Information Technology Reference
In-Depth Information
Security Threats
It is important to be aware of the different types of attacks that can impact the security of
IT systems. Security threats can be classified into three broad categories:
Reconnaissance:
The goal of reconnaissance is to gather as much information as
possible about the target host/network. Generally, this type of information gathering
is done before an attack is carried out.
■
Gaining unauthorized access:
Refers to the act of attacking or exploiting the tar-
get system or host. Operating systems, services, and physical access to the target host
have known system vulnerabilities that the attacker can take advantage of and use to
increase his or her privileges. Social engineering is another technique for obtaining
confidential information from employees by manipulation. As a result of the attacker
exploiting the host, confidential information can be read, changed, or deleted from
the system.
■
Denial of service (DoS):
DoS attacks aim to overwhelm resources such as memory,
CPU, and bandwidth and thus impact the target system and deny legitimate user's ac-
cess. distributed DoS (DDoS) attacks involve multiple sources working together to
deliver the attack.
■
Ta ble 1 2 - 3 outlines the categorized security threats.
Ta b l e 1 2 - 3
Security Threats
Key
To p i c
Threat Description
Threat Category
Gathering information about a host/network segment
Reconnaissance
Attacks aimed at overwhelming resources such as memory,
CPU, and bandwidth of an attacked system
Denial of service (DoS)
Act of attacking or exploiting the target host system
Gaining unauthorized access
Reconnaissance and Port Scanning
Reconnaissance network tools are used to gather information from the hosts attached to
the network. They have many capabilities, including identifying the active hosts and
which services the hosts are running. In addition, these tools can find trust relationships,
determine OS platforms, and identify user and file permissions.
Some of the techniques that these scanning tools use include TCP connects (open), TCP
SYNs (half open), ACK sweeps, Internet Control Message Protocol (ICMP) sweeps, SYN
sweeps, and Null scans. Listed here are some of the more popular port-scanning tools and
their uses:
NMAP
(Network Mapper) is designed to scan large networks or even a single host. It
is an open source utility used for network exploration/security audits.
■
Superscan
provides high-speed scanning, host detection, Windows host enumera-
■
clients.
