In this tutorial you are going to learn about Vulnerabilities and Threats in Distributed System.
Vulnerability
A vulnerability is a weakness of the system or gap in our protection system where our data can be accessed by the attackers unauthorizedly.
For example: Procedures, designs or implementation of our system that might be exploited by threats to cause loss or harm.
For instance, a particular system may be vulnerable to unauthorized data access and manipulation because the system does not verify a user's identity beforehand.
Threat
A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.
Types of Security threats
Trojan Horses:
- It is a destructive program, usually disguised as computer games or an application software.
- If executed, the computer system will be damaged.
- It is usually comes with monitoring tools and keylogged.
- It may arrive as a friendly email attachment or present itself as a useful application on websites
- It doesn't have the ability to self replicate but to obtain destructive payloads and unload viruses, worms or spyware.
Spyware:
- Spyware is a program that gets installed without the user's permission.
- It monitors the user's activities on the internet and transmits that information to the third party.
RootKits:
- It is a single program or collection of program designed to take a complete control of a system
- It gives hackers all the abilities of a system administrator from a remote location. It is often used to attack other distribution spam or steal passwords.
Back doors:
Backdoor Trojan allows someone to take control of another user’s computer via the internet without their permission.
Cookies:
- These are the files on our computer that enables to remember our details
- When we visit a website, it can place a file called cookies on our computer. This enables the websites to remember our details and track our results.
- It can be a threat to confidentiality but not to our data.
Key logging:
- It is a process of security recording keystrokes by an unauthorized third party.
- It is often used by malware to steal usernames, passwords and many other sensitive data.
Security Attacks
Any actions that compromise the security of information.
There are two types of security attacks:
- Passive attacks
- Active attacks
Passive attacks:
A passive attack attempts to monitor or make use of information from the system. The goal of the opponent is to obtain information that is being transmitted but does not affect system resources.
- The release of message content- telephonic transaction, email message.
- Traffic analysis- Opponents could determine the location and identify of the communicating host and observe frequency and length of the message.
Active attack:
The passive attack is a type of security attack which involves some modifications of the data stream or creation of false statements.
- Masquerade- When one entity pretends to be different entity
- Modification of message- Message is allowed or recorded.
- Repudiation- Sender/Receiver can deny later that he or she has sent or received.
- Replay- It involves the passive captures of messages and resends it multiple times to produce authorized effect.
- Denial of service- This attack may have a specific target to disable the network or overload it by message.
This article on Vulnerabilities and Threats in Distributed System is contributed by Hemalatha P. If you like TheCode11 and would like to contribute, you can also write your article and mail to thecode11info@gmail.com
