2. Threat
A potential for violation of security, which exists when there is
a circumstance, capability, action, or event that could breach
security and cause harm. That is, a threat is a possible danger
that might exploit a vulnerability.
A threat to a computing system is a set of circumstances that
has the potential to cause loss or harm.
2
3. Threat
Threat: an object, person, or other entity that represents a
constant danger to an asset
Management must be informed of the different threats facing
the organization
By examining each threat category, management effectively
protects information through policy, education, training, and
technology controls
3
5. 5
Threats to Info. Security
Threat Category Examples
Acts of human error or failure Accidents, employee mistakes
Intellectual property compromise Piracy, copyright infringement
Deliberate espionage or trespass Unauthorized access, data collection
Deliberate information extortion Blackmail of info. disclosure
Deliberate sabotage or vandalism Destruction of systems or info.
Deliberate theft Illegally taking equipment or info.
Deliberate software attacks Viruses, worms, denial of service
Forces of nature Fires, floods, earthquakes
Deviations in service from providers Power and Internet provider issues
Technological hardware failures Equipment failure
Technological software failures Bugs, code problems, unknown loopholes
Technological obsolescence Antiquated or outdated technologies 6
6. Vulnerability
A vulnerability is a weakness in the security system
1. Physical Vulnerability
2. Natural Vulnerability
3. Hardware and Software Vulnerability
4. Media Vulnerability
5. Human vulnerability
6
8. Attacks
An assault on system security that derives from an intelligent threat. That
is, an intelligent act that is a deliberate attempt (especially in the sense of
a method or technique) to evade security services and violate the
security policy of a system.
A human who exploits a vulnerability penetrates an attack on the system
9. Attacks (1)
• Act or action that exploits vulnerability (i.e., an
identified weakness) in controlled system
• Accomplished by threat agent which damages or
steals organization’s information
10. Attacks (2)
• Malicious code: launching viruses, worms, Trojan horses, and active
Web scripts aiming to steal or destroy info.
• Backdoor: accessing system or network using known or
previously unknown mechanism
• Password crack: attempting to reverse calculate a password
• Brute force: trying every possible combination of options of a
password
• Dictionary: selects specific accounts to attack and uses commonly
used passwords (i.e., the dictionary) to guide guesses
11. Security Attacks Categories
1. Passive Attacks
2. Active Attacks
A passive attack attempts to learn or make use of information
from the system but does not affect system resources.
An active attack attempts to alter system resources or affect
their operation.
11
19. Attack Categories : Interruption
In an interruption, an asset of the
system becomes lost, unavailable, or
unusable. An example is malicious
destruction of a hardware device,
erasure of a program or data file, or
malfunction of an operating system
file manager so that it cannot find a
particular disk file
20. Attack Categories : Interception
An interception means that some unauthorized
party has gained access to an asset. The outside
party can be a person, a program, or a computing
system. Examples of this type of failure are illicit
copying of program or data files, or wiretapping to
obtain data in a network. Although a loss may be
discovered fairly quickly, a silent interceptor may
leave no traces by which the interception can be
readily detected.
21. Attack Categories : Modification
If an unauthorized party not only accesses but
tampers with an asset, the threat is
a modification. For example, someone might
change the values in a database, alter a
program so that it performs an additional
computation, or modify data being transmitted
electronically. It is even possible to modify
hardware. Some cases of modification can be
detected with simple measures, but other, more
subtle, changes may be almost impossible to
detect.
22. Attack Categories : Fabrication
Finally, an unauthorized party might create
a fabrication of counterfeit objects on a
computing system. The intruder may insert
spurious transactions to a network
communication system or add records to an
existing database. Sometimes these additions
can be detected as forgeries, but if skillfully
done, they are virtually indistinguishable from
the real thing.
22
24. 3 “Biggest” Common Attack
The primary vulnerabilities for end-user computers are virus, worm, and Trojan
Horse attacks:
A virus is malicious software which attaches to another program to execute a
specific unwanted function on a computer.
A worm executes arbitrary code and installs copies of itself in the memory of the
infected computer, which then infects other hosts.
A Trojan Horse is an application written to look like something else. When a Trojan
Horse is downloaded and opened, it attacks the end-user computer from within.
