Premium Essay

Common Forms of Attacks on Microsoft Systems

In:

Submitted By SLATE
Words 584
Pages 3
COMMON FORMS OF ATTACKS ON MICROSOFT SYSTEMS
Corey Slate
ISSC342
Professor Peter Mylonakos
American Public University
July 13, 2014

COMMON FORMS OF ATTACKS ON MICROSOFT SYSTEMS Ever since the Microsoft Company was founded in 1975, they have been working in the computer industry with one mission on their minds. The ability to enable people and businesses throughout the world to realize their full potential by creating technology that transforms the way people work, play, and communicate (Microsoft, 2014). Throughout the company’s journey to accomplish their mission they have had great success being a front runner in the development of operating systems for personal computers and even branching out into the mobile device world of today. With their many successes, however, as come some small setbacks that have caused the company problems in the past, the present, and surely in the future as well. What are these setbacks that can frustrate a major company like Microsoft, the answer is technology. The Microsoft Company has been using the advances in technology to lead their company to the top of the personal computer operating systems world for over a decade. They have developed many types of operating systems with many different versions to appease the different types of people and companies that require their operating systems to function on a daily level. However, with technology advancing attackers, or hackers, use the new technology to seek and exploit weaknesses in computer systems or computer networks. Computer systems and network attackers each have their own different reasons for their attacks, but they always use one or more of the same forms of attacks to accomplish their goals, whether it be information gathering to complete corruption or even destruction of data and / or the whole network itself. According to Michael Solomon’s book,

Similar Documents

Premium Essay

Issc342 Assignment 1

...1. Discuss common forms of attack on Microsoft systems using the text Internet, and/or your job as reference for full credit. When considering the security of a system you will need to determine all the possible threats, vulnerabilities, and attacks. You will also need to consider the appropriate tradeoffs between security on one hand, and usability and cost on the other. A threat is the possibility of system compromise. For example, a threat could be the potential for unauthorized people to gain access to sensitive information, such as credit card information or health records. Microsoft (2005) Threats usually involve confidential information. An attack takes advantage of an existing vulnerability. For example, suppose a malicious user knows that some users have weak passwords and tries guessing them until gaining access to restricted resources. It is important to realize the different types of security attacks you might encounter. Once you understand these, you will learn the appropriate countermeasures to take. Microsoft (2005) The three main types of attacks are: Disclosure of data, Corruption of data, and Denial of service. Disclosure refers to unauthorized or inappropriate access to sensitive data. This is probably the most common form of attack. An example of disclosure is a file that holds confidential payroll information. If this file finds its way into the hands of someone who should not be privy to the data, then the data has been disclosed. Data corruption is mainly...

Words: 496 - Pages: 2

Premium Essay

Lab 8 Assessment

...about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have.  2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users. 3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to constructed pages with malicious code. They can also spoof the pages with the intent to steal credentials from users accessing the pages. This attack is a security vulnerability, which the web application dynamically generates a response using non-sanitized data from client scripts, like Java scripts or VB script, in the data sent to the server and will send back a page with the script. 4. What common...

Words: 849 - Pages: 4

Premium Essay

Hgfhg

...online security includes protection of information and property from theft, corruption, or threats attack, while allowing the information and property to remain accessible and productive to its intended users. The term online system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The basic aim of this article is to Prevention against unauthorized security Attack and Threats. Introduction Computer technology is more and more ubiquitous; the penetration of computer in society is a welcome step towards modernization but society needs to be better equipped to grapple with challenges associated with technology. New hacking techniques are used to penetrate in the network and the security vulnerabilities which are not often discovered create difficulty for the security professionals in order to catch hackers. The difficulties of staying up to date with security issues within the realm of IT education are due to the lack of current information. The recent research is focused on bringing quality security training combined with rapidly changing technology. Online networking security is to provide a solid understanding of the main issues related to security in modern networked computer systems. This covers underlying concepts and foundations of computer security, basic knowledge about security-relevant...

Words: 1669 - Pages: 7

Premium Essay

Cyber Crime

...Cyber Crime Computer crime encompasses a broad range of activities. Generally, however, it may be divided into two categories: (1) crimes that target computers directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.[citation needed] Crimes that primarily target computer networks or devices include:  Computer viruses  Denial-of-service attacks  Malware (malicious code) Crimes that use computer networks or devices to advance other ends include:  Cyberstalking  Fraud and identity theft  Information warfare  Phishing scams Malware From Wikipedia, the free encyclopedia Beast, a Windows-based backdoorTrojan horse. Malware, short for malicious software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.[1] 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.[2] Malware includes computer viruses, worms, trojan horses, spyware, adware, and other malicious programs. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.[3][4] Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not noticed before release. However, some malware...

Words: 3033 - Pages: 13

Free Essay

Death Penalty

...Project Part 2: Vulnerabilities in Information Technology (IT) Security To begin,   what’s security vulnerability? Most people think this would be an easy question to answer, but in fact it turns out not to be. This article discusses the definition used by the Microsoft Security Response Center (MSRC) to categorize the variety of issues we examine every day. An unintended flaw in software code or a system that leaves it open to the potential for exploitation in the form of unauthorized access or malicious behavior such as viruses, worms, Trojan horses and other forms of malware. Also referred to as security exploits, security vulnerabilities can result from software bugs, weak passwords or software that’s already been infected by a computer virus or script code injection, and these security vulnerabilities require patches, or fixes, in order to prevent the potential for compromised integrity by hackers or malware. Vulnerabilities a. re what information security and information assurance professionals seek to reduce. Cutting down vulnerabilities provides fewer options for malicious users to gain access to secure information. Computer users and network personnel can protect computer systems from vulnerabilities by keeping software security patches up to date. These patches can remedy flaws or security holes that were found in the initial release. Computer and network personnel should also stay informed about current vulnerabilities in the software they use and seek out ways...

Words: 1350 - Pages: 6

Premium Essay

Computer Tricks

...information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification designed to immerse the learner in an interactive environment where they will learn how to scan, test, hack and secure information systems. Ideal candidates for the C|EH program are security professionals, site administrators, security officers, auditors or anyone who is concerned with the integrity of a network infrastructure. The goal of the Ethical Hacker is to help the organization take...

Words: 61838 - Pages: 248

Free Essay

Developer

...Abstract— Computer viruses are widely recognized as a significant computer threat. The “birth rate” of new viruses is high and increasing due to global connectivity, and technology improvements can accelerate their spread. In response to this threat, some contemporary research efforts are aimed at creating computer virus immune systems. This paper analyses the computer viruses and attacks and also some countermeasures to prevent them. In particular, we discuss Intrusion Detection and Prevention techniques for handling web based attacks and to patch up different kinds of vulnerabilities in computer system. I. INTRODUCTION Web based system makes the next way of computing. Global prosperity and even faster pace of business are driving the desire for employees, partners and customers to able to communicate from different location in this world. With this phenomenal growth of computing devices, the threat of viruses is likewise growing. New platforms such as MAC OS of Apple and Microsoft Windows are highly attractive targets to virus and Trojan writers. As technology in the world of networking industries advances, virus writers have plenty of room for growth. Worse thing is security measures such as firewalls and virus scanners i.e. antivirus softwares are not widely used. The future may be even worse. With distributed programming platforms such as .NET, combine with Microsoft’s Windows platform the potential for viruses is even greater. II. OVERVIEW OF THREATS AND POTENTIAL...

Words: 4071 - Pages: 17

Premium Essay

Week 1

...necessary to secure the authentication method to safeguard the system against varied forms of security threats like password cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and reply attacks. Additionally, if there share resources on the network with alternative organization in which information is exchange. Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability (Whitman & Mattord, 2013). No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated users. Identification...

Words: 1038 - Pages: 5

Free Essay

E-Security Review

...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...

Words: 13936 - Pages: 56

Premium Essay

Pc Security

...Security Threats and Countermeasures patterns & practices J.D. Meier, Microsoft Corporation Alex Mackman, Content Master Srinath Vasireddy, Microsoft Corporation Michael Dunner, Microsoft Corporation Ray Escamilla, Microsoft Corporation Anandha Murukan, Satyam Computer Services Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BizTalk, IntelliSense, MSDN, Visual Basic, Visual C#, Visual C++, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © 2003 Microsoft Corporation. All rights reserved. Version 1.0 6/30/2003 The names of actual companies...

Words: 83465 - Pages: 334

Premium Essay

Network Systems

...Networking operating system It is the software that runs on a server and enables the server to manage data, users, groups, security, applications, and other networking functions.[2] The network operating system is designed to allow shared file and printer access among multiple computers in a network, typically a local area network (LAN), a private network or to other networks. The most popular network operating systems are Microsoft Windows Server 2003, Microsoft Windows Server 2008, UNIX, Linux, Mac OS X, and Novell NetWare. Multiuser File Sharing A network operating system manages concurrent requests from clients and provides the security necessary in a multiuser environment. A file sharing component is installed in each client machine that interacts with the server to share files and applications as well as devices on the network such as printers, faxes and modems. Peer-to-Peer In a Peer-to-peer network operating system users are allowed to share resources and files located on their computers and access shared resources from others. A peer-to-peer network sets all connected computers equal; they all share the same abilities to utilize resources available on the network. Client/Server Client/server network operating systems allow the network to centralize functions and applications in one or more dedicated file servers. The server is the center of the system, allowing access to resources and instituting security. The network operating system provides the mechanism...

Words: 1924 - Pages: 8

Free Essay

Future of Technology

...IT-330 Abstract Once before there was a business profit speed breaker called Macro Virus, and today it is still prevalent to a lesser extent, even though; Microsoft did do something about it, to where it is under control, but; still very much around. (Brightub articles 2011) .explains the well knows macro virus was a stark reminder of its disastrous power. In today’s world of technology computer viruses attack the software of a computer- the operating system usually attacks the software. (Microsoft /TechNet 2011), states the macro virus is known as a written virus in the internal macro language of applications. In some cases macro virus can cause no damage to the data, however; in other cases, macros viruses have been written that can cause damage to your work. This paper explains. What macro viruses are? How they spread. What affect they have? How to avoid a macro virus How to protect your computer What are Macro viruses…..? A macro virus is a computer infraction written in macro language, which is commonly built into word processing applications. (Goggle 2011, pg., 1) In general, Marcos viruses are a series of commands and executions that help automate specific tasks. Regardless of how many they create, they must be executed by a system that is able to interpret stored commands. There are some macro systems that are actually self-contained utilities while others are built into more advanced applications for users to easily repeat a sequence of commands or enable...

Words: 2341 - Pages: 10

Premium Essay

Database Security Plan

...Contents Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9 User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16 Database Vulnerabilities 29 Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67 Auditing Policies 69 SQL Server 2014 Audit Report Generation 78 Database Security Architecture Differences between a database and a DBMS When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that server specific purposes. To further expound on this premise, a database management system or DBMS, and sometimes called a database manager, is a software application that is used for creating one or more databases. It allows for the user access and manages request...

Words: 8566 - Pages: 35

Premium Essay

Computer Security

...CHAPTER 3 CO M P U TE R A N D I NT E R N E T C R IME QUOTE In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that that computer has ever linked up to. —Dennis Miller, Saturday Night Live, U.S. television show VIGNETTE Treatment of Sasser Worm Author Sends Wrong Message Unleashed in April 2004, the Sasser worm hit IT systems around the world hard and fast. Unlike most computer viruses before it, the Sasser worm didn’t spread through e-mail, but moved undetected across the Internet from computer to computer. It exploited a weakness in Microsoft Windows XP and Windows 2000 operating systems. By the first weekend in May, American Express, the Associated Press, the British Coast Guard, universities, and hospitals reported that the Sasser worm had swamped their systems. Computer troubles led Delta Airlines to cancel 40 flights and delay many others. Microsoft quickly posted a $250,000 reward, and by mid-May, authorities apprehended Sven Jaschen, a German teenager. Jaschen confessed and was convicted after a three-day trial. Jaschen could have received up to five years in prison, but because he was tried as a minor, the court suspended his 21-month sentence, leaving him with only 30 hours of community service. Copyright © 2007 by Thomson Course Technology. All rights reserved. This publication is protected by federal copyright...

Words: 18526 - Pages: 75

Premium Essay

Unix, Linux, and Windows Server Critique

...UNIX, Linux, and Windows Server Critique Abstract The following sections in this paper focus on analyzing operating systems for Riordan Manufacturing Inc. that specializes in plastic molding and design. Team B concentrated on five main areas of UNIX, Linux, and Windows Server. The five areas include Security, Administration, Networking, Performance, and Programmability. The team explains the existing systems, followed by comparing advantages and disadvantages of each operating system. The comparisons provide insight for Riordan’s IT specialist and administration considering which system to implement. Interesting topics that relate to security weaknesses, and advantages that UNIX® and Linux® compare against the operating giant, Microsoft Windows Server®. Security At the present time, Riordan Manufacturing’s network configurations consist of a heterogeneous UNIX and Windows environment. UNIX has been around for more than 40 years and is known for its’ robust power and scalability. According to the Open Group, “Security, which is often seen as a weakness for UNIX-based systems, is ensured using dedicated communication lines and secure communications protocols, along with strict authentication procedures” (para. 42). This means UNIX, just like Windows, requires configurations to make it a more secure system. Setting up file permissions, user access controls, as well as shutting down network services not currently active are just a few of the ways that help close the gap...

Words: 2750 - Pages: 11