'Malware' includes
- Computer Viruses - computer programs that can spread across computers and networks by making copies of itself without the user's knowledge.
- Worms - similar to viruses but do not need a carrier program or document. create exact copies of themselves and use a network to spread.
- Trojan Horses - programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.
- Spyware - includes methods to collect information about the use of the computer on which the software is installed.
In simple words,
Sniffing means to illegally listen into another's conversation
Spoofing means to pretend to be someone else.
Sniffing and spoofing are security threats that target the lower layers of the networking infrastructure supporting
applications that use the Internet.
Sniffing is a passive security attack in which a machine separate from the intended destination reads data on a network.
Spoofing is an active security attack in which one machine on the network masquerades as a different machine.
This masquerade aims to fool other machines on the network into accepting the impostor as an original, either to lure
the other machines into sending it data or to allow it to alter data.
Identity theft is a form of stealing someone's identity.
Someone pretends to be someone else in identity theft, by assuming that person's identity, usually as
a method to gain access to resources or obtain credit and other benefits in that person's name.
Phishing
is the act of attempting to acquire information such as usernames, passwords, and credit card details by
masquerading as a trustworthy entity in an electronic communication.
E.g.s
an e-mail can be sent to the victim
luring the victim to enter a site and when entered, information
such as
usernames, passwords and credit card information may be collected by the
criminal posing as the victim’s bank site.
These tools and techniques address how to:
Virus scanners, firewalls and Intrusion Detection Systems (IDS) .
References Used :- BIT UCSC Notes
Technologies and Tools Used for Security and control
These tools and techniques address how to:
- Authentication - Verify that users are who they say they are .
- Authorization - Control access to data and functions .
- Data Privacy and Integrity - Protect the privacy and integrity of information assets.
- Non-Repudiation - Ensure non-repudiation, so parties can't deny their actions .
Virus scanners, firewalls and Intrusion Detection Systems (IDS) .
| These techniques and tools cannot alone provide information security. Limiting physical access to servers, routers and other systems is required. By physically reorganizing or consolidating information assets, we can simplify the management of those assets while increasing their security. These servers and the other computer infrastructures should be physically protected as well.
Security Audits
The information security status of critical IT environments should be subject to thorough, independent and regular security audits/reviews.
In principle, security audits/reviews should be:
|
What-is-the-difference-between-spoofing-and-sniffing
