As the technology advancement has become more complex, the opportunities for the attacker to do attack are increasing. Many online businesses, company website no matter private or public, government agencies and others are facing the crisis being attack. There have two types of threats and attacks around the online society. There are non-technical and technical attacks.
1) Non-technical attack is an attack that uses chicanery to trick people into revealing sensitive information or performing actions that compromise the security of a network.
a) Phishing is a broadly launched social engineering attack in which an electronic identity is misrepresented in an attempt to trick individuals into revealing credential. It is also known as THEFT.
2) Technical attack is an attack perpetrated using software and systems knowledge or expertise.
a) Denial-of-Services (DOS) attack
-- An attack on a web site in which an attacker uses specialized software to send a flood of data pockets to the target computer with the aim of overloading its resources.
b) Distributed denial-of-service (DDOS) attack
-- Attacker gain illegal administrative access as many computers on the internet as possible and uses the multiple computers to send a flood of data packets to the target computer.
c) Viruses
-- It is a piece of software code that inserts itself into a host, including the operating systems, in order to propagate; it cannot run independently, it requires that its host program be run to activate it.
d) Worm
-- It is a software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine.
e) Trojan Horse
-- It is a program that appears to have a useful function but that contains a hidden function that presents a security risk.
How safe is our data?
There have a lot of tools that can be used by the users to secure their data. The simplest aspects of network security are access control and authentication. Access control is a mechanism that determines who can legitimately use a network resources and which resources he, she or it can use. Typically, access control lists (ACL) define which users have access to which resources and what the rights they have with respect to those resources.
Once a user has been identified, the users must be authenticated. Authentication is the process of verifying that the user is who he or she claims to be. Verification is usually based on one or more characteristic that distinguishes the individual from others. The distinguishing characteristic can be based on something one knows like password, something one has like token, something one is like fingerprint.
Tokens qualify as something one has. Tokens come in various shapes, forms and sizes. There have two types of tokens such as passive token and active token. A passive token is the storage devices that contain a secret code used in a two-factor authentication system. Meanwhile, a active token is the small, stand-alone electronic devices that generate one-time passwords used in a two-factor authentication system. A two-factor authentication is combining something one knows with something one has.
A biometric system is one of the authentication methods that recognize a person by a physical trait. It identifies a person by measurement of a biological characteristic such as fingerprints, iris (eye) pattern, and facial features or voice. It can identify a person from a population of enrolled users by searching through a database for a match based on the person’s biometric trait. Furthermore, biometric system can divide by two types such as physiological biometrics which the measurements derived directly from different parts of the body and behavioral biometrics which the measurements derived from various actions and indirectly from various body parts.
Another tool that can use is public key infrastructure (PKI). It is using in encryption process. It is the process of scrambling (encrypting) a message in such a way that it is difficult, expensive or time consuming for an unauthorized person to unscramble (decrypt) it.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment