Software Security Threats

1
Software Security Threats

• Threats have been an issue since computers began
  to be used widely by the general public

2
Types of Threats

• Probes and Scans
• Account Compromise
• Packet Sniffing
• Denial of service
• Malicious Code
• Spoofing

3
Probes and Scans

• Attempts to gain access or discover information
  about remote computers

4
Account Compromise

• Discovery of user accounts and their passwords

5
Packet Sniffing

• Capturing data that is sent across a network that
  contains sensitive information like passwords

6
Denial of Service

• Flooding a network with requests that can
  overwhelm it and make a computer slow down or
  crash

7
Malicious Code

• Trojan Horses
• Worms
• Viruses

8
Trojan Horses

• Hidden in legitimate programs or files that
  attackers have altered to do more than what is
  expected

9
Worms

• Self-replicating programs that
• spread with no human intervention

10
Viruses

• Self-replicating programs that usually require
  some action on the part of the of the user to
  spread inadvertently to other programs

11
Types of Vulnerabilities

• Default software installations
• Ineffective use of authentication
• Patches not applied
• Too may open ports and services running
• Not analyzing incoming packets
• Backups not maintained and verified
• Lack of protection against malicious code

12
Prevention from Vulnerabilities

• Secure the Weakest Link
• Use Choke Points
• Limit Privileges
• Provide Defense in Depth
• Fail Securely
• Leverage Unpredictability
• Enlist the Users-educate users
• Embrace Simplicity- keep it simple

13
Detection and Response

• Detect Attacks
• close vulnerabilities
• Be Vigilant
• read about attacks and install security packs
  and updates
• Watch the Watchers
• audit your own processes regularly

14
Conclusion

• Security flaws are inevitable and will always
  exist. The only solution is to look for effective
  security processes to avoid risk.