Threats

This article discusses threats, explaining what they are and how they can affect network traffic.

A threat is any circumstance or event with the potential to adversely impact data or systems via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. Threats may involve intentional actors (e.g., attacker who wants to access information on a server) or unintentional actors (e.g., administrator who forgets to disable user accounts of a former employee.)  Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area.

A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is an event or situation initiated or caused by a threat source that has the potential for causing adverse impact.

Many threats against data and resources are possible because of mistakes—either bugs in operating system and applications that create exploitable vulnerabilities, or errors made by end users and administrators.  

Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:

  • Eavesdropping. Information remains intact, but its privacy is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information.
  • Tampering. Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume.
  • Impersonation. Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
    • Spoofing. A person can pretend to be someone else. For example, a person can pretend to have the email address jdoe@example.net, or a computer can identify itself as a site called www.example.net when it is not. This type of impersonation is known as spoofing.
    • Misrepresentation. A person or organization can misrepresent itself. For example, suppose the site www.example.net pretends to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods.

Original Document Information

Original Document Information

  • Author(s): Joint Task Force Transformation Initiative
  • Title: National Institute of Standards and Technology (NIST) Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments
  • Last Updated Date: September 2012
  • Copyright Information: This document is not subject to copyright.

Original Document Information

  • Author(s): Karen Scarfone, Wayne Jansen, and Miles Tracy
  • Title: National Institute of Standards and Technology (NIST) Special Publication 800-123, Guide to General Server Security
  • Last Updated Date: July 2008
  • Copyright Information: This document is not subject to copyright.

Document Tags and Contributors

 Contributors to this page: chrisdavidmills, kscarfone
 Last updated by: chrisdavidmills,