1.Trojan horse programs
Trojan horse programs are a
common way for intruders to
trick you (sometimes referred to
as "social engineering") into
installing "back door" programs.
These can allow intruders easy
access to your computer without
your knowledge, change your
system configurations,or infect
your computer with a computer
virus.
2. Back door and remote
administration programs
On Windows computers, three
tools commonly used by
intruders to gain remote access
to your computer are
BackOrifice, Netbus, and
SubSeven. These back door or
remote administration programs,
once installed, allow other
people to access and control
your computer.
3. Denial of service
Another form of attack is called
a denial-of-service (DoS) attack.
This type of attack causes your
computer to crash or to become
so busy processing data that
you are unable to use it. It is
important to note that in
addition to being the target of a
DoS attack, it is possible for
your computer to be used as a
participant in a denial-of-service
attack on another system.
4. Being an intermediary for
another attack
Intruders will frequently use
compromised computers as
launching pads for attacking
other systems. An example of
this is how distributed denial-of-
service (DDoS) tools are used The intruders install an
"agent" (frequently through a
Trojan horse program) that runs
on the compromised computer
awaiting further instructions.
Then, when a number of agents
are running on different
computers, a single "handler"
can instruct all of them to
launch a denial-of-service attack
on another system. Thus, the
end target of the attack is not
your own computer, but
someone else’s -- your computer
is just a convenient tool in a
larger attack.
5. Unprotected Windows shares
Unprotected Windows
networking shares can be
exploited by intruders in an
automated way to place tools on
large numbers of Windows-
based computers attached to the
Internet. Because site security
on the Internet is
interdependent,a compromised
computer not only creates
problems for the computer's
owner, but it is also a threat to
other sites on the Internet. The
greater immediate risk to the
Internet community is the
potentially large number of
computers attached to the
Internet with unprotected
Windows networking shares
combined with distributed attack
tools.
Another threat includes
malicious and destructive code,
such as viruses or worms, which
leverage unprotected Windows
networking shares to propagate.
There is great potential for the emergence of other intruder
tools that leverage unprotected
Windows networking shares on
a widespread basis.
6. Mobile code (Java/JavaScript/
ActiveX)
There have been reports of
problems with "mobile
code" (e.g. Java, JavaScript, and
ActiveX). These are programming
languages that let web
developers write code that is
executed by your web browser.
Although the code is generally
useful, it can be used by
intruders to gather information
(such as which web sites you
visit) or to run malicious code
on your computer. It is possible
to disable Java, JavaScript, and
ActiveX in your web browser.
7. Cross-site scripting
A malicious web developer may
attach a script to something sent
to a web site, such as a URL, an
element in a form, or a database
inquiry. Later, when the web site
responds to you, the malicious
script is transferred to your
browser.
You can potentially expose your
web browser to malicious scripts
by
following links in web pages,
email messages, or newsgroup
postings without knowing what
they link to
using interactive forms on an
untrustworthy site
viewing online discussion
groups, forums, or other
dynamically generated pages
where users can post text
containing HTML tags
8. Packet sniffing
A packet sniffer is a program that captures data from
information packets as they
travel over the network. That
data may include user names,
passwords, and proprietary
information that travels over the
network in clear text. With
perhaps hundreds or thousands
of passwords captured by the
packet sniffer, intruders can
launch widespread attacks on
systems. Installing a packet
sniffer does not necessarily
require administrator-level
access.
Relative to DSL and traditional
dial-up users, cable modem
users have a higher risk of
exposure to packet sniffers since
entire neighborhoods of cable
modem users are effectively part
of the same LAN. A packet sniffer
installed on any cable modem
user's computer in a
neighborhood may be able to
capture data transmitted by any
other cable modem in the same
neighborhood.
Trojan horse programs are a
common way for intruders to
trick you (sometimes referred to
as "social engineering") into
installing "back door" programs.
These can allow intruders easy
access to your computer without
your knowledge, change your
system configurations,or infect
your computer with a computer
virus.
2. Back door and remote
administration programs
On Windows computers, three
tools commonly used by
intruders to gain remote access
to your computer are
BackOrifice, Netbus, and
SubSeven. These back door or
remote administration programs,
once installed, allow other
people to access and control
your computer.
3. Denial of service
Another form of attack is called
a denial-of-service (DoS) attack.
This type of attack causes your
computer to crash or to become
so busy processing data that
you are unable to use it. It is
important to note that in
addition to being the target of a
DoS attack, it is possible for
your computer to be used as a
participant in a denial-of-service
attack on another system.
4. Being an intermediary for
another attack
Intruders will frequently use
compromised computers as
launching pads for attacking
other systems. An example of
this is how distributed denial-of-
service (DDoS) tools are used The intruders install an
"agent" (frequently through a
Trojan horse program) that runs
on the compromised computer
awaiting further instructions.
Then, when a number of agents
are running on different
computers, a single "handler"
can instruct all of them to
launch a denial-of-service attack
on another system. Thus, the
end target of the attack is not
your own computer, but
someone else’s -- your computer
is just a convenient tool in a
larger attack.
5. Unprotected Windows shares
Unprotected Windows
networking shares can be
exploited by intruders in an
automated way to place tools on
large numbers of Windows-
based computers attached to the
Internet. Because site security
on the Internet is
interdependent,a compromised
computer not only creates
problems for the computer's
owner, but it is also a threat to
other sites on the Internet. The
greater immediate risk to the
Internet community is the
potentially large number of
computers attached to the
Internet with unprotected
Windows networking shares
combined with distributed attack
tools.
Another threat includes
malicious and destructive code,
such as viruses or worms, which
leverage unprotected Windows
networking shares to propagate.
There is great potential for the emergence of other intruder
tools that leverage unprotected
Windows networking shares on
a widespread basis.
6. Mobile code (Java/JavaScript/
ActiveX)
There have been reports of
problems with "mobile
code" (e.g. Java, JavaScript, and
ActiveX). These are programming
languages that let web
developers write code that is
executed by your web browser.
Although the code is generally
useful, it can be used by
intruders to gather information
(such as which web sites you
visit) or to run malicious code
on your computer. It is possible
to disable Java, JavaScript, and
ActiveX in your web browser.
7. Cross-site scripting
A malicious web developer may
attach a script to something sent
to a web site, such as a URL, an
element in a form, or a database
inquiry. Later, when the web site
responds to you, the malicious
script is transferred to your
browser.
You can potentially expose your
web browser to malicious scripts
by
following links in web pages,
email messages, or newsgroup
postings without knowing what
they link to
using interactive forms on an
untrustworthy site
viewing online discussion
groups, forums, or other
dynamically generated pages
where users can post text
containing HTML tags
8. Packet sniffing
A packet sniffer is a program that captures data from
information packets as they
travel over the network. That
data may include user names,
passwords, and proprietary
information that travels over the
network in clear text. With
perhaps hundreds or thousands
of passwords captured by the
packet sniffer, intruders can
launch widespread attacks on
systems. Installing a packet
sniffer does not necessarily
require administrator-level
access.
Relative to DSL and traditional
dial-up users, cable modem
users have a higher risk of
exposure to packet sniffers since
entire neighborhoods of cable
modem users are effectively part
of the same LAN. A packet sniffer
installed on any cable modem
user's computer in a
neighborhood may be able to
capture data transmitted by any
other cable modem in the same
neighborhood.
No comments:
Post a Comment