Many network devices have default settings that emphasize performance or ease of installation without considering security issues. Such installation without adequate attention to correcting these settings could create serious potential problems.
Monitoring vendor announcements and advisories, combined with industry news services, can identify the most common, best-known vulnerabilities and often include the appropriate mitigation solution.
Security attacks can be characterized as the different sorts of systematic activities aimed at decreasing or corrupting the security. From this perspective, an attack can be defined as a systematic threat generated by an entity in an artificial, deliberate and intelligent way. Security attacks can be characterized as the different sorts of systematic activities aimed at decreasing or corrupting the security.
From this perspective, an attack can be defined as a systematic threat generated by an entity in an artificial, deliberate and intelligent way. Computer networks may be vulnerable to many threats along many avenues of attack. Social engineering, wherein someone tries to gain access through social means (pretending to be a legitimate system user or administrator, tricking people into revealing secrets, etc.).
War dialing is when someone uses computer software and a modem to search for desktop computers equipped with modems that answer, providing a potential path into a corporate network. Password guessing is when passwords which are sequences of symbols, usually associated with a user name are tried that provide a mechanism for identification and authenticationof a particular user.
On almost all machines, the users themselves choose the passwords. This places the burden of security on end users who either do not know, or, sometimes do not care about sound security practices. As a general rule, passwords that are simple to rememberare mostly easier to guess, which makes you more vulnerable to attackers.
Eavesdropping of all sorts, including stealing e-mail messages, files, passwords, and other information over a network connection by listening in on the connection is also very common.
Passive attacks attempt to learn or make use of information from the system but do not affect system resources. A passive attack is one where the attacker only monitors the communication channel. A passive attacker only threatens the confidentiality of data. It is in the nature of eavesdropping or monitoring oftransmissions.
Obtaining information that is being transmitted is another activity, which attackers use. Traffic analysis refers to the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic.
Active attacks attempt to alter system resources or affect their operation. This type of attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.