Top 10 Security Threats Every IT Pro Should Know
Over the past decade, the number of system security threats have soared. As IT professionals scramble to stay abreast of the latest challenges in securing their environments, they must navigate an increasingly complicated playing field. New terminology has developed, further adding to the confusion.
It is not uncommon for some to use words like worm and trojan interchangeably these days.
The first of the exam objectives (1.1), deals with system security threats. In this article, we’ll take a look at the sometimes subtle, yet important differences between each threat covered on the SY0-201 exam.
Definitions vary, but in the most general sense, a system security threat is a malicious event or action targeted at interrupting the integrity of corporate or personal computer systems. The motivation is to compromise data for the purposes of exploitation.
Data can be of the sensitive type; things like credit card information, passwords or contact lists. And another type is information that might interest advertisers, like your Internet browsing habits.
What are the specific threats that you should be aware of for the Security+ exam? Here’s a list of the top 10 security threats you should be aware of.
1. Privilege Escalation
Software programs often have bugs that can be exploited. These bugs can be used to gain access to certain resources with higher privileges that can bypass security controls.
The term “virus” has been used as a catchall phrase for many threats. Essentially, a virus is a computer program that, like a medical virus, has the ability to replicate and infect other computers. Viruses are transmitted over networks or via USB drives and other portable media.
A worm is a specific type of virus. Unlike a typical virus, it’s goal isn’t to alter system files, but to replicate so many times that it consumes hard disk space or memory. Worm victims will notice their computers running slower or crashing.
Trojan horses, commonly referred to as Trojan, are programs. They masquerade as normal, safe applications, but their mission is to allow a hacker remote access to your computer. In turn, the infected computer can be used as part of a denial of service attack and data theft can occur.
A particularly nasty Trojan is a keystroke logger than can be used to capture passwords, credit card numbers and other sensitive information.
Spyware usually invades computers through software downloads. Shareware and freeware downloads, in addition to peer-to-peer file sharing are typical infection points. Like Trojans, spyware can pilfer sensitive information, but are often used as advertising tools as well. The intent is to gather a user’s information by monitoring Internet activity and transmitting that to an attacker.
Some view spam is more of an annoyance than a threat. Still, legislation like the CAN-SPAM Act has been enacted to help combat the problem, so that view may not hold weight with many others. Spam is unsolicited junk mail. It comes in the form of an advertisement, and in addition to being a time waster, has he ability to consume precious network bandwidth.
Similar to spyware, adware observes a user’s Internet browsing habits. But the purpose is to be able to better target the display of web advertisements.
Rootkits are some of the most difficult to detect. They are activated when your system boots up — before anti-virus software is started. Rootkits allow the installation of files and accounts, or the purposes of intercepting sensitive information.
Botnets are created with a Trojan and reside on IRC networks. The bot can launch an IRC client, and join chat room in order to spam and launch denial of service attacks.
10. Logic bomb
You may have also heard the term “slag code” to refer to logic bombs. They are bits of code added to software that will set off a specific function. Logic bombs are similar to viruses in that they can perform malicious actions like deleting files and corrupting data.
How to Arm Yourself Against These Threats
The list of system security threats is extensive and growing. A defense strategy that includes anti-virus software, system patching and timely software updates are key to combating the problem. For system administrators and end-users alike, understanding the differences between these threats are the first step towards being able to eradicate them.
The SANS Institute publishes a list of top security threats that will help keep you up-to-date.
I hope this article helped clarify some of those differences and will make your path to Security+ certification just a little smoother.