Network Security Threats
The traditional password scheme common in network authorization is notoriously insecure. Passwords can be easily broken, especially if they are weak; they can also be stolen using dictionary attacks, social engineering and through other means.
Unfortunately, existing security solutions such as firewalls, antivirus software, malware removal software and intrusion detection systems cannot protect against these types of threats. To effectively capture and handle the intricacies underlying threats such as these, more sophisticated technologies are needed.
Some other threats that networks are vulnerable to are described below.
Types of Threats
- Insider Attack: A situation in which an authorized user in a proprietary network behaves maliciously by abusing his privileges. For instance, when a bank employee transfers money into their personal account and attempts to conceal any trace of the transaction.
- Man-in-the-Middle Attack (MITM): A form of active eavesdropping in which the attacker is able to intercept and retransmit the communications between two parties by successfully impersonating each victim to the satisfaction of the other.
- Phishing Attack: An attempt to acquire sensitive information such as access credentials (i.e. user names and passwords) or credit card details by masquerading as a trustworthy site.
- Pharming Attack: An attempt to redirect a website’s traffic to another website that is under the control of the attacker, thereby allowing him to steal and exploit sensitive information.
- Dictionary Attack: Consists of guessing passwords by repeatedly sampling passwords from a large database of common terms and words.
- Social Engineering: Manipulating individuals into performing certain actions or divulging sensitive information such as passwords or access credentials.
Plurilock’s answer to these challenges is a layered approach to security that combines static authentication at the gate (i.e. login time) with continuous authentication (CA), where the user is monitored and authenticated repeatedly, passively and unobtrusively throughout their entire, logged-in session.