About Me

My photo
Pendang, Kedah, Malaysia
An ordinary person...Like listening to the music.. Bit sensitive.. LOVE kids so much...

Blog Archive

16 February 2009

~InFoRmAtIoN SeCuRiTy tHrEaTs~

Being “at risk" is being exposed to threats.
Risks are subjective -- the potential to incur consequences of harm or loss of target assets.
A Risk Factor is the likelihood of resources being attacked.
Threats are dangerous actions that can cause harm. The degree of threat depends on the attacker's Skills, Knowledge, Resources, Authority, and Motives.
Vulnerabilities are weaknesses in victims that allow a threat to become effective.

Actually, this is related to the topic that I enduring to present.
THREATS TO INFORMATION TECHNOLOGY

wHo ThEy aRe?


A rogue user is an authorized user who, without permission, accessing restricted assets.
A bogie is an unauthorized user who subverts security systems.
A cracker breaks into others' computing facilities for their own personal gain - be it financial, revenge, or amusement.
A hacktivist is a cracker with a cause. (Example of hactivism: Building Peekabooty to get around governments blocking websites)
A terrorist uses fear to blackmail others into doing what they want.
White Hats are also called “ethical" hackers, such as the Axent (now Symantec) Tiger Team
Black Hats disregard generally accepted social conventions and laws.
Script kiddie is a derogatory term for a wannabe cracker who lacks programming skills and thus relies on prewritten scripts and toolkits for their exploits.
Journeyman is an experienced hacker: someone who has collected many tools and made many connections.
A Puppet Master (wizard) produces exploits.
Malware is a generic term for malicious software such as trojan horses, worms, and viruses.
Serialz are serial numbers illegally shared used to unlock software.

All of this people can be categorized in cybercrimes.What is cybercrimes?Cybercrimes are fraudulent activities commited using computers and communications networks, particularly the Internet.


:: example of security threats - HACKERS ::

tArGeT aSsEtS-wHaT To sTeAl?

Assets on machines and network servers.
•End Users' Information (trade secrets, customer data, personnel data, product plans, marketing plans, financial data, etc.).
•Application Services (ports, memory to infect)
•Registry settings (keys, values controlling
service initiation and operation)
•Audit settings
•Group memberships and privileges
•Permissions stored in ACLs

The Customers of Hackers
oCurrent or past staff,
oPrivate Investigators
oCompetitors, trade associations
oRivals in a takeover
oOpposing litigants
oThe press
oCriminals
oRegulatory agencies
oForeign government intelligence agencies


Lets talk about how security threats can happen in the Internet Every computer or notebook have this function or application - TCP/IP.This function that can allow us to connect to the Internet and also to the other computers. For your information TCP/IP allow information to pass through intermediate computers makes it possible for third party to interfere with communication in the following ways:
  • Eavesdropping: Information remains intact, buts its privacy is compromised.
  • Tampering: Information in transit is changed or replaced and then sent on to the recipient.
www.albany.edu/its/security_threats
searchsecurity.techtarget.com