They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons but regardless of the motives for their existence, they create a vulnerability. They may exist for many reasons, including by original design or from poor configuration.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of these categories below:Ī backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. Vulnerabilities can be researched, reverse-engineered, hunted, or exploited using automated tools or customized scripts. An exploitable vulnerability is one for which at least one working attack or " exploit" exists. Most of the vulnerabilities that have been discovered are documented in the Common Vulnerabilities and Exposures (CVE) database. Vulnerabilities and attacks Ī vulnerability is a weakness in design, implementation, operation, or internal control. Iran responded by heavily investing in their own cyberwarfare capability, which they began using against the United States.
Computer network security in hindi pdf windows#
įor example, in 2007, the United States and Israel began exploiting security flaws in the Microsoft Windows operating system to attack and damage equipment used in Iran to refine nuclear materials. NSAs employees and contractors have been recruited at high salaries by adversaries, anxious to compete in cyberwarfare. In 2016, NSAs own hacking tools were hacked and have been used by Russia and North Korea. agencies and close allies, but eventually the tools made their way to foreign adversaries. NSA contractors created and sold "click-and-shoot" attack tools to U.S. The offensive strategy worked for a while, but eventually other nations, including Russia, Iran, North Korea, and China have acquired their own offensive capability, and tend to use it against the United States.
Computer network security in hindi pdf software#
The agency seldom takes defensive action by reporting the flaws to software producers so they can eliminate the security flaws. The agency analyzes commonly used software in order to find security flaws, which it reserves for offensive purposes against competitors of the United States. Correcting security flaws makes the flaws unavailable for NSA exploitation. Collecting intelligence includes exploiting security flaws to extract information, which is an offensive action. Protecting information systems includes evaluating software, identifying security flaws, and taking steps to correct the flaws, which is a defensive action. These two duties are in conflict with each other.
information systems and also for collecting foreign intelligence. The National Security Agency (NSA) is responsible for both the protection of U.S. However, by the second half of the 1970s, established computer firms like IBM started offering commercial access control systems and computer security software products. Although malware and network breaches existed during the early years, they did not use them for financial gain. Most often, threats came from malicious insiders who gained unauthorized access to sensitive documents and files. However, the 1970s and 1980s didn't have any grave computer threats because computers and the internet were still developing, and security threats were easily identifiable. While still relevant, many more elaborate frameworks have since been proposed. Ī 1977 NIST publication introduced the "CIA triad" of Confidentiality, Integrity, and Availability as a clear and simple way to describe key security goals. Ware's work straddled the intersection of material, cultural, political, and social concerns. The April 1967 session organized by Willis Ware at the Spring Joint Computer Conference, and the later publication of the Ware Report, were foundational moments in the history of the field of computer security.