Sunday, 16 February 2020




? Any person, act, or object that poses a danger to computer security is called a threat.
? Any kind of asset that is not working optimally and is mission-critical or essential to the
organization, such as data that are not backed-up, is called a vulnerability, while anything
imperfect is called a weakness.
? Threats from outside the organization must be addressed, since the damages
from non-secured information system can effect in disastrous consequences for the
? By network-based threats we signify that to be effective, latent attackers need network
access to corporate computer systems or to networks accessed by corporate computer
? Information-level threats also make important utilization of network but at the key level
is the content of a message and not its form.
? Attacks can be represented by relation among threat, vulnerability, and damage. To avoid
attacks from viruses and worms, a latest version of anti virus software should be used.
? The term virus refers specifically to malware inserting malicious code into existing
documents or programs. It spreads itself by various means.
? Any kind of counter measure that becomes fairly automated and meets the expectations of
upper management is called a control, and there are many types of controls in a computer
security environment, as well as threats, some of which are Malicious Threats,
Unintentional Threats, and physical threats.

Authentication: It is a process used to ascertain the identity of a person or the integrity of
specific information. For a message, authentication involves ascertaining its source and that it
has not been modified or replaced in transit.
Botnets: The spammers organize zombie computers into small groups called ‘botnets’. These
‘botnets’ then transmits spam including phishing attempts, viruses and worms. The botnets
normally send spamming and phishing attacks.
Brute-force: It is method in which a hacker tries to guess a password by repeatedly entering in
new combinations of words and phrases compiled from a dictionary to steal the password.
Developing difficult to guess usernames and passwords can prevent it.
Countermeasure: Any kind of policy, procedure, or action that recognizes, minimizes, or
eliminates a threat or risk is called a countermeasure.
Denial-of-Service Attack (DoS): Denial-of-Service attack (DoS) is an attack method to deny the
access to webpages of a website or network to the legitimate users.
Dynamic Packet Filter: A dynamic packet filter firewall is capable of monitoring the state of
active connections and decides which network packets should be allowed through the firewall.
Firewalls: A firewall is a combination of software and hardware components to control the
traffic that flows between a secure network and an insecure network using rules defined by the
system administrator.
IP-spoofing: Like honeypots, IP spoofing involves the interception of data packets by a computer
successfully pretending to be a trusted server/resource.
Packet Sniffers: Packet sniffers are the technique used to capture data streams over a network to
obtain sensitive data like usernames, passwords, credit card numbers, etc.
Password Attacks: A ‘Password Attack’ includes a number of techniques used by hackers to
steal passwords.
Phishing: Emails with titles such as, “URGENT: Update Account Status” are all attempts by a
spammer to “phish” the account details.
Spam: Spam constitutes 70 to 84 percent of daily emails sent throughout the world that demands
an ever-increasing need for IT resources to filter out this irritating and potentially malicious
Static Packet Filter: The packet filtering mechanism examines only the protocol and the address
detail each TCP/IP packet and ignores its data contents and context.

No comments:

Post a Comment