Activity 1 Professional Organizations

1. The advantage in joining an organization is that an IT professional will expand his/her knowledge, learn more and also share his/her knowledge to others. It is somehow disadvantage if your commitment to that organization is needed and you also must obey rules and regulation of your organization.

2. On my own opinion, an IT professional should be a licensed one or should be certified. It is because being an It professional, a person must be licensed or certified on his/her field of expertise just like other professional. It is also the person's pride or affiliation if he/she is certified to be an IT professional.

3. If ever there is a certification or licensing in IT field maybe the title is registered IT professional.

Types of System Security Attacks

Malicious Code

Viruses and worms are related classes of malicious code; as a result they are often confused. Both share the primary objective of replication. However, they are distinctly different with respect to the techniques they use and their host system requirements. This distinction is due to the disjoint sets of host systems they attack. Viruses have been almost exclusively restricted to personal computers, while worms have attacked only multi-user systems.

http://csrc.nist.gov/publications/nistir/threats/section3_3.html

Back Door

A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci962304,00.html

Software cracking

Software cracking is the modification of software to remove protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.

http://en.wikipedia.org/wiki/Software_cracking

Denial-of-Service (DoS)

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

http://en.wikipedia.org/wiki/Denial-of-service_attack

Spoofing

Spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

http://en.wikipedia.org/wiki/Spoofing_attack

Spam

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

http://spam.abuse.net/overview/whatisspam.shtml

Man-in-the-Middle

In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Mail Bomb

In Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack.

http://en.wikipedia.org/wiki/E-mail_bomb

Buffer Overflow

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security.

http://en.wikipedia.org/wiki/Buffer_overflow

Timing Attack

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.

http://en.wikipedia.org/wiki/Timing_attack