http://www.computer-network-security-training.com Master Computer Security Basics, Anytime Sun, 05 Sep 2010 13:07:03 +0000 http://backend.userland.com/rss092 en Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control (MAC) address is changed by the attacker.  Also, called an ARP spoofing attacks, it is effective against both wired and wireless local networks.  Some of the things an attacker could perform from ARP poisoning attacks ... http://www.computer-network-security-training.com/what-is-arp-poisoning/ A Domain Name System (DNS) poisoning attack, also called DNS spoofing, is when an attacker is able to redirect a victim to different website than the address that he types into his browser.  For example, a user types www.google.com into their browser, but instead of being directed to Google’s servers ... http://www.computer-network-security-training.com/what-is-a-dns-poisoning-attack/ Spoofing is when an attacker pretends to be someone else in order gain access to restricted resources or steal information. This type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to ... http://www.computer-network-security-training.com/what-is-a-spoofing-attack/ Wi-Fi, also called wireless internet or a Wireless Local Area Network (WLAN), has increased the availability of internet access greatly. Unfortunately, it has also introduced new security concerns that are different than the vulnerabilities in wired networks. The standards for Wi-Fi were developed by Institute of Electrical and Electronics ... http://www.computer-network-security-training.com/why-wi-fi-is-vulnerable-to-attack/ A rainbow table is a used to break passwords that have been encrypted into a hash.  Rainbow tables are huge sets of precomputed hashes for nearly every possible combination of special characters, letters, and symbols. Password attacks that use brute force methods to break password may compute hash values on ... http://www.computer-network-security-training.com/what-is-a-rainbow-table/ Everyone is probably familiar with passwords.  Passwords are the most common access control method used by system administers to manage the usage of network resources and applications.   Usernames are entered along with a password when a user wants to login to a secure system.  The widespread use of passwords to ... http://www.computer-network-security-training.com/what-are-password-attacks/ Access control is the process of deciding who can use specific systems, resources, and applications.  An access control model is a defined set of criteria a system administrator utilizes to define system users’ rights. There are three main access control models. These are Mandatory Access Control (MAC), Discretionary ... http://www.computer-network-security-training.com/what-are-access-control-models/ Access control involves managing who has access to specific systems and resources at a given time.  The concept of access control revolves around the process comprised of three steps.  These steps are identification, authentication, and authorization.  Using these three principles a system administrator can control what resources are available to ... http://www.computer-network-security-training.com/what-is-access-control/ Environmental security, from a computer networking standpoint, involves protecting and controlling the facilities where your systems are stored. The benefits of well-constructed environmental security process can ensure that data is not lost or in the case of a system failure is able to restore critical functions.  Environmental security processes ... http://www.computer-network-security-training.com/what-is-environmental-security/ A hash, also called a digest, is a unique string of data.  A hash is created when a collection of information that you want to protect is run through a hash function.  The process of creating a hash is called hashing.  The resulting hash is unique to the original message ... http://www.computer-network-security-training.com/what-is-a-hash/ Using the technology of asymmetric or public key cryptography, a digital certificate is used to verify a user’s public key.  In other words, digital certificates ensure that a user is who he says he is and a website is who they say they are.  Verifying identities with digital certificates is ... http://www.computer-network-security-training.com/what-is-public-key-infrastructure/ Like digital certificates a digital signature is created with asymmetric or public-key cryptography. In the same way as signing your name to a document legally binds the document to you, a digital signature proves that a document belongs to a user. In addition, a digital signature provides other ... http://www.computer-network-security-training.com/what-is-a-digital-signature/ In order to fully understand digital certificates, learning a little about cryptography is helpful.  To learn the basics of cryptography go HERE. Digital certificates rely upon public key cryptography to operate.  Public key cryptography uses two mathematically related keys to secure data.  The first key is the private key of the ... http://www.computer-network-security-training.com/what-is-a-digital-certificate/ Cryptography is an important part of preventing private data from being stolen.  Even if an attacker were to break into your computer or intercept your messages they still will not be able to read the data if it is protected by cryptography or encrypted.  In addition to concealing the meaning ... http://www.computer-network-security-training.com/what-is-cryptography/ The number and sophistication of phishing scams sent to consumers is increasing rapidly. If you do not know what phishing is you can find out HERE. Because phishing uses social engineering to trick victims into responding to an email message or into visiting a fake site, one of ... http://www.computer-network-security-training.com/how-to-avoid-phishing-attacks/ Social engineering attacks are designed to trick or deceive victims into disclosing secure or private information.  A simple example of this type of attack is a recently fired information technology worker who is able to slip past security because they do not know that the former employee does not work ... http://www.computer-network-security-training.com/what-is-a-phishing-attack/ In the field of computers and networked communications, spyware has become a menace for lots of computer users and working professionals. Hence, it is essential to take certain precautions to counter spyware. It is important to use antivirus software that also offers protection against spyware. Update it regularly and permit it ... http://www.computer-network-security-training.com/tips-to-counter-spyware/ Remote Administration Trojans (RATs), sometimes called a remote administration tool, uses a Trojan as the delivery mechanism for a malicious  tool, which is used to remotely connect and manage a single or multiple computers. Many RATs mimic the functionality of legitimate remote control programs but are designed specifically for stealth installation ... http://www.computer-network-security-training.com/what-is-a-remote-administration-trojan/ There are a many of types spyware.  Some of them function solely as spyware, while other only contain features of spyware. Some of the frequently observed spyware types and their characteristics are: Browser session hijack: This spyware type tries to modify the browser settings of the user. There are various ways ... http://www.computer-network-security-training.com/common-types-of-spyware/ A Trojan horse is type of malware (malicious software) like viruses, worms, rootkits, and spyware.  However, unlike viruses and worms a Trojan horse is not able to create copies of itself or in tech speak, self-replicate. If you would like to know more about the other types of malware, read the ... http://www.computer-network-security-training.com/what-is-a-trojan-horse/