Page 32 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 32
Information Security and Privacy
Notes Information-level threats also make important utilization of network but at the key level
is the content of a message and not its form.
Attacks can be represented by relation among threat, vulnerability, and damage. To avoid
attacks from viruses and worms, a latest version of anti virus software should be used.
The term virus refers specifically to malware inserting malicious code into existing
documents or programs. It spreads itself by various means.
Any kind of counter measure that becomes fairly automated and meets the expectations of
upper management is called a control, and there are many types of controls in a computer
security environment, as well as threats, some of which are Malicious Threats,
Unintentional Threats, and physical threats.
2.6 Keywords
Authentication: It is a process used to ascertain the identity of a person or the integrity of
specific information. For a message, authentication involves ascertaining its source and that it
has not been modified or replaced in transit.
Botnets: The spammers organize zombie computers into small groups called ‘botnets’. These
‘botnets’ then transmits spam including phishing attempts, viruses and worms. The botnets
normally send spamming and phishing attacks.
Brute-force: It is method in which a hacker tries to guess a password by repeatedly entering in
new combinations of words and phrases compiled from a dictionary to steal the password.
Developing difficult to guess usernames and passwords can prevent it.
Countermeasure: Any kind of policy, procedure, or action that recognizes, minimizes, or
eliminates a threat or risk is called a countermeasure.
Denial-of-Service Attack (DoS): Denial-of-Service attack (DoS) is an attack method to deny the
access to webpages of a website or network to the legitimate users.
Dynamic Packet Filter: A dynamic packet filter firewall is capable of monitoring the state of
active connections and decides which network packets should be allowed through the firewall.
Firewalls: A firewall is a combination of software and hardware components to control the
traffic that flows between a secure network and an insecure network using rules defined by the
system administrator.
IP-spoofing: Like honeypots, IP spoofing involves the interception of data packets by a computer
successfully pretending to be a trusted server/resource.
Packet Sniffers: Packet sniffers are the technique used to capture data streams over a network to
obtain sensitive data like usernames, passwords, credit card numbers, etc.
Password Attacks: A ‘Password Attack’ includes a number of techniques used by hackers to
steal passwords.
Phishing: Emails with titles such as, “URGENT: Update Account Status” are all attempts by a
spammer to “phish” the account details.
Spam: Spam constitutes 70 to 84 percent of daily emails sent throughout the world that demands
an ever-increasing need for IT resources to filter out this irritating and potentially malicious
menace.
Static Packet Filter: The packet filtering mechanism examines only the protocol and the address
detail each TCP/IP packet and ignores its data contents and context.
26 LOVELY PROFESSIONAL UNIVERSITY
