Brute Force Attacks attempt to access information in a system by means of trial and error to correctly guess the pin or passcode of the system. Attackers utilize programs to guess passwords in rapid succession until they find the correct one. This threat comes in various forms such as Dictionary where the password cracker uses commonly used password or list of words to guess the password. Hybrid mixes in numbers to the list and rainbow tables compares the hash variable of the password against of table of known hashes to break the code, this is therefore a high risk threat to a server.
Unused and Open Ports
Open ports are like doorways to the network for attackers. On the server the open ports are listening for inbound packets waiting on communication from the outside as well as from users on the network in order to perform jobs. A lack of a firewall system that controls which ports are open and which ones are closed leaves the server extremely vulnerable to attacks.
Escalation of Privilege
Escalation of Privilege is the act of using vulnerability, a bug, or a design flaw to gain unauthorized elevated access to resources that would normally be off limits to the user. There are two common types of privilege escalation, vertical and horizontal. Vertical privilege escalation, also known as privilege elevation, is where a user with a lower level of access can access functions or content that would normally be off limits to them. For example, by bypassing a passcode lock on a smartphone. Horizontal escalation is where a normal user accesses information or applications that are reserved for other users such as using your logon credentials to access another users email account. This is a low risk threat to a server
Denial of Service
Attackers who can break into the website can typically perform a denial of service attack to prevent the intended audience access to the website. In this manner, they operate by sending a large amount of requests to bring down the website. attack is simple attack on a website. It operates by overwhelming a website with a lot of information requests, hence, severely slowing down the entire operation of a website and even entirely bringing it down. Just as in the scenario, the members realized their work stations are running slowly and after some time the clients start complaining that the website is unavailable and also times out. This is a high risk threat because of the consequences of the attack and the impossibility of making a website tamper proof.
Authorization threats include elevation of privilege, spillage, data tampering, and luring attacks for example phishing, spear phishing and whaling are possible if controls are not in place to prevent them. Assigning untrained personnel, the task of maintaining website security leads to the risk of social engineering attacks. This is a medium threat because as much as there is high chances of a website getting exposed to the risk, users can be trained on how prevent such threats thereby increasing the possibility of controlling the same.
Careless Users is a major threat to the security of the website. If the users have easy to guess passwords, the site is created with poorly written code, vulnerabilities go undetected and patched, users are sharing their logon credentials or leaving their workstations logged in while they are away from their systems and overall general lack of security measures such as a firewall and anti-virus is a disaster waiting to happen. This is therefore a high risk threat because everyone is bound to make a mistake and expose the website to various forms of risks.
Malware includes a variety of malicious software among them being the Trojans, worms and viruses which can affect the machine. Once the machine is infected, it is possible that infection can spread to the other workstations that are connected to the network thereby causing serious damage. A malware is a medium threat as it causes damage to a system and files but there are ways that can prevent entry of a malware into a system.
Failure to implement the patch management proves to be the one of the most serious threats to the security of a server. On daily basis, new security threats are discovered which proves the need to update the affected software to help in avoiding potential security risk. By installing them on the server in a timely manner, it is easier to prevent an attacker from using own vulnerabilities of the server against it. Such is a low threat which only requires improvement of the website to prevent unsolicited updating of the system.
Insufficient Network Redundancy
Insufficient Network Redundancy is a threat to the availability of the server and if the network goes down, it is of great importance to have network redundancy to provide fault tolerant and help in maintaining the available bandwidth. Multiple internet connections from different ISPs need to be implemented to help in the prevention of server downtime. Network redundancy is a threat to website and a system because it is not under the control of developers but under the network provides; this makes it a high threat because it makes a company highly dependent on the network providers and there are higher chances of network providers sabotaging operations in the systems.
Need a paper on the same topic?
We will write it for you from scratch!
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Benefits of school uniforms
- Geometry Problem Solving Paper
- Pros and Cons of Crowdfunding
- The Influence of the Internet on Business
- Dying and Grief
- Substance Abuse: Alcohol and other Drugs
- Moral Analysis of the Film
- Analytical Reading Reflection Paper
- Managing Conflict in the Workplace
- Title Yes No N/A Explanation from Readings
- Perception of Men and Women about Pregnancy and Abortion