Here are Common Threats to Information Security and Access Control. Also the Best practices.
- DoS/ DDoS – (Denial of Services or Distributable Denial of Services).
This is an attack that disables the service, or makes it unreachable to its users. Distributable denial of services is attack that affects many places at once. The main objective of the DDoS attack is to incapacitate the system or a service in a way that it is difficult to work.
Backdoor Attack – This is an attack that happens during development of the application system, creation of a program that hinders special access to the program capabilities.
Spoofing – Is active appearance to a system as a communication from attackers actually coming from unknown and untrusted source.
Man-in-The-middle – It is a form active e-strapping in which the attacker makes an independent connection to it victims and relates the message between them making them believe that they are communicating directly to each other over private connection when in fact the entire connection is controlled by the attacker.
A Replay attack – Is a form of network attack in which a valid data transmission is maliciously or virtually repeated or delayed.
DCP Hijacking – Is an attack of unauthorized access to information or services on the computer systems.
Social engineering – Is the attacks of manipulating people and performing actions with ability to disclosing confidential information.
Dumpster diving – Is an attack that is used by the information thieves to get correct data, credit card numbers and other personal information retrieved from what people and companies throw away.
Password guessing – Is a common attack of attempt to guess someone’s legitimate logon credentials.
Brute force Attack – This is where an intruder numerous passwords with hopes that one password will work. It’s a sequential attempt until the correct value is spelled. This type of attack may take a long time since there can be a million possible passwords for a given user account.
Dictionary attack – Here the common passwords are tried to check whether the intruder can get login and gain entry into attacking system. If the intruder was attempting to gain entry using a specific person’s user ID, the next step is try and find out personal information about that person such as First name, surname, year of birth etc., and try combination of these to gain access into the system.
Trojan horse – Is a general term referring to programs that appear desirable, however containing undesirable content. It purports the performance actions that the user wants but secretly performing other potentially malicious actions.
Phishing – The attacker forge e-mail that appear to have originated from a financial institutions or any other high valued institution. The forged e-mails will contain instruction that will direct the recipient to click on a link that the provide information form. The victim will later believe that institution will be help to verify these sensitive credentials but in reality is handing these credentials over to a criminal.
Pharming – Attacker directs traffic to a specific website to a personal website usually where unsuspecting user logs in with the credentials.
Software exploitation – This is where an attacker provides program on the screen a fake login which tricks the user into attempting to log in. The user is asked for the username and password which is stored for the attacker to access at a later time. The user does not know that this is not the usual log on the screen for it looks like the exactly like the logon the screen. A fake error message may appear indicating that the user missed the correct login credentials. At this point the fake logon program access enhances control over to the operating system which prompts the user for a username and password. The user assumes that he mistyped this information and doesn’t give a second thought but an attacker now knows the login credentials.
Wi-Fi Password Cracking – Is a common process of discovering the password used to protect wireless network. This can be done by social engineering, Brute-force-attack or Network sniffing.
Vulnerability exploitation -This happens where the attackers scan computers to gain information about them. This can be through port scanning or social engineering where the target is to learn as much as possible about the target computer’s; operating system, version and list of services running on it. Finally the attacker looks for any known vulnerable loophole to exploit the system.
SECURITY TECHNOLOGIES PRACTICES
- Installing Firewall
A firewall can be either software or hardware.
It is a system designed to prevent unauthorized access from entering a private network by blocking unwanted traffic: however, permits only wanted traffic as authorized on the Access Control List (ACL). Firewall is essential to any business with a key objective of keeping the network safe. ACL is a listing of what can access the network through which only allowed ports get permission to penetrate thus denies unlisted ports. Most firewalls come up with the default rule of implicit deny. Here, implicit deny allows only traffic that is listed on the access control list.
But anything else will be implicitly denied.
TWO TYPES OF FIREWALL
Host based firewalls – This is a software firewall. It is installed on the computer to protect it but not the network. Windows 8, 10 and the latest versions of Microsoft operating system came packaged with a host based firewall. This can be accessed through Control panel then, Windows security.
Network based firewall.
This is a combination of software and hardware which operates at a network layer. It is therefore placed between a private network and and the internet to protect entire network from harmful attack before reaching the computer.
TWO WAYS ON HOW FIREWALL INSPECTS TRAFFIC
Stateful: It monitors all the connections and data streams that are passing through. It keeps track record of the previous sessions. It does thorough job of protecting a network dynamically.
Stateless: It doesn’t do a thorough job. It simply uses an Access Control List (ACL) to allow or deny traffic. It doesn’t thoroughly inspect the data packets but only looks at the header section of the data packets. It doesn’t keep track record of the previous data packets.
- Content filtering.
This is a technology commonly used to filter spam in emails particularly for data based on the contents.
- Signature identification – This is a technology used to detect viruses that have a well-known behavior pattern. Firewalls are the preferred mechanism to detect this behavior.
- IDS/IPS (Intrusion detection or Prevention System) – Can be either software or hardware tool used to alert and prevent a network from outside attackers like viruses, malware and hackers.
- HPPTS (SECURE HYPERTEXT TRANSFER PROTOCOL)
HTTP is a HYPERTEXT TRANSFER PROTOCOL most widely used around the world for viewing web sites and pages on the internet. However, for sensitive data like bank and e-commerce that require passwords and credit card information, it is very important to secure the http by installing a Secure Socket Layer (SSL) which upgrades HTTP to HTTPS adding a secure feature which encrypts data being retrieved on the internet.
- SSH (Secure Shell)
It protects data from being attacked and stolen during transfer over a network. It is a sure tunnel that is formed around the data being transferred to protect it from potential attackers.
OTHER NETWORK SECURITY PRACTICES
Here are other best practices for access control to ensure the security stays at a satisfied level;
- Deny access to systems by undefined users or anonymous accounts.
- Limit and monitor the usage of administrator and other powerful accounts.
- Suspend / delay access capability after a specific number of unsuccessful logon attempts.
- Remove obsolete user accounts as soon as the user leaves the organization.
- Suspend inactive accounts after 30 to 60 days.
- Enforce strict access criteria.
- Enforce to need-to-know the and least-privilege practices.
- Disable unnecessary system features, services, and ports.
- Replace default password setting on accounts
- Limit and monitor global access rules.
- Ensure logon IDs are non-descriptive of job functions.
- Remove redundant resource rules from accounts and group membership
- Remove redundant IDs, accounts, and role-based accounts from resource access lists.
- Enforce password rotation
- Enforce strong password requirements
- Audit systems, user events, actions, and review reports periodically
- Protect audit logs
Thank you for reading.