Is your Personal or Business Computers at Risk? Network Security Issues and Concerns - A Look at Client-Side and Server-Side Attacks- Spear Phishing, Worms, Fake Websites
Types of Security Attacks
As a computer user, you should be aware of client-side and server-side network security attacks. These are the common types of problems that can affect you and your computer. When a PC has client-side issues, it is tied in with your computer and browser. Alternatively, server-side issues can be tied in with a website’s host, which are computer(s) in charge of fulfilling requests like displaying web pages or running particular programs.
The client-side attacks attempt to target vulnerabilities in certain computer applications. These could be tied in with email programs, page readers, word processing software, and other types of data related programs. Common issues are spear phishing and fake websites.
This type of client-side network security issue is associated with email attacks found with the Adobe PDF reader, QuickTime, Adobe Flash, and Microsoft Office. Opening up a document affected by this spear phishing technique exploits a person’s computer to client-side vulnerabilities. It can also cause further problems with the computer by simply opening a document and introducing additional viruses to your system. By doing so it allows the hacker access to the computer to steal personal files. They can also create a back door so they could come back and do additional damage or steal more information.
These fake websites are created to look like legitimate ones. A person clicks on it and provides information like logins, passwords or other personal information. At this point the information gathered by the bogus website stores this information and can possibly open that person’s PC to attack. These include SQL injection and other cross site scripting flaws.
An SQL injection attack is a technique that also takes advantage of non-validated programming code in user inputted forms. This is when SQL commands are passed into existing SQL code through the web. These commands are then executed to a backend database. This can go on unnoticed if precautions are not in place since the commands used are in typical SQL format. To prevent these issues, the program must be designed to remember what SQL signal commands are typical for particular functions. Aside from that, the incoming HTTP stream must be monitored closely for unwanted SQL signal commands.
Server-side network security issues can cause problems at the source of a web and database servers. Hackers find a way to gain access to a server’s system and manipulate, corrupt or steal data from within. Some of these problems include brute force password guessing, automated tools, Microsoft operating system worm attacks and PHP file Include attacks.
Brute Force Password Guessing
This is when an individual or special designed program attempts to log in a system by directly trying to guess the password. Most vulnerable have been Microsoft SQL and SSH servers.
Free Automated Tools
You never get something for nothing. These tools are designed to give the illusion that it can be useful, but its true motivation is to target custom Web application vulnerabilities, making it easy to infect websites.
Worm Attacks on Microsoft Windows Operating Systems
Once these computer worms invade a computer, they can spread additional malware and viruses to that system. Most common are Conflicker and Downadup worms. Past worm types include Sasser and Blaster.
PHP Remote File Include Attacks
This type of network security issue looks for an HTTP request with a link to a website so it can be used to increase attacks on a particular computer. It is easy for hackers to manipulate due to the problem of programmers neglecting to validate external variables – such as $_GET, $_POST with the file system function of Include. Novice programmers who do not put any validation into their code to check inputted information by users into a form are vulnerable to these types of attacks. Hackers are then able to access this code by remote access through a URL.
Knowledge is Power
A person can still feel safe to use their computer even though there are many network security issues. By being aware of these problems, a person or business can be more proactive in the protection of their computer(s) and have an extra dose of caution when dealing with the Internet and receiving documentation or software from unknown sources.
- Matrix image from Stk.xchng website.