Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Do you know your cyberthreats?

The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.

Since a GAO report late last year showed reports of security incidents from federal agencies have increased more than 650% over the past five years, the need for a community of help on the cybersecurity front is needed.

MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft

Inside the current report, the GAO included a list and definitions of some of the more common, and perhaps some not-so-common, security exploits that federal agencies and private firms are hit with. Here's the list:

• Cross-site scripting: An attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.

• Denial-of-service: An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

• Distributed denial-of-service: A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

• Logic bomb: A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

• Phishing: A digital form of social engineering that uses authentic-looking -- but fake -- e-mails to request information from users or direct them to a fake website that requests information.

• Passive wiretapping: The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

• SQL injection: An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

• Trojan horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

• Virus: A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

• War driving: The method of driving through cities and neighborhoods with a wireless-equipped computer -- sometimes with a powerful antenna -- searching for unsecured wireless networks.

• Worm: A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

• Zero-day exploit: An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed time frame between public discoveries of both makes it difficult to defend against.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IRS, IRS, LAN
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cross-site scripting, cybercrime, cybersecurity, legal, logic bomb, malware, security, Trojan horse
Latest Blog Posts
Whitepapers
  • Optimised Data Protection for VMware® Environments with Symantec NetBackup™ Appliances
    VMware® remains the most widely deployed virtualisation solution. The explosive growth of VMware infrastructure in organisations both large and small has enabled corporations to more fully exploit their hardware investments. With multiple virtual machines running on few physical hardware nodes, hardware costs are reduced, as well as space, power, and cooling requirements. This white paper discusses in more detail how VMware environments can be protected with the NetBackup appliances. Read more.
    Learn more »
  • IDC Forecast: Worldwide Purpose - Built Backup Appliance 2011 – 2015, Forecast Update: Explosive Growth in 2011
    This IDC Forecast Update provides share positions for revenue and raw capacity for nine named PBBA vendors for the first half of 2011. In addition, this study provides the market size and a five-year forecast for the worldwide PBBA market as part of IDC's Storage Solutions coverage. The five-year forecast includes total factory revenue and raw capacity in terabytes through 2012. The worldwide PBBA market covers both open system-and mainframe-attached products.
    Learn more »
  • The State of Data Security
    Recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites. Understand the compliance issues involved, and identify data protection strategies you can use to keep your company’s information both safe and compliant.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.