Potential Threat Posed by a Hacker

When we consider the potential threat posed by a hacker, the first step in preparing to respond to this threat is to break the threat down into different categories. You anticipate that a hacker will attempt to intrude in to the network with the objective of: (i) copying some files; (ii) defacing the Web page; and (iii) stealing credit card numbers. How many "threat categories" does this threat represent?

There are 3 main Threat categories which are

1. Malware Threat Category

Programs in this category include Viruses, Worms and Trojans. The actions these malicious programs infects the computer and completely crashing our computer data.

2. Spyware Threat Category

Programs in this category includes ContraVirus, Cyber spying and CAS some programs in this Category will offer a useful service in exchange for being allowed to gather information from the user.

3. Riskware Threat Category

Programs in this Category are generally considered to be safe for use, provided they are used by an authorized person in an appropriate situation. If misused or used by a malicious attacker, the program may then constitute a security risk.

Q. No. 2

(a) Please list some ways in which a social engineering system hacker can attempt to gain information about a user's login ID and password.

(b) How would this type of attack differ when the target is an Administrative Assistant versus a Data Entry Clerk as the target?

- Direct contact with the Target by phone, email and other communication methods to gain the required information.

- create an unusual situation for the target to handle and offering outside help, one can gain sensitive information from the target through this process.

- The hacker tries to create trust to gain valuable information from Help Desk to know the user's ID's and Passwords

- Social engineering aims at collecting as much information as possible from the user which can be useful to get the login or access to his mailbox.

Systems administrators are at the front line of any security architecture. They also know the systems that they manage on a daily basis better than anyone else. However, most systems administrators are not security professionals. Making the assumption that they are often leads to many of the security related issues organizations face today.