Factors that influence Information Security

Information security for home users comprises of

Confidentiality: Information should be available only for the users who are authorized to access it.

Integrity: Information should be modified only by persons who has right to modify it.

Availability: Information should be available for authorized users when there is a need to access it.

Information or data is disclosed to unauthorized persons by below mentioned methods:

1. Malware

2. Spyware

3. Buffer overflow attacks

4. DOS and DDOS

5. Unprotected file sharing

6. Cross-site scripting

7. Email spoofing

8. Email viruses

9. Active x controls, JavaScript

10. Internet Relay Chat clients

Malware (Malicious software in short) is a program which is designed to cause damage or to gain access to a remote system without relying on vulnerabilities.

Spyware is software that is installed on a remote system on accessing a compromised website or an insecure system which is used to capture screenshots or keystrokes (key loggers) of a user.

Buffer overflow is a condition which occurs due to insufficient bounds checking of a program. It is a kind of software vulnerability. This occurs when a malicious user tries to insert data beyond the boundaries of fixed length buffer.

DoS or DDoS attack is an attack where the aim of the attacker is to make the resource unavailable for legitimate users. This is achieved by sending large number of external communication requests which results in consumption of available bandwidth.

Unprotected file sharing using a weak password over network results in compromise of the file sharing mechanism in windows which can be utilized by viruses and worms to spread over the entire network. Disable the file sharing if not required or use a strong password mechanism to prevent unauthorized access.

Cross-site scripting is a condition where a compromised or malicious website or a web application allows code injection by malicious users which results in site phishing attacks or browser exploitation to gain control over the attacked computer.

Email spoofing is a technique where a user receives a mail that looks as if it came from a legitimate source but was actually sent from another source.

Example: Emails claiming credit card numbers, passwords etc.

Email viruses come from attached files when a user clicks on the attachment that is not from a legitimate source.

Active x controls, JavaScript may contain scripts or controls that may harm your computer and compromise it.

Internet Relay Chat clients are mainly designed for discussions over forums and channels which also allows private communication. IRC communication can also result in DoS attacks.

To reduce the risk of the above mentioned attacks we need to harden our operating systems accordingly