Information Security Threat Categories

Subscribe to my newsletter and never miss my upcoming articles

Listen to this article

Information Security Threats categories are as follows:

Network Threats The primary components of network infrastructure are routers, switches, and firewalls. These devices not only perform routing and other network operations, but they also control and protect the running applications, servers, and devices from attacks and intrusions. The poorly configured device offers intruders to exploit. Common vulnerabilities on the network include using default installation settings, open access controls, Weak encryption & Passwords, and devices lacking the latest security patches. Top network-level threats include:

Information gathering Sniffing & Eavesdropping Spoofing Session hijacking Man-in-the-Middle Attack DNS & ARP Poisoning Password-based Attacks Denial-of-Services Attacks Compromised Key Attacks Firewall & IDS Attacks Host Threats Host threats are focused on system software; Applications are built or running over this software such as Windows 2000, .NET Framework, SQL Server, and others. The Host Level Threats includes:

Malware Attacks Footprinting Password Attacks Denial-of-Services Attacks Arbitrary code execution Unauthorized Access Privilege Escalation Backdoor Attacks Physical Security Threats Application Threats The best practice to analyze application threats is by organizing them into the application vulnerability category. Main threats to the application are:

Improper Data / Input Validation Authentication & Authorization Attack Security Misconfiguration Information Disclosure Broken Session Management Buffer Overflow Issues Cryptography Attacks SQL Injection Improper Error handling & Exception Management

Share this