1. Software Security Threats Threats have been an issue since computers began to be used widely by the general public

2. Types of Threats  Probes and Scans  Account Compromise  Packet Sniffing  Denial of service  Malicious Code  Spoofing

3. Probes and Scans  Attempts to gain access or discover information about remote computers

4. Account Compromise  Discovery of user accounts and their passwords

5. Packet Sniffing  Capturing data that is sent across a network that contains sensitive information like passwords

6. Denial of Service  Flooding a network with requests that can overwhelm it and make a computer slow down or crash

7. Malicious Code  Trojan Horses  Worms  Viruses

8. Trojan Horses  Hidden in legitimate programs or files that attackers have altered to do more than what is expected

9. Worms Self-replicating programs that spread with no human intervention

10. Viruses  Self-replicating programs that usually require some action on the part of the of the user to spread inadvertently to other programs

11. Types of Vulnerabilities  Default software installations  Ineffective use of authentication  Patches not applied  Too may open ports and services running  Not analyzing incoming packets  Backups not maintained and verified  Lack of protection against malicious code

12. Prevention from Vulnerabilities  Secure the Weakest Link  Use Choke Points  Limit Privileges  Provide Defense in Depth  Fail Securely  Leverage Unpredictability  Enlist the Users-educate users  Embrace Simplicity- keep it simple

13. Detection and Response  Detect Attacks close vulnerabilities  Be Vigilant read about attacks and install security packs and updates read about attacks and install security packs and updates  Watch the Watchers audit your own processes regularly

14. Conclusion  Security flaws are inevitable and will always exist. The only solution is to look for effective security processes to avoid risk.