Do you know your cyberthreats?

By , Network World |  Security, cybersecurity

The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.

Since a GAO report late last year showed reports of security incidents from federal agencies have increased more than 650% over the past five years, the need for a community of help on the cybersecurity front is needed.

MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft | Free download: 68 great ideas for running a security department

Inside the current report, the GAO included a list and definitions of some of the more common, and perhaps some not-so-common, security exploits that federal agencies and private firms are hit with. Here's the list:

• Cross-site scripting: An attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.

• Denial-of-service: An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

• Distributed denial-of-service: A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

• Logic bomb: A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

• Phishing: A digital form of social engineering that uses authentic-looking -- but fake -- e-mails to request information from users or direct them to a fake website that requests information.

• Passive wiretapping: The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question