SSL Comparison: Assurance Levels
There are three levels of assurance for SSL certificates: These by themselves against Cyber Warfare are usless.
1. Highest Assurance: The highest trust assurance is boosted by EV SSL certificates. You need to verify your domain along with personal and Organization verification.
2. Medium Assurance: Here comes Organization Validation (OV) SSL. You need to verify your domain and organization’s identity.
3. Low Assurance: Domain Validated SSL is the most basic form of encryption that requires domain verification.
To me, this is just useless Jargon. This is for the security of the Internet. A joke. Security of the internet like any other asset of the USA should be in the government’s hands. SSL hasn’t made anyone’s computer safe.
\What did make us safe was the Government arrested thieves that were ransoming companies and personal computers for several years. So what is mentioned above is smoke and mirrors. Not one SSL license stops cyber crime or helps anyone to be secure on the internet.
What will help is Law enforcement and properly protecting the internet structure. Bad people get into our internet because the government allows them to do harm to Americans. It’s our internet. And there are products to control external access like SSL, but not by some flakey corporation that has no desire to abide by American ethics and laws. Security period is the responsibility of the government, not corporate neanderthal with his head in the stars managing stockholder’s dreams. This whole liberal approach of letting corporations govern us is destroying the fabric of America.
Until then, SSL offers some protection, but only if you have other security packages to protect where SSL is useless. So with that thought, the rest of this article will be about these half-hearted products, and with a group of them you might be protected until the next hacker finds another hole in your defenses.
Moving on, First of all, these are suggestions, not an end-all. If someone tells you they have a guaranteed solution, run as fast as you can out the back door. I have been at this for 40 years. I am now retired and am doing this to help some, but I am not current on everything today. Find a trusted cyber warfare “IT” guy and hang on to him.
This is Cyber Warfare
As the internet evolves and computer networks become bigger and bigger, network security has become one of the most important factors for companies to consider. Big enterprises like Microsoft are designing and building software products that need to be protected against foreign attacks.
By increasing network security, you may decrease the chance of privacy spoofing, identity or information theft, and so on. Piracy is a big concern to enterprises that are victims of its effects.
Anything from software, music, and movies to books, games, etc. are stolen and copied because security is breached by malicious individuals. The internet has a dark world like none other in our history. Its all One and Zeros and unless you catch them redhanded, they disappear like vaporware.
Because hacker tools have become more and more sophisticated, super-intelligence is no longer a requirement to hack someone’s computer or server. Of course, there are individuals that have developed sophisticated skills and know how to breach a user’s privacy in several ways, but these types of individuals are less common than in the past. Today any hacker can spend a few minutes online and find holes to get into where ever they please. There is money out there to even make it profitable.
Today, most malicious users do not possess a high level of programming skills and instead make use of tools available on the Internet. There are several stages that an attacker has to pass through to successfully carry out an attack and that info is readily available on the internet.
Types of Network Security Attacks
We can group network attacks by the skills possessed by the attacker. Based on these criteria we can divide attacks in two categories:
Unstructured – attacks made by unskilled hackers. Individuals behind these attacks use hacking tools available on the Internet and are often not aware of the environment they are attacking. These threats should not be neglected because they can expose precious information to malicious users.
Structured – attacks made by individuals who possess advanced computing skills. Such hackers are experts in exploiting system vulnerabilities. By gaining enough information about a company’s network, these individuals can create custom hacking tools to breach network security. Most structured attacks are done by individuals with good programming skills and a good understanding of operating systems, networking and so on.
Social engineering – another type of network attack. Malicious users take advantage of human’s credibility and often gain important information directly from their victims. They often call or send fraudulent emails to their victims pretending to be some other person entirely.
Phishing is a method that is pretty easy to implement by hackers. This paragraph from Wikipedia describes phishing attacks: “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. Entire sites are known to be duplicated by hackers in an attempt to steal precious information from users.
In today’s data networks there are many different types of attacks and each one requires special skills that hackers must poses in order to successfully crack into someone’s privacy:
Eavesdropping – is one of the common types of attacks. A malicious user can gain critical information from “listening” to network traffic. Because most communications are sent unencrypted, there are many cases in which traffic is susceptible to interception. The traffic can be analyzed using sniffing tools (also known as snooping) to read information as it is sent into the network. Wireless networks are more susceptible to interception than wired ones. Eavesdropping can be prevented by using encryption algorithms.
Dos and DDoS attacks (Denial of Service and Distributed Denial of Service attacks) – these attacks take advantage of network traffic to create abnormal behavior to network services or applications. Servers are often targeted and flooded with data until they become unreachable. Core network equipment can be blocked and thus prevent normal traffic from flowing into the network. Distributed denial of service attacks are more dangerous because attacks are made from multiple sources.
Password attacks – these attacks are based on cracking user or equipment passwords. They are one of the most feared network attacks because once a user is compromised, the whole network can be damaged, especially if we are talking about a domain user or network administrator.
Dictionary attacks use patterns to guess passwords in multiple attempts. Critical information can be gained by using a compromised username. This is one of the main reasons companies use strong passwords that are changed frequently.
Compromised-Key attack – by obtaining the private key of a sender, an attacker can decipher secured network traffic. This kind of attack is often hard to be carried out successfully because it requires good computing resources and skills.
Man-in-the-Middle attack – as the name implies, this attack is based on intercepting and modifying information between two transmitting nodes. A hacker can modify network routes to redirect traffic to its machine before it is carried out to the destination.
IP address spoofing – in this scenario hackers use spoofed IPs to impersonate a legitimate machine. The attacker can then modify packets making them look like legitimate traffic to the receiving network device.
Application-layer attacks – these attacks are based on cracking applications that run on servers or workstations. These types of attacks are common because there are many different applications that run on machines and are susceptible to attacks. Hackers use viruses, Trojans and worms to infect devices and gain important information.
Exploit attacks – these are usually made by individuals who possess strong computing skills and can take advantage of software bugs or misconfigurations. By having enough information of a specific software, hackers can “exploit” a particular problem and use it to gain access to private data.
These are the types of attacks that came to mind at the time of writing this blog post. If you think there are others that need to be mentioned here, don’t hesitate to leave a comment and share with us your knowledge. If you have enjoyed this article don’t forget to rate & share it to others. Enjoy your day and stay tuned for the following articles from PowerAdmin’s blog, Network Wrangler.
Author: Popescu Dan-Alexandru
Email: dancb10@gmail.com
Website: www.ittrainingday.com
Thanks for yourf info.
So we are sinful men and every day we face this evil world. Law and protection of American assets is the only way to protect us all. Your cyber warfare IT guy has to be faster than the internet.
Other articles on this site are Latest Cyber Info 2023 4USCyber back to life. Blame the world for UScyber
Other Websites http://sans.org What is Network Security? Defined, Explained, and Explored | Forcepointhttps://www.eccouncil.org/cybersecurity-exchange/network-security/how-to-prevent-network-security-attacks/
Danwillie’s Social Networking