Common Security Issues Overview
Here is a quick overview of common Security Issues (definitions taken and condensed from various Wikipedia sites):
“Backdoor is any secret method of bypassing normal authentication or security controls. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.”
“Denial-of-service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victims account to be locked, or they may overload the capabilities of a machine or network and block all users at once.”
“Direct-access attacks are unauthorized users gaining physical access to a computer a allows direct copying of data from it. Even when the system is protected by standard security measures, these may be able to be by-passed.”
“Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network.”
“Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain.”
“Tampering describes a malicious modification of products. So-called Evil Maid attacks and security services planting of surveillance capability into routers are a couple of examples.”
“Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.”
“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.”
“Clickjacking (also known as “UI redress attack” or “User Interface redress attack) is when an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top-level page. Carefully drafting a combination of styles heets, iframes, buttons and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker.”
“ aims to convince a user to disclose secrets such as passwords, card numbers, etc., such as impersonating a bank, a contractor, or a customer. For example, in May 2016, the Milwaukee Bucks NBA team was the victim of this type of cyber scam with a perpetrator impersonating the team’s president Peter Feigin, resulting in the handing over of all the team’s employees’ 2015 W-2 tax forms.”
You can hardly turn on the news without hearing about another large company being the victim of massive Security Breaches with millions of users affected. If they can’t isolate and protect their data (with what seems to be endless resources), what chance does my small business have? How can we shield ourselves?
You can go on-line and sift through the myriad of reviews, risk analyses, and ranking matrices to determine what software suite or combination of programs, policies and procedures fits your unique requirement. The answers are out there and available. You can institute Best Practice procedures and put in place strict policies. BUT KEEP IN MIND – no program, policy and procedure, or computer professional can promise total freedom from security issues. Finding ways into your cocoon is the attackers’ full-time job and they’re good at it.
One way you can have a full-time security engineer on your side is to use a competent company that stays on top of current trends, has taken the time to know your business and system, and will provide you with timely and viable solutions.