienced one in 2010. DoS attacks often use bots (or a botnet) to carry out the attack.

Phishingedit

Phishing is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues. Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host. Insurance group RSA said that phishing accounted for worldwide losses of $10.8 billion in 2016.

Application vulnerabilitiesedit

Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. The most severe of these bugs can give network attackers full control over the computer. Most security applications and suites are incapable of adequate defense against these kinds of attacks.

A very and widespread web-browser application vulnerability is the so-called Cross-Origin Resource Sharing (CORS) vulnerability- for maximum security and privacy, make sure to adopt adequate countermeasures against it (such as the example patches provided for WebKit-based browsers).

Comments

Post a Comment

Popular posts from this blog

Internet security products

Antivirus edit Antivirus software and Internet security programs can protect a programmable device from attack by detecting and eliminating malware; Antivirus software was mainly shareware in the early years of the Internet, when? but there are now when? several free security applications on the Internet to choose from for all platforms. Password managers edit A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database from top to bottom. Security suites edit So called security suites were first offered for sale in 2003 (McAfee) and contain a suite of firewalls, anti-virus, anti-spyware and more. They also offer theft protection, portable storage device safety check, private Internet browsing, cloud anti-spam, a file shredder or make security-related ...
Read more

Countermeasures

Network layer security edit TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IPsec for the network layer security. Internet Protocol Security (IPsec) edit IPsec is designed to protect TCP/IP communication in a secure manner. It is a set of security extensions developed by the Internet Task Force (IETF). It provides security and authentication at the IP layer by transforming data using encryption. Two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and ESP. These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer. The basic components of the IPsec security architecture are described in t...
Read more