CHARACTERISTICS OF COMPUTER INTRUSION AND KINDS OF SECURITY BREACHES
1.CHARACTERISTICS OF COMPUTER INTRUSION
The target of a crime involving computers may be any piece of the computing system.A computing system is a collection of hardware,software,storage media,data,and persons that an organization uses to do computing tasks.Whereas the obvious target of a bank robbery is cash,a list of names and addresses of depositors might be valuable to a competing bank.The list might be on paper,recorded on a magnetic medium,stored in internal computer memory,or transmitted electronically across a medium such as a telephone line.This multiplicity of targets makes computer security difficult.
In any security system,the weakest point is the most serious vulnerability.A robber intent on stealing something from your house will not attempt to penetrate a two-inch thick metal door if a window gives easier access.A sophisticated perimeter physical security system does not compensate for unguarded access by means of a simple telephone line and a modem.The“weakest point”philosophy can be restated as the following principle.
Principle of Easiest Penetration.An intruder must be expected to use any available means of penetration.This will not necessarily be the most obvious means,nor will it necessarily be the one against which the most solid defense has been installed[1].
This principle says that computer security specialists must consider all possible means of penetration,because strengthening one may just make another means more appealing to intruders[2].We now consider what these means of penetration are.
2.KINDS OF SECURITY BREACHES
In security,an exposure is a form of possible loss or harm in a computing system;examples of exposures are unauthorized disclosure of data,modification of data,or denial of legitimate access to computing.A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.A human who exploits a vulnerability perpetrates an attack on the system.Threats to computing systems are circumstances that have the potential to cause loss or harm;human attacks are examples of threats,as are natural disasters,inadvertent human errors,and internal hardware or software flaws[3].Finally,a control is a protective measure—an action,a device,a procedure,or a technique一that reduces a vulnerability.
The major assets of computing systerns are hardware,software,and data.There are four kinds of threats to the security of a computing system:interruption,interception,modification,and fabrication.The four threats all exploit vulnerabilities of the assets in computing systems.These four threats are shown in Fig. 18-1.
更多软考资料请访问:考试吧软件水平考试栏目
希望与更多网友交流,请进入考试吧软件水平考试论坛
