|
| Gibson Research Corporation will check which of your computer logic ports are open. |
| www.grc.com |
| |
|
| | | | | |
| Attack | Description | Possible Solution |
| Password Guessing: | A common way sites are exploited is through easily guessable system passwords. Cracking tools can be employed that try common passwords or even try every word in the English dictionary. | Use and rotate strong passwords. Use longer, difficult to guess passwords. Change passwords frequently. |
| The underlying operating system may be open to exploitation because of bugs or known flaws. Once the operating system is compromised, the intruder will have the run of the site. | ERROR MSGKeep operating system software up-to-date by applying all patches and upgrades. | |
| Spoofing: | Not necessarily used for intrusion, spoofing is a technique where an intruder appears to be someone else. This may be used for intrusion when the intruder spoofs a trusted site. Spoofing can also allow an intruder to pretend to be the site when a user is conducting a transaction. | ERROR MSGLimit access points. Remove services that are not in common use. Limit web servers to only providing web service and consider removing any form of network protocol access to a server except HTTP. |
| Network Sniffing: | Solna albergo aeroportualeMonitors network traffic to grab passwords and other data useful to gain entry to servers. In some cases there may be no need to actually enter a server, as valuable data may be transmitted around the network and scooped up directly. | Use strong encryption when transmitting sensitive data, either via e-mail or HTTP. |
| Denial of Service: | A denial of service attack is not necessarily performed to gain access to a site. Denial of service is generally employed to cause damage or ruin reputation. Typical denial of service includes crashing the system, using up all server resources and thus locking out legitimate users, or flooding a network with bogus requests. | cheap hotels in BilbaoSet up a firewall. Configure so as to limit network traffic. Consider both packet filtering and application protocol limitations. |
| Social Engineering: | Social engineering is when an intruder attempts to trick unsuspecting site owners or associated staff members into divulging important information, such as system passwords. Typically, the intruder will attempt to impersonate a trusted or important individual over the phone or via e-mail, since physical deception can be difficult. | Reduce information leakage. Don't allow remote logins. Don't reveal the type of technology used or even the type of server. |
| Physical Compromise: | ERROR MSGProbably the least common attack form, but still important to consider, is physical intrusion of a site location, including actually stealing a system. | Limit physical access to important servers. Destroy sensitive documents, including documents that detail network or server configurations. |
- | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - |