IT Security

Threat (computer)
In computer security a threat is a possible danger that might exploit a vulnerability to breach security and
thus cause possible harm.
A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organiation!
or "accidental" (e.g., the possibility o" a computer mal"unctioning, or the possibility o" anatural
disaster such as an earth#uake, a "ire, or a tornado! or other$ise a circumstance, capability, action, or
event.
Penetration testing
A penetration test, occasionally pentest, is a method o" evaluating computer and net$ork
security by simulating an attack on a computer system or net$ork "rom external and internal
threats.The process involves an active analysis o" the system "or any potential vulnerabilities that
could result "rom poor or improper system con"iguration, both kno$n and unkno$n hard$are or
so"t$are "la$s, or operational $eaknesses in process or technical countermeasures. This analysis
is carried out "rom the position o" a potential attacker and can involve active exploitation o"
security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system%s
o$ner. &""ective penetration tests $ill couple this in"ormation $ith an accurate assessment o" the
potential impacts to the organiation and outline a range o" technical and procedural
countermeasures to reduce risks.
'enetration tests are valuable "or several reasons
(. )etermining the "easibility o" a particular set o" attack vectors
*. Identi"ying higher+risk vulnerabilities that result "rom a combination o" lo$er+risk
vulnerabilities exploited in a particular se#uence
,. Identi"ying vulnerabilities that may be di""icult or impossible to detect $ith automated
net$ork or application vulnerability scanning so"t$are
-. Assessing the magnitude o" potential business and operational impacts o" success"ul
attacks
.. Testing the ability o" net$ork de"enders to success"ully detect and respond to the attacks
/. 'roviding evidence to support increased investments in security personnel and
technology
'enetration tests are a component o" a "ull security audit. 0or example, the 'ayment 1ard
Industry )ata Security Standard ('1I )SS!, and security and auditing standard, re#uires both
annual and ongoing penetration testing (a"ter system changes!.
Vulnerability assessment
In computer security, a vulnerability is a $eakness $hich allo$s an attacker to reduce a
system%s in"ormation assurance. Vulnerability is the intersection o" three elements2 a system
susceptibility or "la$, attacker access to the "la$, and attacker capability to exploit the "la$. To
exploit a vulnerability, an attacker must have at least one applicable tool or techni#ue that can
connect to a system $eakness. In this "rame, vulnerability is also kno$n as the attack sur"ace.
3ulnerability management is the cyclical practice o" identi"ying, classi"ying, remediating, and
mitigating vulnerabilities. This practice generally re"ers to so"t$are vulnerabilities in computing
systems.
A security risk may be classi"ied as a vulnerability. The use o" vulnerability $ith the same
meaning o" risk can lead to con"usion. The risk is tied to the potential o" a signi"icant loss. Then
there are vulnerabilities $ithout risk2 "or example $hen the a""ected asset has no value. A
vulnerability $ith one or more kno$n instances o" $orking and "ully implemented attacks is
classi"ied as an exploitable vulnerability 4 a vulnerability "or $hich an exploit exists.
The window of vulnerability is the time "rom $hen the security hole $as introduced or
mani"ested in deployed so"t$are, to $hen access $as removed, a security "ix $as
available5deployed, or the attacker $as disabled4see ero+day attack.
Security bug (security de"ect! is a narro$er concept2 there are vulnerabilities that are not related
to so"t$are2 hard$are, site, personnel vulnerabilities are examples o" vulnerabilities that are not
so"t$are security bugs. 1onstructs in programming languages that are di""icult to use properly
can be a large source o" vulnerabilities.
Firewall (computing)
In computing, a firewall is a so"t$are or hard$are+based net$ork security system that controls
the incoming and outgoing net$ork tra""ic by analying the data packets and determining
$hether they should be allo$ed through or not, based on applied rule set. 0ire$alls can be
de"ined in many $ays according to your level o" understanding. A "ire$all establishes a barrier
bet$een a trusted, secure internal net$ork and another net$ork (e.g., the Internet! that is not
assumed to be secure and trusted.
6any personal computer operating systems include so"t$are+based "ire$alls to protect against
threats "rom the public Internet. 6anyrouters that pass data bet$een net$orks contain "ire$all
components and, conversely, many "ire$alls can per"orm basic routing "unctions.
Attacks And Its Types

In computer and computer networks an attack is any attempt to destroy, expose, alter, disable,
steal or gain unauthoried access to or make unauthoried use o" an asset.
Types o" attack
An attack usually is perpetrated by someone $ith bad intentions2 7lack hatted attacks "alls in this
category, $hile other per"orm 'enetration testing on an organiation in"ormation system to "ind
out i" all "oreseen controls are in place. The attacks can be classi"ied according to their origin2 i.e.
i" it is conducted using one or more computers2 in the last case is called a distributed
attack. 7otnet are used to conduct distributed attacks. 8ther classi"ications are according to the
procedures used or the type o" vulnerabilities exploited2 attacks can be concentrated on net$ork
mechanisms or host "eatures. Some attacks are physical2 i.e. the"t or damage o" computers and
other e#uipment. 8thers are attempts to "orce changes in the logic used by computers or net$ork
protocols in order to achieve un"oreseen (by the original designer! result but use"ul "or the
attacker. So"t$are used to "or logical attacks on computers is called mal$are.
The "ollo$ing is a partial short list o" attacks2
'assive
9et$ork
$iretapping
'ort scanner
Idle scan
Active
)enial+o"+service attack
Spoo"ing
9et$ork
6an in the middle
A:' poisoning
'ing "lood
'ing o" death
Smur" attack
;ost
7u""er over"lo$
;eap over"lo$
0ormat string attack