World's most popular travel blog for travel bloggers.

[MCS-052] Explain some of the security threats to information systems? How does encryption ensure data security?

, , No Comments

Top 10 Security Threats

What are the specific threats that you should be aware of for the Security+ exam? Here's a list of the top 10 security threats you should be aware of.

1. Privilege Escalation

Software programs often have bugs that can be exploited. These bugs can be used to gain access to certain resources with higher privileges that can bypass security controls.

2. Virus

The term "virus" has been used as a catchall phrase for many threats. Essentially, a virus is a computer program that, like a medical virus, has the ability to replicate and infect other computers. Viruses are transmitted over networks or via USB drives and other portable media.

3. Worm

A worm is a specific type of virus. Unlike a typical virus, it's goal isn't to alter system files, but to replicate so many times that it consumes hard disk space or memory. Worm victims will notice their computers running slower or crashing.

4. Trojan

Trojan horses, commonly referred to as Trojan, are programs. They masquerade as normal, safe applications, but their mission is to allow a hacker remote access to your computer. In turn, the infected computer can be used as part of a denial of service attack and data theft can occur.
A particularly nasty Trojan is a keystroke logger than can be used to capture passwords, credit card numbers and other sensitive information.

5. Spyware

Spyware usually invades computers through software downloads. Shareware and freeware downloads, in addition to peer-to-peer file sharing are typical infection points. Like Trojans, spyware can pilfer sensitive information, but are often used as advertising tools as well. The intent is to gather a user's information by monitoring Internet activity and transmitting that to an attacker.

6. Spam

Some view spam is more of an annoyance than a threat. Still, legislation like the CAN-SPAM Act has been enacted to help combat the problem, so that view may not hold weight with many others. Spam is unsolicited junk mail. It comes in the form of an advertisement, and in addition to being a time waster, has he ability to consume precious network bandwidth.

7. Adware

Similar to spyware, adware observes a user's Internet browsing habits. But the purpose is to be able to better target the display of web advertisements.

8. Rootkits

Rootkits are some of the most difficult to detect. They are activated when your system boots up -- before anti-virus software is started. Rootkits allow the installation of files and accounts, or the purposes of intercepting sensitive information.

9. Botnets

Botnets are created with a Trojan and reside on IRC networks. The bot can launch an IRC client, and join chat room in order to spam and launch denial of service attacks.

10. Logic bomb

You may have also heard the term "slag code" to refer to logic bombs. They are bits of code added to software that will set off a specific function. Logic bombs are similar to viruses in that they can perform malicious actions like deleting files and corrupting data.


How does encryption ensure data security?

Online Tech's Senior Product Architect Steve Aiello continues his data security series of videos on data encryption by explaining how encryption fits into the three premises of security.
  1. Confidentiality - keeping data private
  2. Integrity - the accuracy of your data
  3. Availability - keeping your web server online and data available

Encryption helps with mainly the premise of confidentiality - keeping prying eyes off of confidential data.
Aiello explains how the balance of all three premises may be difficult to balance while keeping data confidential.
Identifying critical data, such as protected health information (PHI) for the healthcare industry and credit cardholder data (CHD) for the ecommerce and retail industry, is the first step toward determining what data needs to be encrypted and confidential.


Post a Comment

Let us know your responses and feedback