There
is one of three broad classes of threats which are attacks.
§ Malware:
Malware
is a term which is used for software that has used for multiple purposes. It
includes various types of virus attacks. It is most dangerous for your system
or network system.
§ Intrusions:
this type of attack destroy your unauthorized access of your system.
§ Denial of Service (DoS) Attacks:
these are designed to stop legitimate computer
access.
This section offers a broad description of each type of attack.
Malware
Malware is a generic
for software that has a malicious purpose. This section discusses three types
of malware: viruses, Trojan horses and spy ware. Trojan horses and viruses are
the most widely encountered.
According
to Symantec (creator of Anti-Virus and other software products), a virus is “a
small program which is hide in itself, usually without knowledge”. A computer
virus is similar to a biological virus in that both replicate and spread. The
email is most common way for virus spreading to everywhere. Some virus can’t
damage the system usually but it cause of system slowdown or shutdown.
The
Trojan horse receives its name from an ancient tale. In this tale, the city of
Troy was besieged for an extended period of time, but the attacker could not
gain entrance. Therefore, they constructed huge wooden horses and let it in
front of the gates to Troy one night. The next morning, the residents of Troy saw
the horse and assumed it to be a gift, consequently rolling the wooden horse
into the city. Unbeknownst to them, several soldiers where hidden inside the
horse. That evening, the soldiers left the horse, open the city gates & let
their fellow attackers in the city. An electronic Trojan horse works in the
same manner, appearing to be benign software but secretly downloaded a virus.
Spyware
is an other category of Malware, which is literally spies that what you are
done on your computer system. Spyware is a text file of cookies which creates
and store on your computer system, which is downloaded through web site. This
file is recognized you and return by you to web site. That file can able you to
access different pages on site.
A
key logger is other form of spyware, which records all the key strokes by you.
Some key loggers also take screen shot of your computer. Data is then either
stored for later retrieval by the person who installed the key logger or is
sent immediately back via e-mail. This action has legitimate purpose such as an
employer wants to track the activities of computer of any employee of his
organization as well as it is used for illegal / unethical purposes.
Compromising System Security
We
will now look at attacks that breach your system security. This activity is
commonly referred to as hacking, although that is not the tem hackers
themselves use. We will delve into appropriate terminology shortly; however, it
should be noted at this point that cracking is a appropriate word for, intruding
onto a system without permission, usually with malevolent intent. Any attack
that is designed to breach your security, either vis some operating system flaw
or any other means, can be classified as cracking. Simply put, hacking may or
may not be for malevolent purposes. Cracking is hacking conducted for malicious
purposes.
Social engineering is a technique for breaching system
security by exploiting human nature rather than technology. Social engineering
uses standard con artist techniques to get users to offer up the3 information
needed to gain access a target. This method works is rather simple. The perpetrator
obtains preliminary information about a target organization and leverages it to
gain extra information from the system.
Following
is an example of social engineering in action. Armed with the name of a system
administrator, you might call someone in the accounting department of a business
and claim to be one of the company technical support panel. Mentioning the
system administrator name would help validate that claim, allow to you ask
question in an attempt to ascertain more details of specifications of the
system. A savvy intruder might even get the accounting person to say a username
and keyword. As you see, this method is based on how well the prospective
intruder can manipulate people and computer skill.
Denial of Service Attacks
In
this addition to the various forms of malware and cracking attacks, there are
attacks that prevent legitimate user from accessing their own system. This type
of attack is called Denial of Service
(DoS). In these attacks the attacker doesn’t actually access the system,
but rather simply blocks access from legitimate users. One common way to prevent
legitimate service is to flood the targeted system with so many unreal
connection requests that the system cannot respond to legitimate request.