In computer, an attack is any effort to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. An attack usually is perpetrated by someone with bad intentions. The general term used to describe the category of software used to logically attacking computers is called malware. IT Security risk means that there might be unauthorized access to or theft of proprietary data.
Common people often post their business email addresses on external websites. These can be picked up and used to hack into other corporate accounts or flood employee in-boxes with unwanted spam. Installing unlawful wireless access points also increases the risk that outside agents could hack into company servers. It also degrades the quality of the internal wireless local area network system, subsequently potentially resulting in lost productivity.
A Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could violate security and cause harm. That is, a threat is a possible danger that might develop defencelessness. A threat can be either intentional (e.g.
, an individual cracker) or "accidental" (e.g., the possibility of a computer malfunctioning).Virus AttackA virus is a small piece of software that piggybacks on real programs.
A computer virus is a computer program that can reproduce and stretch from one computer to another. Viruses can increase their chances of dispersal to other computers by infecting files on a network file system or a file system that is accessed by other computers. The term "virus" is also normally, but incorrectly used, to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability.For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or inflict disaster.
Virus attack belongs to Malware Category. Programs in this category are generally considered to cause a significant security risk to the user's system and/or information. The actions taken by malicious programs can take range from stealing the user's confidential data, infecting the computer resulting in completely crashing the user's computer.System CompromiseA compromised computer is one that has been hacked by a cracker, which is a person who breaks into a computer's systems with malicious intentions but it can also occur either through automation. A compromised system can be used to attack other systems and is generally considered a threat to all other systems connected to a network. Some may do this to send mass emails.
Others may compromise a computer to steal personal information. A compromised system is more than just a hacked computer. Besides being a threat, a compromised system can also be a problem, exposing many types of sensitive data, such as:• Social Security numbers (SSN) • credit card numbers (CC) • personal information, including passwords to a user’s bank account, e-mail and other online accountsIt is virtually impossible to determine the full scope of an attacker's reach into a compromised system, and the server should not be trusted for production use. It belongs to network threat.Spam MailSpam mail has different identities like email spam, junk email or unsolicited bulk email.
It is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Networks of virus-infected computers are used to send about 80% of spam. Spammers collect email addresses from different places like websites, chat rooms, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers.Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.
There are different approaches of spam which include appending, image spam, blank spam and backscatter spam. Although computer experts are constantly designing better and better ways to filter out unwanted mail, the spammers are also constantly devising ways to get around those technical solutions. It is a very frustrating situation for users as well as for technical support personnel. It is a basic fact of Internet life that if you use the Internet, you will get unsolicited email. Spam mail belongs to Spoofing attacks that are aimed at obtaining user account information. Spoofing identity attacks typically affect data secrecy.
Port ScanningPort Scanning is the name for the technique used to identify open ports and services available on a network host. It is similar to a thief going through your neighbourhood and checking every door and window on each house to see which ones are open and which ones are locked. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. TCP ports are commonly monitored but UDP ports are not. By port scanning the attacker finds which ports are available (i.
e., being listened to by a service).It is sometimes utilized by security technicians to audit computers for vulnerabilities; however, it is also used by hackers to target victims. It can be used to send requests to connect to the targeted computers, and then keep track of the ports which appear to be opened, or those that respond to the request. Port scanning software, in its most basic state, simply sends out a request to connect to the target computer on each port sequentially and makes a note of which ports responded or seem open to more in-depth probing.
Hackers typically utilize port scanning because it is an easy way in which they can quickly discover services they can break into. They also use port scanners to conduct tests for open ports on Personal Computers that are connected to the web. Port scanning belongs to unauthorized access threat category.Website defacementWebsite defacement is the replacement of the original home page by a system hacker that breaks into a web server and alters the hosted website creating one of his own. Defacement is in general a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated cyber activist or hackers.
This is a very general form of attack that seriously damages the trust and the reputation of a website. Detecting web page defacements is one of the main services for the security monitoring system. Network firewalls cannot guard against all web vulnerabilities. For precaution we should install additional Web application security to lessen the defacement risk. It is also important that only a few authorized users are allowed root access to a website’s contents.
Website defacement belongs to Spoofing attacks which involve providing fake information about a principal's uniqueness to obtain unauthorized access to systems and their services.