Potential Vulnerabilities

Previous page
Table of content
Next page

Within the risk assessment process, you will gain an understanding of the potential vulnerabilities that affect the security of the information system in question. Some of these vulnerabilities are intentional while some are not. There will be some that were intended to gain access to a system's sensitive information while others are intended to simply destroy whatever information they come in contact with. The most common types of vulnerabilities include:

  • Malicious code

  • Data problems

  • Access problems

Malicious Code

Malicious code is software that is written with the intention of causing damage. Sometimes the damage is targeted to a particular individual or organization, but in most cases it is simply a mass attack against whoever comes in contact with the code. Malicious code usually comes from an outside source or is written directly by a person internal to an organization. These types of vulnerabilities all share a common goal: replication of itself across the network.

  • Trojan Horse   A Trojan horse is a piece of software intended to look like legitimate software. It performs a legitimate and expected function when executed. However, behind the legitimate functionality exists further functionality that is not expected by the victim. This could include installing a piece of back door software to allow remote access, creating new accounts on the system, or upgrading normal user accounts to administrator level accounts.

  • Viruses   A virus does not perform a useful function for anyone but the hacker. It is a piece of code whose primary purpose is to replicate itself by attaching itself to other files, usually executables. Viruses can be extremely damaging to an information system. Their code segments contain enough information to replicate and perform other damaging actions on the target system, such as deleting crucial operating system files. Some newer viruses are capable of replicating new versions of themselves that have slightly different signatures in an attempt to avoid detection. These types of viruses are called polymorphic viruses.

  • Worms   Worms are similar to viruses with the exception of the final goal of the program. Like a normal virus, worms replicate themselves in order to spread across the network. But whereas a virus intends to do damage to the system and files stored there, a worm is intended to consume all the resources on the system. This results in a server crash that cannot be remedied until the worm has been removed from the system.

  • Logic Bomb   Logic bombs are small programs that react to a specific condition on an information system. When a certain condition is met, the code is triggered and performs its intended function. An example would be a program written by an employee to check for their login on the system each day. If they do not log in within a particular period of time, the program executes itself. When the program executes itself, it erases core system files on the machine leaving it permanently damaged. Logic bombs can have any function when the specified condition is met.

Note 

For more information on malicious code, please refer to Chapter 8.

Data Problems

Other vulnerabilities exist that are not necessarily the results of someone trying to harm an organization. When data is not correctly controlled it can leak information the organization may not suspect. Even the smallest and seemingly inconsequential pieces of data could potentially be tied together to derive the bigger picture.

  • Certain information can be inferred by an intruder even if it was never explicitly revealed.

  • Sensitive information can be derived from memory space that is not cleared when a process completes processing or storing in that space.

  • Data can become contaminated if processes interfere with one another or memory space is not managed correctly within the program.

Access Problems

Access problems also occur in relation to applications. Some result due to the negligence or security ignorance of users. Others occur because the software code contains problems. Physical security also plays a part in the access problems surrounding applications.

  • Back Doors   Back doors provide a means of accessing a system that is not approved or authorized by the organization. Some back doors are included with the best of intentions, usually to help support customers having issues with the application. Other back doors are installed by a user without their knowledge and allow intruders access to their system.

  • Covert Channels   Covert channels are lines of communication that are opened between the application and another computer without the knowledge of the user. Covert channels are usually part of the back door program and provide a secret means to communicate with a remote system.

  • Physical Access   Physical access is another area of concern. Since many applications within an organization are critical to the organization's mission, physical access to the actual server should be limited to authorized personnel only. Allowing anyone physical access to the systems could result in access to the information within the system. Network security is just that, protection for critical information on a server by limiting access across the network. But physical access is not subject to network controls and it is just as easy for an individual to walk in and take a hard disk out of a server or walk off with an employee's laptop. Physical security should be considered in relation to how servers are isolated from unauthorized physical access. Locks, card readers, and other means of physical access control can protect organizational equipment from tampering or theft, and proper policies and training augment those things by ensuring employees really understand the physical threats that exist.

Physical security also covers environmental problems as well. Threats from storms, fires, and floods can knock out a facility, leaving an organization crippled. Servers and network equipment generate heat as they process data and the rooms they reside in can cause problems if they are not adequately cooled. Power surges caused by storms can burn out vital hardware if not protected by surge protectors and temporary power backup.


Previous page
Table of content
Next page
SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135
Authors: Jeffrey Posulns, Robert J. Shimonski, Jeremy Faircloth
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
VBScript Programmers Reference
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
GO! with Microsoft Office 2003 Brief (2nd Edition)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy