Computer Security Threats

Network Threats

• Spam: a serious network threat that can overload ISPs, email servers, and individual end-user systems
• Spammer: a person or organization responsible for sending spam
• Spam can take control of home computers using hacking techniques like viruses, worms, and Trojan horses
• Spyware: any program that gathers personal information from a computer without permission or knowledge
• Tracking Cookies: a form of spyware used to record information about an Internet user

Firewall

• A Firewall: a security tool that protects internal network users from external threats
• Resides between two or more networks, controlling traffic and preventing unauthorized access
• Types of Firewalls:
• Static Packet Filtering (stateless firewall): allows or blocks access based on IP or MAC addresses
• Dynamic Packet Filtering (stateful firewall): only allows incoming packets that are legitimate responses to requests from internal hosts

Proxy Server

• A computer system or application that intercepts internal user requests and processes them on behalf of the user
• Goal: to hide the IP address of client systems inside the secure network

VPN

• Tunnels traffic between two sides of a network
• Types:
• Remote Access VPN
• Site to Site VPN

Intrusion Detection and Prevention Systems

• NIDS (Network-based Intrusion Detection System): watches network traffic, detects intrusions, and sends alarms and logs
• NIPS (Network-based Intrusion Prevention System): stops traffic when an intrusion is detected
• Types of detection methods:
• Signature-based: looks for a perfect match
• Anomaly-based: builds a baseline of what is normal
• Behavior-based: observes and reports

Next Generation Firewall (NGFW)

• A deep-packet inspection firewall that moves beyond port/protocol inspection and blocking
• Adds application-level inspection, intrusion prevention, and brings intelligence from outside the firewall

Encryption

• Process of encoding information to convert plaintext into ciphertext
• Requires a key for encryption and decryption
• Symmetric encryption: uses the same key for encryption and decryption (not secure)
• Asymmetric encryption: uses a pair of keys (public and private)

Digital Signatures

• Created by hashing a document and encrypting the hash with a private key
• Verifiable by the owner of the private key and any entity with the public key
• Provides non-repudiation and integrity, but not confidentiality

Digital Certificates

• Electronic file containing identification information, including a public key, and a digital signature from a certification authority
• Allows verification of authenticity and enables HTTPS