Client server network threat
Download as PPTX, PDF5 likes8,504 views
This document discusses security threats in client-server networks. It identifies several types of security risks like unauthorized access, insider threats, and intercepted communications. Specific threats to clients include viruses, worms, and Trojan horses, while threats to servers involve eavesdropping, denial of service attacks through overloading or packet modification. The document then outlines some methods to protect against these threats, such as trust-based security, security through obscurity, password schemes, and biometric systems.
Client server network threat
- 2. A security threat is a circumstance , condition , or event that causes a loss of or harm to data or network resources. This loss can be in form of destruction ,disclosure and modification of data, denial of services, fraud and waste. Organizations and businesses must secure themselves against such threats . The security solutions must be in the form of identification and authentication of users , encryption of all traffic from the application to the user , and access control to all information.
- 3. POSSIBLE POINTS OF ATTACKS
- 4. SECURITY RISKS Types of Security Risks Encountered on an Intranet and Extranet An unauthorized person, such as a contractor or visitor, might gain access to a company’s computer system. An employee or supplier authorized to use the system for one purpose might use it for another. For example, an engineer might break into the HR database to obtain confidential salary information. Confidential information might be intercepted as it is being sent to an authorized user. Users may share documents between geographically separated offices over the Internet or Extranet, or telecommuters accessing the corporate Intranet from their home computer can expose sensitive data as it is sent over the wire. Electronic mail can be intercepted in transit.
- 5. CLIENT-SERVER NETWORK SECURITY Security problems in a client-server environment: -Physical security :when unauthorized user gains physical access to computers by guessing the passwords of various users. -Software security : A software security breach occurs when program are compromised and made to execute operations which they should not be legally be doing. -Inconsistent usage : Assembling is a growing problem due to the complexity of the software and security gets compromised.
- 6. EMERGING THREATS 2 categories : Threats to Client Threat to Server Threats to Clients: -Virus :Attaches to an executable file, requires human action to spread. Some may cause only mildly annoying effects while others can damage your hardware, software or files. -Worm :Can replicate itself on system, does not require human action to spread.
- 7. -Trojan Horse :Appears useful but damages system, requires human action to run, do not self- replicate. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised
- 8. Threats to servers : -Unauthorized Eavesdropping :Hackers trap user names and unencrypted passwords sent over a network. -Denial of services : Where legitimate users are prevented from using a particular service due to the deliberate actions of attackers. Services can be denied by: -Service Overloading :Writing small looping program to send requests continually for a particular file. -Message Overloading :When someone sends a very large file , message box occupy all the space on the disk, causes disk to crash
- 9. -Packet modification : modifying or destroying a message packet. IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets.
- 10. METHODS TO PROTECT FROM SECURITY THREATS -Trust-based security: trusts everyone and does nothing extra to protect the network or restrict access to any data. -Security Through Obscurity (STO) :is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. -Password schemes :It can also break down when some common words or names are used as passwords. This scheme provides a high-level of security. -Biometric system :involves some identification aspects which are related to the human body such as voice recognition ,finger prints. Expensive to implement.