النسخة العربية

Oman National CERT Towards a safe cyber environment

Regional Cybersecurity Week 2019

Regional Cybersecurity Week 2019

The 2nd Regional Cybersecurity Week will be held from 27th to 31st October 2019 in Kempinski Hotel, Muscat, Sultanate of Oman...

View
OIC-CERT Drill 2019

OIC-CERT Drill 2019

The OIC-CERT1 Drill is an annual event for the OIC-CERT member teams ...

View
National Cyber Security Drill ( Malware and dark web: The Persistent Threat )

National Cyber Security Drill ( Malware and dark web: The Persistent Threat )

The objective of this Cyber Drill is to enhance communication, teamwork, and participating teams’ incident response capabilities to ensure continued collective efforts against cyber threats through the CIRT of the region.

View
Oman Threat Hunters 2019

Oman Threat Hunters 2019

The ITU- Arab Regional Cybersecurity Centre (ITU-ARCC), hosted by Information Technology Authority and Oman National CERT, and in partnership with Silensec , is organizing “Threat Hunters 2019” , a national cybersecurity competition.Registration is open now through : https://cyberstars.pro/profile/register/

View
ISO/ IEC 27001: 2013 Lead Auditor training course – IRCA Certified

ISO/ IEC 27001: 2013 Lead Auditor training course – IRCA Certified

The ISO/IEC 27001 Lead Auditor training is an intensive five-day course where you’ll discover internationally- recognized best practice auditing techniques so you can confidently lead auditing activities...

View

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

Article Details

 

Cyber Security Threats

Cyber Security Threats

Category: Cyber Security Threats | Published Date: 12/07/2016 | Author: Maysa Zahran Mohammed Al-Hinai | Rating: Cyber Security Threats(19 Votes)


Security is the state of begin prtected or safe from harm or things done to make people or places safe. But in each things there is an intruder that may try to causes harm or danger even to you or to you systems for instance: threats..
Here in my article, just will inform you about threats definition, types and solution.


Threats Definition:
Something that is a source of danger capabilities intention and attack. or some people define it as
Methods of attackers that can exploit or cause harm to system.


Type of security threats:
There are Varity types of threats, but the most type known to people or attackers are:
1-Social Engineering Attacks.
2- Hackers and Crackers.
3- Hardware based Attack.
4- Software based Attack.


1-Social Engineering Attack:
It is based on the fact that people trust each other it depends on human factors such as: Honestly, friendship, happiness.  This types of attack   often a foundation to another type of attack. In addition, Social Engineering may come in person, through email, over the phone. Which takes advantage on users who are not technically knowledgeable, but it can be directed against technical support staff if the attackers pretend to be a user who needs help.

2- Hackers and Crackers:
Most of us heard about those types of people, but who are they?
A hacker is a person who has the skills to gain access to computer system through unauthorized means. There are two types of them (White and Black Hat)….but, what are the differences between them:
White hat are the good guys and ethical hackers who use their skills for protection and defensive purposes .Usually they are security professionals with knowledge of hacking. In addition, they use some tools to locate weaknesses and implement countermeasures.
Black hat, from their name you can imagine their work. They are malicious hackers who use their skills for illegal purpose .Often; they are called "Crackers". They try as they can to causes harm, problems or destroy system of their target.
Easily, as I mentioned previously you can differentiate between black and white from their actions.
   
3- Hardware based Attack:
The third type of attack is hardware based attack. Is an attack that target a computer's physical component and peripherals for instance: hard disk, motherboard and keyboard. In addition, the main aim of these attacks is to destroy the hardware itself or to get some sensitive information through theft or other mean. On the other hand, by using this type of attack, attackers try to make important date or devices unavailable through theft or destruction. As result, most of company business will be stopped or attackers try to causes embarrassment due to loss of the data.
 
4- Software based Attack:
As there is hardware attack, also there is attack that may affect on software. This attack will be target on an application, an operating system or a protocol. In addition, the aim of a software attack is to disable the software running on the computers in any organization or to exploit them in some way to gain access to systems. Also, software attack might be used by itself or with combination with another type of attack like: social engineering attack.


Security Threats in Offices
Cyber security in office
Countermeasures against unauthorized access via networks
  • User authentication
  • Network port security
  • IP address filtering
  • Access logs
  • Firmware validation
Countermeasures against unauthorized access via telephone lines
  • Security for fax lines
Countermeasures against tapping and alteration of information over the network
  • IP sec communications
  • Encryption over SSL/TLS
  • SNMPv3-encrypted communications
  • S/MIME for scan-to-e-mail
  • WPA (Wi-Fi protected access) support
  • PDF password encryption
Countermeasures against unauthorized access via the operator panel
  • User authentication
  • User authentication by authentication cards
  • User access restriction
  • User lockout function
  • Job logs / access logs
Countermeasures against information leaks via storage media
  • Hard disk drive (HDD) encryption
  • DataOverwriteSecurity System (DOSS)
  • Encryption key protection via TPM
Countermeasures against information leaks via hard copies
  • Locked print
  • User authentication
Countermeasure against information leaks due to carelessness
  • Displaying confirmation of transmission
  • Re-entering a fax number to confirm destination
  • Unauthorized copy control

All in all, we have to be aware from each sub type of threats. On other hands, if you face it in your daily life or in your daily work just you have to implement convenience countermeasures by using suitable  safety tools to reduce impact of threats. In addition, if you don’t know how to deal whit it, don't hesitate to contact with Oman National cert that they will assist and advice you to override threats in future.


References: