Thursday, June 19, 2008

The threat of online security: How safe is our data?

Online security can distinguish between two types of attacks; nontechnical attack and technical attack.

Nontechnical attack is an attack that uses some form of deception or persuasion to trick people into revealing sensitive information or performing actions that compromise the security of a network. Social engineering is one of the nontechnical attacks that use social pressures to trick computer users into compromising computer networks. Phishing is an attack that attempt to trick individuals into revealing credentials. It is a technique that uses fraudulent e-mail messages that appear as legitimate business to gain personal information for purpose of theft. Nontechnical attack can be counter by education and training; policies and procedures; and penetration testing.

Technical attack is an attack perpetrated using software and systems knowledge or expertise. Examples of technical attack are denial of service (DOS) attack, distributed denial of service (DDoS) attack, virus, worm, macro virus or macro worm and Trojan horse.
DOS is an attack that bombards system until it crashes or cannot respond. Attacker will uses specialized software to send flood of data packets to the target computer.
Virus is pieces of software code that require host program be run to activate it. Virus will inserts itself into host and propagate when it spreads. Virus will delete files or corrupt the hard drive.
Worm can spread itself without human intervention. It consumes the resources of its host in order to maintain itself, worm able to self-propagate and degrade network performance.
Marco virus or macro worm is a virus or worm that executes when the application object that contains macro is opened or a particular procedure is executed.
Trojan horse is a program that appears as useful function but contains hidden function that presents security risks. This program will allow other people to access and control a person’s computer over the internet.

Secure a data is troublesome for Internet users. There is no right to privacy at international borders, says by Chris Soghoian. Firewall and antivirus software installed will only protect against attacks from Internet. What happens when confidential files in laptop is lost or stolen.
Encrypt is one of the best and easy ways to protect our data. With Encrypting File System (EFS), we can protect private customer and financial information. When encrypt file or folder, it will turn into a format that can’t be read by other without the encryption key. This case appears to be an example of people simply bypassing existing rules. The article notes that an initial attempt to encrypt the data failed, and no further attempt was made.


References:

- www.symantec.com/business/theme.jsp?themeid=threatreport
- http://news.cnet.com/8301-13739_3-9935170-46.html
- http://blogcritics.org/archives/2006/12/11/193220.php
- http://www.bio-itworld.com/BioIT_Content.aspx?id=74012


Prepared By : Tang Chee Seng

No comments: