النسخة العربية

Oman National CERT Towards a safe cyber environment

Oman Cybersecurity CTF competition

Oman Cybersecurity CTF competition

ARCC in collaboration with Cyber Talents are organizing "Oman Cybersecurity CTF competition" hosted by ITA through Oman National CERT.

View

" Red Chungu" Training

For the first time in Oman ARCC is conducting the "Red Chungu" Training in Oman from 15 Oct 2017 to 19 Oct 2017

View
6th Regional Cyber Security Summit

6th Regional Cyber Security Summit

Date : 20th to 21st November 2017 ... Location : Sheraton Oman Hotel, Muscat

View
4th Oman National Cyber Drill

4th Oman National Cyber Drill

Date :23rd – 25th , October, 2017 ... Location : Grand Hormuz Hotel, Muscat

View
OIC-CERT Annual Conference 2017

OIC-CERT Annual Conference 2017

Date : 6 – 9 November 2017 ... Location : Baku, Azerbaijan

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Cyber Security Threats

Cyber Security Threats

Category: Cyber Security Threats | Published Date: 12/07/2016 | Author: Maysa Zahran Mohammed Al-Hinai | Rating: Cyber Security Threats(19 Votes)


Security is the state of begin prtected or safe from harm or things done to make people or places safe. But in each things there is an intruder that may try to causes harm or danger even to you or to you systems for instance: threats..
Here in my article, just will inform you about threats definition, types and solution.


Threats Definition:
Something that is a source of danger capabilities intention and attack. or some people define it as
Methods of attackers that can exploit or cause harm to system.


Type of security threats:
There are Varity types of threats, but the most type known to people or attackers are:
1-Social Engineering Attacks.
2- Hackers and Crackers.
3- Hardware based Attack.
4- Software based Attack.


1-Social Engineering Attack:
It is based on the fact that people trust each other it depends on human factors such as: Honestly, friendship, happiness.  This types of attack   often a foundation to another type of attack. In addition, Social Engineering may come in person, through email, over the phone. Which takes advantage on users who are not technically knowledgeable, but it can be directed against technical support staff if the attackers pretend to be a user who needs help.

2- Hackers and Crackers:
Most of us heard about those types of people, but who are they?
A hacker is a person who has the skills to gain access to computer system through unauthorized means. There are two types of them (White and Black Hat)….but, what are the differences between them:
White hat are the good guys and ethical hackers who use their skills for protection and defensive purposes .Usually they are security professionals with knowledge of hacking. In addition, they use some tools to locate weaknesses and implement countermeasures.
Black hat, from their name you can imagine their work. They are malicious hackers who use their skills for illegal purpose .Often; they are called "Crackers". They try as they can to causes harm, problems or destroy system of their target.
Easily, as I mentioned previously you can differentiate between black and white from their actions.
   
3- Hardware based Attack:
The third type of attack is hardware based attack. Is an attack that target a computer's physical component and peripherals for instance: hard disk, motherboard and keyboard. In addition, the main aim of these attacks is to destroy the hardware itself or to get some sensitive information through theft or other mean. On the other hand, by using this type of attack, attackers try to make important date or devices unavailable through theft or destruction. As result, most of company business will be stopped or attackers try to causes embarrassment due to loss of the data.
 
4- Software based Attack:
As there is hardware attack, also there is attack that may affect on software. This attack will be target on an application, an operating system or a protocol. In addition, the aim of a software attack is to disable the software running on the computers in any organization or to exploit them in some way to gain access to systems. Also, software attack might be used by itself or with combination with another type of attack like: social engineering attack.


Security Threats in Offices
Cyber security in office
Countermeasures against unauthorized access via networks
  • User authentication
  • Network port security
  • IP address filtering
  • Access logs
  • Firmware validation
Countermeasures against unauthorized access via telephone lines
  • Security for fax lines
Countermeasures against tapping and alteration of information over the network
  • IP sec communications
  • Encryption over SSL/TLS
  • SNMPv3-encrypted communications
  • S/MIME for scan-to-e-mail
  • WPA (Wi-Fi protected access) support
  • PDF password encryption
Countermeasures against unauthorized access via the operator panel
  • User authentication
  • User authentication by authentication cards
  • User access restriction
  • User lockout function
  • Job logs / access logs
Countermeasures against information leaks via storage media
  • Hard disk drive (HDD) encryption
  • DataOverwriteSecurity System (DOSS)
  • Encryption key protection via TPM
Countermeasures against information leaks via hard copies
  • Locked print
  • User authentication
Countermeasure against information leaks due to carelessness
  • Displaying confirmation of transmission
  • Re-entering a fax number to confirm destination
  • Unauthorized copy control

All in all, we have to be aware from each sub type of threats. On other hands, if you face it in your daily life or in your daily work just you have to implement convenience countermeasures by using suitable  safety tools to reduce impact of threats. In addition, if you don’t know how to deal whit it, don't hesitate to contact with Oman National cert that they will assist and advice you to override threats in future.


References: