Notes

1. CLIENT-SERVER NETWORK THREAT

2.  A security threat is a circumstance , condition , or
event that causes a loss of or harm to data or
network resources.
 This loss can be in form of destruction ,disclosure
and modification of data, denial of services, fraud
and waste.
 Organizations and businesses must secure
themselves against such threats . The security
solutions must be in the form of identification and
authentication of users , encryption of all traffic from
the application to the user , and access control to
all information.

3. POSSIBLE POINTS OF ATTACKS

4. SECURITY RISKS
 Types of Security Risks Encountered on an Intranet and
Extranet
 An unauthorized person, such as a contractor or visitor, might
gain access to a company’s computer system.
 An employee or supplier authorized to use the system for one
purpose might use it for another. For example, an engineer
might break into the HR database to obtain confidential salary
information.
 Confidential information might be intercepted as it is being
sent to an authorized user.
 Users may share documents between geographically
separated offices over the Internet or Extranet, or
telecommuters accessing the corporate Intranet from their
home computer can expose sensitive data as it is sent over
the wire.
 Electronic mail can be intercepted in transit.

5. CLIENT-SERVER NETWORK SECURITY
 Security problems in a client-server environment:
-Physical security :when unauthorized user gains
physical access to computers by guessing the
passwords of various users.
-Software security : A software security breach
occurs when program are compromised and made to
execute operations which they should not be legally
be doing.
-Inconsistent usage : Assembling is a growing
problem due to the complexity of the software and
security gets compromised.

6. EMERGING THREATS
2 categories :
 Threats to Client
 Threat to Server
Threats to Clients:
-Virus :Attaches to an executable file, requires
human action to spread. Some may cause only mildly
annoying effects while others can damage
your hardware, software or files.
-Worm :Can replicate itself on system, does not
require human action to spread.

7.  -Trojan Horse :Appears useful but damages
system, requires human action to run, do not self-
replicate. Some Trojans are designed to be more
annoying than malicious (like changing
your desktop, adding silly active desktop icons) or
they can cause serious damage by deleting files
and destroying information on your system. Trojans
are also known to create a backdoor on your
computer that gives malicious users access to your
system, possibly allowing confidential or personal
information to be compromised

8.  Threats to servers :
-Unauthorized Eavesdropping :Hackers trap user
names and unencrypted passwords sent over a
network.
-Denial of services : Where legitimate users are
prevented from using a particular service due to the
deliberate actions of attackers.
Services can be denied by:
-Service Overloading :Writing small looping program
to send requests continually for a particular file.
-Message Overloading :When someone sends a very
large file , message box occupy all the space on the
disk, causes disk to crash

9.  -Packet modification : modifying or destroying a
message packet. IP Spoofing is a technique used
to gain unauthorized access to machines, whereby
an attacker illicitly impersonate another machine by
manipulating IP packets.

10. METHODS TO PROTECT FROM SECURITY
THREATS
-Trust-based security: trusts everyone and does nothing
extra to protect the network or restrict access to any data.
-Security Through Obscurity (STO) :is the belief that a
system of any sort can be secure so long as nobody
outside of its implementation group is allowed to find out
anything about its internal mechanisms.
-Password schemes :It can also break down when some
common words or names are used as passwords. This
scheme provides a high-level of security.
-Biometric system :involves some identification aspects
which are related to the human body such as voice
recognition ,finger prints. Expensive to implement.