Which Are The Most Common Network Security Risks

by Yoko Jelkovich.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on data security  

You are here: Categories » Computers and technology » Data security

A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other examples of security risks in the network environment.

Hacking

Hacking is any attempt by an intruder to gain unauthorised access to a computer system. Activities carried out by hackers can include denial of service (DoS), dumping, port scanning and sniffing. Denial of service (DoS) prevents or inhibits the normal use or management of communication facilities. The attacker can redirect or suppress all messages to a particular destination. DoS attacks are initiated with software and can be launched by rival businesses or individuals with little or no computer skills (NOIE, 2002). Internet 'dumping', more applicable to small businesses, is when someone utilises the company's modem to place calls to high-cost premium rate or international numbers. This can be achieved by inducing users (often by promising adult content) to download new Internet dialer software, replacing their ISP connection. Proving that dumping was conducted without the user's knowledge can often be difficult. To prevent dumping, telecommunications companies can place a bar on all premium calls starting with 190 (e.g., 1900, 1901, 1902, etc.) and on international phone services. If business computers are not equipped with modems, dumping should not be a problem (NOIE, 2002).

Port Scanning and Sniffing

Port scanning scans a range of TCP (Transport Control Protocol) port numbers, UDP (User Datagram Protocol) port numbers, or both for a single host IP (Internet Provider) address in order to identify services running on the host computers. Sniffing programs can be installed on computer systems to observe traffic, storing information (ID/Passwords) that can be used to access other systems. Sniffer software tracks data travelling over the Internet or a corporate network. Unauthorised sniffers can compromise a network's security because they are difficult to detect and can be inserted almost anywhere.

Viruses

A computer virus is a program that can infect other programs by modifying them to include a copy of itself. A virus can be transmitted through an attachment to an e-mail, and by downloading infected programs and files either from web sites, floppy disks or CDs. Depending on the code in the virus program, some will activate as soon as the file is opened, while others will lie dormant in the computer system until activated by a trigger such as a specific date, execution of a particular key on the keyboard or activation by a particular function such as forwarding an e-mail to another user in the organization. Similar to human viruses, computer viruses can grow, replicate, travel, adapt and learn and consume resources.
Other virus-related attacks include worms. Worms install themselves on a machine, and actively seek to send themselves to other machines to infest those machines. Without any human action worms can spread more quickly than viruses. On January 25, 2003 a worm called Slammer spread with an astonishing speed on the Internet. Within ten minutes the Slammer had infested about 90% of vulnerable hosts on the Internet. Although it was controlled within hours, it had achieved its aim of infesting all vulnerable servers before the world even realised what was happening. The best protection against computer viruses is to use anti-virus software installed on all computers, and updated regularly.

Flaws in Technology and Software or Protocol Designs

If systems obtained from vendors are not aligned to the organization's security system it can lead to easy break-in to networks. When software and systems are first installed they come in a number of default settings, sample programs, and templates that are vulnerable to attack. Ignorance of implementation details by system administrators, sometimes due to a lack of time, a lack of expertise, or improper management also sacrifices security (www.softheap.com). Protocols define the rules and conventions for computers to communicate on a network. If a protocol has a design flaw it is vulnerable to exploitation no matter how well it is implemented. With software implementations, if security is added on later, it sometimes does not respond to security checks as planned, leading to unexpected vulnerabilities.
S-HTTP is exactly what its name suggests: a security-enhanced extension of the Hypertext Transfer Protocol. S-HTTP works at the application level, encrypting the contents of messages relayed between a browser and a server, allowing client and server to negotiate the strength and type of encryption to be used. S-HTTP supports end-to-end secure transactions by incorporating cryptographic enhancements to be used for data transfer at the application level.

Intruders' Technical Knowledge

For an intruder to achieve access to a system, he or she would have to have a good understanding of network topology, operations, protocols, databases and information management structures. Intruders can examine source code to discover weaknesses in certain programs, such as those used for electronic mail. Source code sometimes is easy to obtain from programmers who make their work freely available on the Internet. Programs written for research purposes (with little thought for security) or written by naive programmers become widely used, with source code available to all.
It is difficult to characterise people who cause security incidents. An intruder may be an adolescent who is curious about what he or she can do on the Internet, a college student who has created a new software tool, an individual seeking personal gain, or a 'paid spy' seeking information for the economic advantage of a corporation or foreign country. A disgruntled former employee or a consultant who gained network information while working with a company may also cause a security incident. An intruder may also seek entertainment, intellectual challenge, and a sense of power, political attention, or financial gain.

Share
Leave a comment or ask a question
Total comments: 0

Data security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Online Security on Public Computers - Using public computers can put you at risk for password hackers who use tools such as keystroke logging devices. Find out how to protect yourself from criminals preying on public computers. (more...)
How to Create a Strong Password - Using a password keeper can help you keep your online information more secure by allowing you to create more complex passwords for your Internet accounts without having to remember them. Here a (more...)
How Many Passwords do You Know to Protect Your Computer Privacy - 1.Administrators Password: It is the most common way to lock your computer. But is it the safest way? Mostly, it is the easiest way to lock your computer. How to (more...)
What will be a perfect password - Myth: if it is encrypted, it is secure Truth: if it is not encrypted, it is not secure Before creating a password you should know: ⑴ NO passwo (more...)
How to bypass Windows Password - Forgot or lost windows password? Have been locked out of computer? Do not want to reinstall the computer because there is vital data on your computer? Oh, well, it is not that scar (more...)
UniKey API protection scheme ensures the highest security for software vendors - A question that regularly was come up is whether software could be one hundred percent secured by a dongle, or thought some dongles have been seriously cracked, why most expensive software still us (more...)
Sharing online passwords with important people - On the surface, it might seem ludicrous to think that anyone would want to share their important Internet passwords with other people. But the truth is that there are many instances where you might (more...)
Using tags can help you organize your passwords - For people with multiple Internet log-ins, keeping them organized can be incredibly complex. A service like Mitto.com can simplify the process by allowing you to attach tags to your log-in info (more...)
Rogue antispyware is a danger for all Internet users - There are several common but very popular viruses that everyone can catch nowadays. That's swine flue and malicious software. Swine flue can be dangerous to your health though in the most cases it (more...)
Spyware - Anyone who owns a computer knows about the threats of viruses and worms. But over the past ten years there has bean another concern annoying computer owners to death. This problem is Sp (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.