Tuesday, June 24, 2008

The Threat of Online Security: How Safe is Our Data?

There are two types of attacks by online such as nontechnical attack and technical attack. In this blog I will elaborates the threat of online security.

Nontechnical Attacks

Normally, nontechnical attack used in the persuasion to cheat people to expose secret or sensitive information or performing in illegal actions into the network. Well, one of the nontechnical attack is social engineering. Social engineering used in the social tricks to computer users into compromising computer networks. Another form of nontechnical attack that used broadly was phising by tricking the users to reveal their money credits. This technique usually can be found in e-mail messages that asking our certain personal informations. So, in order to avoid this incident happening, we can counter it by educating and training,policies and procedures, and penetration testing.


Tehnical Attacks

Examples of technical attack are denial of service (DOS) attack, distributed denial of service (DDoS) attack, virus, worm, macro virus or macro worm and Trojan horse and commonly used by the hackers using the software programing or expertise.

DOS is an attack that bombards system until it crashes or cannot respond. Attacker will uses specialized software to send flood of data packets to the target computer. It may cause a network to shut down,impossible the user to access and example are E-Bay, Amazon.com, CNN and Yahoo.

Virus is pieces of software code that require host program be run to activate it. Virus will inserts itself into host and propagate when it spreads. Virus will delete files or corrupt the hard drive.





Worm can spread itself without human intervention. It consumes the resources of its host in order to maintain itself, worm able to self-propagate and degrade network performance.


Marco virus or macro worm is a virus or worm that executes when the application object that contains macro is opened or a particular procedure is executed.

Trojan horse is a program that appears as useful function but contains hidden function that presents security risks. This program will allow other people to access and control a person’s computer over the internet.

From the above, we can see how important to secure our data. How to avoid this happen? Well the best way is by applying public key infrastructure(PKI). PKI is based on encryption and it is a process of transforming or scrambling (encrypting) data to make it difficult, expensive or time-consuming long for an unauthorized person to access it. Encryption has five basic parts such as plaintext, ciphertext, ecryption algorith, the key and key space.

There are two systems are symmetric systems, with one secret key, and asymmetric systems, with two keys. In symmetric (private) key system uses the same key to encrypt and decrypt the message and the example the data ecryption standard (DES). Meanwhile, asymmetric (public) key ecryption is a method of encryption that uses a pair of matched keys. Example are is RSA.

Reference:
-www.symantec.com/business/theme.jsp?themeid=threatreport
-http://news.cnet.com/8301-13739_3-9935170-46.html
-http://blogcritics.org/archives/2006/12/11/193220.php
-http://www.bio-itworld.com/BioIT_Content.aspx?id=74012
-Turban, E., King, D., McKay, J., Marshall, P., Lee, J., & Viehland, D. (2008). Electronic Commerce: A Managerial Perspective 2008 (International Edition). Upper Saddle River, NJ: Pearson-Education International. [www.prenhall.com/turban/]


Prepared by Agu
All right reservced by EnT02 Group Rui,Ean and Agu™

No comments: