Software failures of any kind may cause your system to fail, open your system to penetration or simply make the system so unreliable that it can't be trusted to work properly and efficiently. Even if individual hardware and software components are secure, an entire system can be compromised if the hardware components are connected improperly or if the software isn't installed correctly.
-Media vulnerabilities: Back up media, such as disk packs, tape reels, cartridges, and printouts, can be stolen or can be damaged by dust and stray magnetic and electromagnetic fields.
-Emanation vulnerabilities: All electronic equipment emits electrical and electromagnetic radiation. Electronic eavesdroppers can intercept the signal emanating from computers, networks, and wireless system, and decipher them. The information stored and transmitted by the systems and networks then becomes vulnerable.
-Communication vulnerabilities: If your computer is attached to a network or it can be accessed by a dial-in modem or over the Internet, you greatly increase the risk that someone will penetrate your system. Messages can be intercepted, mis routed and forged. Communications lines connecting computers to each other, or connecting terminals to a central computer, can be tapped or physically damaged. Radio transmissions, the basis of wireless interconnections such as blue tooth are particularly susceptible to interception.
-Human vulnerabilities: The people who administer and use your computer system represent the greatest vulnerability of all..
- Natural and physical threats: These threats imperil every physical plant and piece of equipment: fires, floods, power failures, and other disasters. You can't always prevent all, but you can find out quickly when one occurs. With fire alarms, temperature gauges, and surge protectors you can minimize the chance that the damage will be severe. You can also backing up critical data off-site and by arranging for the use of a backup system that can be used if an emergency does occur.
- Unintentional Threats: Ignorance creates dangers, for example, a user or a system administrator who hasn't been trained properly, who hasn't read the documentation, and who doesn't understand the importance of following proper security procedures. The protection on the password file or on critical system software can solve this problem, also locking out programs and applications that need to access that data
- Intentional Threats: These kind of people come in two varieties. outsiders and insiders.
Outsiders: Include a number of different categories:
-Foreign Intelligence agents: these kind of intruders use sophisticated encryption devices and attack installations where classified information is stored.
-Terrorist: There have been attacks on university computers, various DOD networks, and websites, court buildings. The government worries so do airlines, oil companies, and other business that protect information vital to the National interest. Often these attacks coincide with national holidays or protest.
-Criminals: computer crime is lucrative and unlike many other types of crimes for example stole identities, credit card numbers, or social security numbers for sale and use for other people.
-Corporate raiders: memos and informal messages have become more vulnerable than ever to attack by competitors.
-Crackers: These are intruders break down system for the pleasure of break the security and interest in the challenge that represent to defeat the system. These intruders don't do it for monetary or political interest.
80 percent of system penetrations are by fully authorized users who abuse their access privileges to perform unauthorized functions.
Insiders: There are a number of different types of insiders. The fired or disgruntled employee might be trying to steal or looking for revenge. The coerced employee might have been blackmailed or bribed by foreign or corporate enemy agents. The insider might be an operator, a system programmer, or even a casual user who is willing to share a password. The lazy person who doesn't learn how to encrypt the emails, or he doesn't bother to change the password, leave sensitive information in piles on the desk and floor and ignores the paper shredder.
COUNTERMEASURES
There are many different types, but some of them could be:
-Passwords and auditing of security actions, and administrative procedures such as back ups.
-Encrypt the data in mails or other kind of messages.
-Protect your physical computer equipment from damage by natural disasters and intruders.
Use different kind of new technologies to protect your software, EX. Norton programs.
No comments:
Post a Comment