Web Pages and Computer Attacks

Technology has come of age and the more the advancements, the more prone it becomes to malicious individuals. Network and computer systems have become vulnerable to cybercrimes such as computer attacks. Computer attacks come in different types, some of them corrupt the computer data, others attacks or stole data from the computer while others cause shutting of the entire network. Computer attacks are categorized as active and passive attacks. Active attacks are the attacks that occur when the data has been completely deleted, changes have been made to the data or complete network destruction. Passive attacks occur when data transaction is monitored and used illegally for individual interests (Satalkar, 2011).

Active computer attacks include; virus, root kit, Trojan and worm. Viruses are dangerous attacks, which are maliciously installed on computers usually through external drives or some websites and infect the system files. Root kits are drivers used by hackers in accessing a computer system hence taking full control of the whole system. Trojan is an attack that may mask itself either in the screensaver, software or in the games. They are root kit and virus carriers. Worms attack the system by scanning the computer and copying themselves in the system infecting it repeatedly (Satalkar, 2011).

Passive computer attacks include; Eaves dropping, password attacks, service denial attacks, identity spoofing and Compromised Key Attack. Eavesdropping involves listening of the conversation between computer networks and other people access such network maliciously. Password attack is gaining access to a computer secret word and its network resources. Service denial involves the illegal denial of the user to full access of the system. Identity Spoofing involves gaining access to IP address leading to hacking of the data in the system. Compromised Key Attack is where the hacker identifies the secret key gaining access to the confidential data (Satalkar, 2011).

As compared to webpage attacks, computer attacks are more dangerous since this happens without the knowledge of the system owner. Webpage attacks occur when the server user visits a certain webpage. WebPages consists of different contents such as ads and other display, which makes the site look attractive (Provos et al, 2009). These components introduce vulnerabilities and hackers can gain full access of the computer. An example of a web attack is the malicious contents sent through email as spam messages. For the system to be attacked, the message in the spam must be opened followed by visiting the embedded link. Web servers are also targeted where malicious content is injected, for instance, the I FRAME. Anyone who visits the server is liable to be exploited. Computer attacks infect only the networked computers that are sharing information. They are more dangerous as compared to web pages since the whole data in the system can be destroyed, deleted and used for malicious interest (Provos et al, 2009).

Desktop and servers should be supported by pre-structured operational plans. It is crucial to ensure weekly server updates to security vulnerabilities, patch OS deficiencies and performance (Satalkar, 2011). In addition, updates should be applied on a daily basis for better security and performance. It has been noted that many security exploits are targeted to desktop; thus, proper patch management is necessary. Although security should go beyond the basic practices, restore capability, security updates, viable data back up and patches are critical components, which must be practiced in security data management.

A comprehensive backup management program is another critical activity in information security management. Different security measures can be applied to mitigate various types of attacks. Administrative controls also referred to as the procedural controls entail written procedures, policies, standards, and guidelines. Technical or logical controls apply data and software to control and monitor access to computing systems and information. This includes data encryption, passwords, access control lists, intrusion detection systems, antivirus software and firewalls. Physical control manages the working environment, computing facilities and provides control to the facilities. This may include air conditioning, locks, doors, cable locks, fire suppression systems, and fire and smoke alarms.