Security attack refers to a process whereby a person compromise your computer by installing harmful malicious software in your computer

without your knowledge. These malicious software includes viruses, spywares, adwares, and trojan horses. These software often deletes certain vital files on your computer, making your computer to function abnormally, spying on your online surfing habits, and cause advertisements to pop up on your screen when you are online.

Web definitions o

(security mechanisms) Elements of software, firmware, hardware, or procedures included in a system used to satisfy the security requirements for that system. o A technical tool or technique that is used to implement a security service. A mechanism might operate by itself, or in conjunction with others, to provide a particular service. Examples of security mechanisms include access control lists, cryptography, and digital signatures.
Example for active and passive attack

Internet security threats/vulnerabilities are divided into passive and active attacks. Examples of passive attacks are: network analysis, eavesdropping and traffic analysis. Active attacks include: brute-force attack, masquerading, packet replay, message modification, unauthorized access through the Internet or web-based services, denial of service, dial-in penetration attacks, e-mail bombing and spamming, and e-mail spoofing.
Well I wrote the article about viruses and said that I will write this article about the types of attacks and how to protect yourself against these attacks. There are alot of different attacks but I'm going to cover only these: Eavesdropping Snooping Interception Modification Attacks Repudiation Attacks Denial-of-service (DoS) Attacks Distributed denial-of-service (DDoS) Attacks Back door Attacks Spoofing Attacks Man-in-the-Middle Attacks

Replay Attacks Password Guessing Attacks

Eavesdropping - This is the process of listening in or overhearing parts of a conversation. It also includes attackers listening in on your network traffic. Its generally a passive attack, for example, a coworker may overhear your dinner plans because your speaker phone is set too loud. The opportunity to overhear a conversation is coupled with the carelessness of the parties in the conversation. Snooping - This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper tracked to your bulletin board. Computer snooping on the other hand, involves someone searching through your electronic files trying to find something interesting. Interception - This can be either an active or passive process. In a networked environment, a passive interception might involve someone who routinely monitors network traffic. Active interception might include putting a computer system between sender and receiver to capture information as it is sent. From the perspective of interception, this process is covert. The last thing a person on an intercept mission wants is to be discovered. Intercept missions can occur for years without the knowledge of the intercept parties. Modification Attacks - This involves the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. These attacks can be very hard to detect. The motivation of this type of attack may be to plant information, change grades in a class, alter credit card records, or something similar. Website defacements are a common form of modification attacks. Repudiation Attacks - This makes data or information to appear to be invalid or misleading (Which can even be worse). For example, someone might access your email server and inflammatory information to others under the guise of one of your top managers. This information might prove embarrassing to your company and possibly do irreparable harm. This type of attack is fairly easy to accomplish because most email systems don't check outbound email for validity. Repudiation attacks like modification attacks usually begin as access attacks. Denial-of-service Attacks - They prevent access to resources by users by users authorized to use those resources. An attacker may try to bring down an e-commerce website to prevent or deny usage by legitimate customers. DoS attacks are common on the internet, where they have hit large companies such as Amazon, Microsoft, and AT&T. These these attacks are often widely publicized in the media. Several types of attacks can occur in this category. These attacks can deny access to information, applications, systems, or communications. A DoS attack on a system crashes the operation system (a simple reboot may restore the server to normal operation). A common DoS attack is to open as many TCP sessions as possible; This type of attack is called TCP SYN flood DoS attack. Two of the most common are the ping of death and the buffer overflow attack. The ping of death operates by sending Internet control message protocol (ICMP) packets that are lrger than the system can handle. Buffer overflow attacks attempt to put more data into the buffer than it can handle. Code red, slapper and slammer are attacks that took advantage of buffer overflows, sPing is an example of ping of death. Distributed Denial-of-service Attacks - This is similar to a DoS attack. This type of attack amplifies the concepts of DoS attacks by using multiple computer systems to conduct the attack against a single organization. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and Cable. These permanently attached systems have little, if any, protection. The attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or Cable modems. The attack

program lies dormant on these computers until they get attack signal from the master computer. This signal triggers these systems which launch an attack simultaneously on the target network or system. Back door Attacks - This can have two different meanings, the original term back door referred to troubleshooting and developer hooks into systems. During the development of a complicated operating system or application, programmers add back doors or maintenance hooks. These back doors allow them to examine operations inside the code while the program is running. The second type of back door refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker. The program may allow a certain user to log in without a password or gain administrative privileges. A number of tools exist to create a back door attack such as, Back Orifice (Which has been updated to work with windows server 2003 as well as erlier versions), Subseven,NetBus, and NetDevil. There are many more. Fortunately, most anti-virus software will recognize these attacks. Spoofing Attacks - This is an attempt by someone or something to masquerade as someone else. This type of attack is usually considered as an access attack. The most popular spoofing attacks today are IP spoofing and DNS spoofing. The goal of IP spoofing is to make the data look like it came from a trusted host when it really didn't. With DNS spoofing, The DNS server is given information about a name server that it thinks is legitimate when it isn't. This can send users to a website other than the one they wanted to go to. Man-in-the-Middle Attacks - This can be fairly sophisticated, This type of attack is also an access attack, but it can be used as the starting point of a modification attack. This involves placing a piece of software between a server and the user that neither the server administrators nor the user are aware of. This software intercepts data and then send the information to the server as if nothing is wrong. The server responds back to the software, thinking it's communicating with the legitimate client. The attacking software continues sending information to the server and so forth. Replay Attacks - These are becoming quite common, This occur when information is captured over a network. Replay attacks are used for access or modification attacks. In a distributed environment, logon and password information is sent over the network between the client and the authentication system. The attacker can capture this information and replay it later. This can also occur security certificates from systems such as kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system, and circumvent any time sensitivity. Password Guessing Attacks - This occur when an account is attacked repeatedly. This is accomplished by sending possible passwords to an account in a systematic manner. These attacks are initially carried out to gain passwords for an access or modification attack. There are two types of password guessing attacks: - Brute-force attack: Attempt to guess a password until a successful guess occurs. This occurs over a long period. To make passwords more difficult to guess, they should be longer than two or three characters (Six should be the bare minimum), be complex and have password lockout policies. - Dictionary attack: This uses a dictionary of common words to attempt to find the users password. Dictionary attacks can be automated, and several tools exist in the public domain to execute them. Well, there you have it, the only way basically to prevent these types of attacks is to get a good firewall, anti-virus software, and a good Intrusion Detection System (IDS). Tell your firewall to drop ICMP packets, that will prevent ICMP flooding. I will write another article in which I will cover only TCP and UDP attacks such as: Sniffing Port Scanning TCP Syn or TCP ACk Attack

TCP Sequence number attack TCP Hijacking ICMP Attacks Smurf Attacks ICMP Tunelling

Malware Malware, short for malicious software, is software designed to secretly access a computer system without the owner's informed consent

What Is a Bot (or Zombie)?

A 'bot' is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a 'bot' are generally referred to as 'zombies'. There are literally tens of thousands of computers on the Internet which are infected with some type of 'bot' and don't even realize it. Attackers are able to access lists of 'zombie' PC's and activate them to help execute DoS (denial-ofservice) attacks against Web sites, host phishing attack Web sites or send out thousands of spam email messages. Should anyone trace the attack back to its source, they will find an unwitting victim rather than the true attacker. What is Intruder?
Process Name: Intruder Process Owner: Unknown

Description:
Intruder refers to a keylogger spyware program. Its main function is to log keystrokes made on infected computers. Once it has gathered enough data, the info (which often includes passwords and usernames) gets sent to the author's remote servers for further review. The Intruder spyware is also capable of monitoring online chats, sites visited, applications used and general online activity.

Recommendation:
Nobody wants their every move watched. That is just what the Intruder spyware does. This program should be disabled and deleted upon discovery to ensure PC stability and security. An application filter can be used to block Intruder's communication and render it inoperative. Intruder finds protected systems tough to attack and often fail to install. Improve PC protection to keep Intruder at a safe distance. Experiencing Intruder related errors?

Run a WINDOWS REGISTRY SCAN NOW to find out whats wrong. Malicious Software Indicator:
Spyware?: Yes Virus?: No Trojan?: No

Why your PC may be at risk with Intruder:

Is It a System Process?: No Does It Use the Network?: Yes Is It Hardware Related?: No Does It Eat Up Valuable PC Memory?: N/A

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management [1] Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor [1] expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily [1] focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security [1] policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes [1] have become a necessary addition to the security infrastructure of nearly every organization.

Statistical anomaly-based IDS

A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal). [edit]Signature-based
[2]

IDS

Signature based IDS monitors packets in the Network and compares with pre-configured and predetermined attack patterns known as signatures. The issue is that there will be lag between the new threat discovered and Signature being applied in IDS for detecting the threat. During this lag time your IDS will be unable to identify the threat. [edit]Limitations
[2]

Noise can severely limit an Intrusion detection system's effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate.
[3]

It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored.
[3]

Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies.
[3]

Hashing Algorithm
The key in public-key encryption is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value. Here's a simple example:

Input number 10,667

Hashing algorithm Input # x 143

Hash value 1,525,381

You can see how hard it would be to determine that the value 1,525,381 came from the multiplication of 10,667 and 143. But if you knew that the multiplier was 143, then it would be very easy to calculate the value 10,667. Public-key encryption is actually much more complex than this example, but that's the basic idea. Public keys generally use complex algorithms and very large hash values for encrypting, including 40-bit or even 128128 bit numbers. A 128-bit number has a possible 2 , or 3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000 different combinations -- this would be like trying to find one particular grain of sand in the Sahara Desert.

Symmetric Key
Just like two Spartan generals sending messages to each other, computers using symmetric-key encryption to send information between each other must have the same key. In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message.

Caesar's Cipher Julius Caesar also used a similar substitution technique, shifting three letters up. If he wanted to say "CROSSING THE RUBICON," for instance, he'd write down "FURVV LQJWK HUXEL FRQ" instead. As you can see, the text is also broken up into even groups in order to make the size of each word less obvious.
Think of it like this: You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense. The same goes for computers, but, of course, the keys are usually much longer. The first major symmetric algorithm developed for computers in the United States was the Data Encryption Standard (DES), approved for use in the 1970s. The DES uses a 56-bit key. Because computers have become increasingly faster since the '70s, security experts no longer consider DES secure -- although a 56-bit key offers more than 70 quadrillion possible combinations (70,000,000,000,000,000), an attack of brute force (simply trying every possible combination in order to find the right key) could easily decipher encrypted data in a short while. DES has since been replaced by the Advanced Encryption Standard (AES), which uses 128-, 192- or 256-bit keys. Most people believe that AES will be a sufficient encryption standard for a long time coming: A 128-bit key, for instance, can have more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations [source: CES Communications].

Public Key Encryption

One of the weaknesses some point out about symmetric key encryption is that two users attempting to communicate with each other need a secure way to do so; otherwise, an attacker can easily pluck the necessary data from the stream. In November 1976, a paper published in the journal IEEE Transactions on Information Theory, titled "New Directions in Cryptography," addressed this problem and offered up a solution: public-key encryption. Also known as asymmetric-key encryption, public-key encryption uses two different keys at once -- a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. This makes the system extremely secure, because there is essentially an infinite number of prime numbers available, meaning there are nearly infinite possibilities for keys. One very popular public-key encryption program is Pretty Good Privacy (PGP), which allows you to encrypt almost anything.

The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.
To implement public-key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is basically a unique piece of code or a large number that says that the Web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other.