Question

security threats

briefly explain the meaning and possible countermeasures for each of the two.

1. Alteration

2. Denial of service

Answer 1

1.Alteration - Attackers usually insert some malicious files that change the configuration of a network or a system and also changes some important user credentials and gain access to sensitive data. This changes in the data is called as Alteration.

The possible countermeasures for Alteration is:

1. Enforcing encryption

  It is the process of translating data from one form into another that cannot be decrypted by unauthorized users. Without knowing the decryption key the hacker cannot read the data.

2.File integrity monitoring

It is the process of monitoring the files to check if any changes is made in the file. It assess system files and generates cryptographic checksum as a baseline.

3.Worm systems

write once read many systems , in this system the data once written cannot be rewritten or modified or erased.

4.Using HMAC

Hash based message authentication. In this when two or more parties exchage data through secure file transfer Protocols the data is accompanied by HMAC . It consists of shared key and a hash function. A shared secret key helps ensure authenticity of the data.

2. Denial of service

It is a type of attack which consists on reducing or cancelling the capacity of servers or the computing resources to provide service.

Countermeasures taken:

Network protective

since it is the entrance path to provided service so measures are taken in the network by installing routers between the network and the ISP so that security layer so that security layers such as accesss control list based on requesting Ip address and or firewall may be implemented.

Infrastructure protective

It is protecting of server and other network devices such as routers or switches. In such devices it is necessary to verify software status regularly. If software is not automatically updated the software version on each device must bethe most recent version capable of solving any detected security problem or vulnerability.

Web application protective

Fist step is to install any recently released security update as soon as possible . If application is specifically developed audits must be conducted in order to identify and solve any security problems. Beside this cpatcha system is advisable on website forms and also use TLS protocol.