Threats to organization

Threats to Organisation
All organisations are connected with internet for networking and connection with external world. Security threats arise from malicious software that enters the organisation from outside or from internal users. Some threats are:-

Malware
Malicious external software that pose a threat to the security of organisations come in many forms. One of the most widely prevalent threats is viruses which are software packages that harm the organizations IT assets. A cousin of virus is worm Third type of malicious software is Trojans. Trojans are also malware that allows users from outside to invade the computer and use its resources.

Examples of Malware
ILOVEYOU Worm-also called the love Bug by the media It appeared in May 2000 and spread rapidly across Microsoft e-mail servers. It is a worm which came as and attachment in an e-mail message with the subject line of message reading I LOVE YOU If the receipient opened the attachment by double then it replicate itself by e-mail.

Conflicker Worm
Was Detected in late 2008 It propagates via windows operating system It enters your system through internet, USB memory sticks or shred files. It maps out other computer on the network particularly those have insecure passwords or non-updated security software.

Cracking and Espionage

Cracking and Hacking are sometimes used as interchangeably. Done by expert programmers who finds ways to break into networks by identifying weaknesses in their security or by uncovering passwords. Hacking also refers to the same act but sometimes hacking is done for useful reasons known as ethical hacker.

 One method of cracking is Reverse engineering In this crackers identify the kind and type of system that is being used and the uncover its security mechanisms Second method is Social engineering which is manipulation of unsuspecting users to extract private information from them. Another reason why crackers break into organisations for industrial and political espionage

Phishing and identity theft

Is done with fake websites that masquerade as real ones. Key logging is another form of identity theft by using key logger software. All the keys a user press are stored in the key logger along with the clear record that they have typed.

Denial of service attack

Three way handshaking takes place with connection oriented approach. Ip spoofing is done. Crackers manipulate the web servers. This makes it very difficult to identify the IP address of all attacking computers and block them. This is known as distributed DOS