| The U.S. Government's National Information Assurance | | | | when you open the file, it will perform some action(s). |
| Glossary defines Information Security as: Protection of | | | | These actions can be with different nature. The most |
| information systems against unauthorized access to or | | | | common are of two types: |
| modification of information, whether in storage, | | | | * The first is a remote control program that would |
| processing or transit, and against the denial of service | | | | allow the attacker to act as if he were in front of the |
| to authorized users or the provision of service to | | | | machine. |
| unauthorized users, including those measures | | | | * The second is a program that would allow a remote |
| necessary to detect, document, and counter such | | | | attacker to execute specific commands from the |
| threats. | | | | target machine. |
| But in this article will be same information about one of | | | | Both types take a control over target computer and |
| the unauthorized access types - internet attacks! | | | | often use that to make denial of service of other |
| That's makes more easily understand how these | | | | target computer. |
| attacks work and click why so important get there | | | | Buffer Overflow |
| own information security strategy! | | | | An attacker sends a specific series of characters |
| Denial of service In this attack an attacker tries to do | | | | (text) to a service that will cause the service to act |
| targetcomputer unable to provide the normal gamut of | | | | outside it's normal operating parameters. These |
| services. That attacker can do sending more | | | | attacks can be considered two parts, the overflow |
| information to a target computer than a computer is | | | | itself, and the command to execute. The overflow part |
| capable of processing. In this incident a user or | | | | contains the specific series of characters that will |
| organization is deprived of the services of a resource | | | | cause the service to act abnormally, but other contains |
| what they would normally expect to have. In this case | | | | commands. These commands can be something |
| costs of this attack are a great deal of time and | | | | simple like causing computer to crash, or something |
| money. A denial of service attack is a type of security | | | | complex like installing a trojan. |
| attack to a computer system that does not usually | | | | Buffer overflows are usually the preferred method of |
| result in the theft of information or other security loss. | | | | compromising a web server. |
| Trojan Horse | | | | Port Scan |
| Trojan horses are programs that pretend to be | | | | A port scanner is a tool that allows an individual to list |
| legitimate software, but actually carry out hidden, | | | | the ports on a computer that are listening (available / |
| harmful functions. An attacker place this software on | | | | open). Using a port scanner is usually the first step in |
| the target computer using web site, e-mail, embedded | | | | determining how to compromise a system, as an |
| within another software package, or force-installed | | | | attacker needs to know what the potential |
| through the compromise of another service running. | | | | vulnerabilities of a system are before trying to execute |
| Trojans are executable programs, which mean that | | | | them. |