Security and threats

In a growing connected world, security threats are constantly evolving to find new ways to steal or damage data. For any organization and any inpidual who has an internet enabled system, it becomes very important to protect that information. Malicious or ignorant human activity are major threats to computers. Malicious action always has a goal to achieve and a specific target to be attacked.

Attackers generally have motives or goals. These motives and goals usually abide by the following formula:

Motive + Method + Vulnerabilities = Attack:

As the following diagram shows, security threats are driven either by humans or natural disasters. Threats driven by humans can be further categorized into external or internal threats, or can be put down to user ignorance. We will discuss each of these in detail:

Security vulnerabilities

A malicious attacker uses a method to find the resources of a target, finds known vulnerabilities of targeted resources, and then exploits vulnerabilities in order to achieve a goal. Vulnerabilities are weaknesses, misconfigurations or loopholes in security that an attacker exploits in order to gain access to the network or resources on the network.

Security vulnerabilities are not limited to web, SQL DB, or operating systems. The same approach goes for any infrastructure networking gears.

These are the three main categories:

• Technology weaknesses
• Configuration weaknesses
• Security policy weaknesses