We are independent & ad-supported. We may earn a commission for purchases made through our links.
EasyTechJunkie
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What are the Primary Online Security Threats?

By Dan Blacharski
Updated: May 16, 2024

Most security threats are made by attackers using a relatively small number of vulnerabilities. Attackers, being relatively opportunistic, take the path of least resistance, and continue to take advantage of these most common failures, rather than seeking out new exploits or taking advantage of more difficult ones. Fortunately, in many cases, their predictability makes it easier to prevent attack by following a few simple rules:

  • Apply regular updates and patches as they become available.
  • Employ security software and hardware such as firewalls and authentication servers.
  • Do not use default passwords and other values that are provided with your software.

According to the SANS Institute (SysAdmin, Audit, Network, Security Institute), the top ten threats are:

  • Web servers and services. Default HTTP (Web) servers have had several vulnerabilities, and numerous patches have been issued over the past several years. Make sure all your patches are up to date, and do not use default configurations or default demonstration applications. These vulnerabilities may lead to denial-of-service attacks and other types of threats.
  • Workstation service. An attacker can obtain full control over a computer by compromising the Windows Workstation service, which is normally used to route user requests.
  • Windows remote access services. A variety of remote access methods are included by default on most systems. These systems can be very useful, but also very dangerous, and an attacker with the right tools can easily gain control over a host.
  • Microsoft SQL Server (MSSQL). Several vulnerabilities exist in MSSQL that could allow an attacker to gain information from a database or compromise the server. In addition to applying all the latest patches, enabling SQL Server Authentication Logging and securing the server at both the network and system level will prevent most of these attacks.
  • Windows authentication. Most Windows systems use passwords, but passwords can be easily guessed or stolen. Creating stronger, more difficult to guess passwords, not using default passwords, and following a recommended password policy will prevent password attacks.
  • Web browsers. Your window to the Internet, a Web browser contains many vulnerabilities. Common exploits may include disclosure of "cookies" with personal information, the execution of rogue code that could compromise a system, and exposure of locally-stored files. Configuring the browser's security settings for a setting higher than the default value will prevent most Web browser attacks.
  • File sharing applications. Peer-to-peer (P2P) programs are commonly used to share files. In a P2P system, computers are open to others in the P2P network to allow for all participants to search for and download files from one another. Many corporations forbid use of P2P networks because of the obvious risk of compromised data.
  • LSAS exposures. The Windows Local Security Authority Subsystem (LSAS) has a critical buffer overflow that can be exploited by an attacker to gain control over the system. Again, proper configuration and application of patches will prevent most exploits.
  • Mail client. Attackers can use the mail client on a computer to spread worms or viruses, by including them as attachments in emails. Configuring the mail server appropriately, and blocking attachments such as .exe or .vbs files, will prevent most mail client attacks.
  • Instant messaging. Many corporations also block employees from using instant messaging, not only because of the technical threats but also because of the possibility of lost productivity. Configuring IM properly, applying all the latest patches, and taking control over any file transfers that occur over IM will prevent most attacks.
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
See our Editorial Process Share Feedback

Related Articles

Discussion Comments
By Rundocuri — On May 12, 2014

@talentryto- You should also monitor your credit report on a regular basis. If your security was breached in any way and your accounts were stolen and used by an identity thief, your credit report will show this activity so you can take prompt action.

By Talentryto — On May 11, 2014

A good rule of thumb to follow to avoid online security threats is to share as little personal information as possible. There are simple steps to take to help you follow this rule.

Don't use easy passwords that include your name, and don't give out your social security number when asked. You should never post information about vacations or traveling on social networking sites, and you should not give out your credit card number to online shopping sites that aren't reputable.

Share
https://www.easytechjunkie.com/what-are-the-primary-online-security-threats.htm
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.