Information Security Threats categories are as follows:
The primary components of network infrastructure are routers, switches, and firewalls. These devices not only perform routing and other network operations, but they also control and protect the running applications, servers, and devices from attacks and intrusions. The poorly configured device offers intruder to exploit. Common vulnerabilities on the network include using default installation settings, open access controls, Weak encryption & Passwords, and devices lacking the latest security patches. Top network level threats include:
- Information gathering
- Sniffing & Eavesdropping
- Session hijacking
- Man-in-the-Middle Attack
- DNS & ARP Poisoning
- Password-based Attacks
- Denial-of-Services Attacks
- Compromised Key Attacks
- Firewall & IDS Attacks
Host threats are focused on system software; Applications are built or running over this software such as Windows 2000, .NET Framework, SQL Server, and others. The Host Level Threats includes:
- Malware Attacks
- Password Attacks
- Denial-of-Services Attacks
- Arbitrary code execution
- Unauthorized Access
- Privilege Escalation
- Backdoor Attacks
- Physical Security Threats
Best practice to analyze application threats is by organizing them into application vulnerability category. Main threats to the application are:
- Improper Data / Input Validation
- Authentication & Authorization Attack
- Security Misconfiguration
- Information Disclosure
- Broken Session Management
- Buffer Overflow Issues
- Cryptography Attacks
- SQL Injection
- Improper Error handling & Exception Management
Types of Attacks on a System
Operating System Attacks
In Operating System Attacks, Attackers always search for an operating system’s vulnerabilities. If they found any vulnerability in an Operating System, they exploit to attack against the operating system. Some most common vulnerabilities of an operating system are:
*Buffer overflow vulnerabilities
Buffer Overflow is one of the major types of Operating System Attacks. It is related to software exploitation attacks. In Buffer overflow, when a
program or application does not have well-defined boundaries such as restrictions or pre-defined functional area regarding the capacity of data it can handle or the type of data can be inputted. Buffer overflow causes problems such as Denial of Service (DoS), rebooting, achievement of unrestricted access and freezing.
*Bugs in the operating system
In software exploitation attack & bugs in software, the attacker tries to exploit the vulnerabilities in software. This vulnerability might be a mistake by the developer while developing the program code. Attackers can discover these mistakes, use them to gain access to the system.
*Unpatched operating system
Unpatched Operating System allows malicious activities, or could not completely block malicious traffic into a system. Successful intrusion can impact severely in the form of compromising sensitive information, data loss and disruption of regular operation.
In a corporate network while installation of new devices, the administrator must have to change the default configurations. If devices are left upon default configuration, using default credentials, any user who does not have the privileges to access the device but has connectivity can access the device. It is not a big deal for an intruder to access such type of device because default configuration has common, weak passwords and there are no security policies are enabled on devices by default.
Similarly, permitting an unauthorized person or giving resources and permission to a person more than his privileges might also lead to an attack. Additionally, Using the organization in Username & password attributes make it easier for hackers to gain access.
Before releasing an application, the developer must make sure, test & verify from its end, manufactures or from developer’s end. In an Application level attack, a hacker can use:
- Buffer overflow
- Active content
- Cross-site script
- Denial of service
- SQL injection
- Session hijacking
Shrink :Wrap Code Attacks
Shrink Wrap code attack is the type of attack in which hacker uses the shrink wrap code method for gaining access to a system. In this type of attack, hacker exploits holes in unpatched Operating systems, poorly configured software and application. To understand shrink wrap vulnerabilities, consider an operating system has a bug in its original software version. The vendor may have released the update, but it is the most critical time between the release of a patch by vendor till client’s systems updates. During this critical time, unpatched systems are vulnerable to the Shrinkwrap attack. Shrinkwrap attack also includes vulnerable to the system installed with software that is bundled with insecure test pages and debugging scripts. The developer must have to remove these scripts before release.
Information warfare is a concept of warfare, to get involved in the warfare of information to gain the most of information. The term, “Information Warfare” or “Info War” describes the use of information and communication technology (ICT). The major reason or focus of this information war is to get a competitive advantage over the opponent or enemy. The following is the classification of Information warfare into two classes: –
1. Defensive Information Warfare
Defensive Information warfare term is used to refer to all defensive actions that are taken to defend from attacks to steal information and information-based processes. Defensive Information ware fare areas are: –
- Indication & Warning
- Emergency Preparedness
2.Offensive Information Warfare
The offensive term is associated with the military. Offensive warfare is an aggressive operation that is taken against the enemies dynamically instead of waiting for the attackers to launch an attack. Accessing their territory to gain instead of losing territory is the fundamental concept of offensive warfare. The major advantage of offensive warfare is to identify the opponent, strategies of the opponent, and other information. Offensive Information warfare prevents or modifies the information from being in use by considering integrity, availability, and confidentiality.