CARE’s IT professional carries out regular IT security assessment for companies to reduce any IT vulnerabilities that might lead to a compromise of their valuable data. Vulnerability is a weakness which allows a cyber attacker to compromise a system’s information. In order for a system to be compromised, three crucial elements must interact – the system susceptibility or flaw, perpetrator’s access to the flaw, and perpetrator’s capability to exploit the flaw. To be able to secure the IT system properly, it is important to understand the various types of “attacks’ that can be made against it. These threats can be classified into the below categories:
A backdoor is a method of bypassing normal authentication so that the cyber attacker can access the IT system remotely.
The common distribute denial of service (DDoS) attacks uses a large number of compromised hosts, commonly referred to as ‘zombie computers’ to flood a target system with network requests. The result is the exhaustion of resources rendering the system unusable.
An unauthorized user can gain physical access to the computer and can install different types of devices to compromise the IT security.
Eavesdropping is the act of listening to a private conversation between hosts on a network. Programs such as Carnivore, Naruslnsight & TEMPEST are used to eavesdrop on systems.
Spoofing refers to the masquerade of one person or program as another by falsifying data.
Tampering is an intentional modification of products with the goal of making them harmful to the consumer.
Repudiation describes a situation whereby the authenticity of a signature is being challenged.
Information disclosure refers to a situation where information, thought to be secure is released.
Privilege escalation is when a cyber attacker gains elevated privileges or access to resources that were previously restricted to them.
An exploit is a software tool designed to take advantage of a flaw in an IT system.
Social engineering refers to the deception method used take advantage of the carelessness of trusted individuals. For example, the cyber attacker can send emails by impersonating a bank, a contractor, or a customer to ask for details such as passwords, card numbers etc.
An indirect attack s when a cyber attacker uses a third-party computer to launch an attack, making it far more difficult to track down the attacker.