Unit 11: System Security




          These  security  attacks  make  the  study  of  security  measures  very  essential  for  the  following   Notes
          reasons:
          1.   To prevent loss of data: You don’t want someone hacking into your system and destroying
               the work done by you or your team members. Even if you have good back-ups, you still
               have to identify that the data has been damaged (which can occur at a critical moment
               when a developer has an immediate need for the damaged data), and then restore the data
               as best you can from your backup systems.
          2.   To prevent corruption of data: Sometimes, the data may not completely be lost, but just be
               partially corrupted. This can be harder to discover, because unlike complete destruction,
               there is still data. If the data seems reasonable, you could go a long time before catching
               the problem, and cascade failure could result in serious problems spreading far and wide
               through your systems before discovery.
          3.   To prevent compromise of data: Sometimes it can be just as bad (or even worse) to have
               data revealed than to have data destroyed. Imagine the consequences of important trade
               secrets, corporate plans, financial data, etc. falling in the hands of your competitors.

          4.   To prevent theft of data: Some kinds of data are subject to theft. An obvious example is the
               list of credit card numbers belonging to your customers. Just about anything associated
               with money can be stolen.
          5.   To prevent sabotage: A disgruntled employee, a dishonest competitor, or even a stranger
               could  use  any  combination  of  the  above  activities  to  maliciously  harm  your  business.
               Because of the thought and intent, this is the most dangerous kind of attack, the kind that
               has the potential for the greatest harm to your business.

          11.3 Program Threats

          Any person, act, or object that poses a danger to computer security is called a threat. Any kind
          of policy, procedure, or action that recognizes, minimizes, or eliminates a threat or risk is called


          a  countermeasure. Any  kind of analysis that  ties-in  specific  threats to specific assets with an
          eye toward determining the costs and/or benefits of protecting that asset is called risk, or risk

          assessment.  Risk is always a calculated assumption made based on past occurrences.
          Threat, on the other hand, is constant.  Any kind of asset that is not working optimally and is
          mission-critical or essential to the organization, such as data that are not backed-up, is called a
          vulnerability, while anything imperfect is called a weakness. Any kind of counter measure that
          becomes fairly automated and meets the expectations of upper management is called a control,
          and there are many types of controls in a computer security environment, as well as threats, some
          of which are given below:
                                          Malicious Threats
           Category  Threat  OSI   Definition  Typical Be-  Vulnerabilities  Prevention  Detection  Countermea-

                        Layer             haviors                               sures

           Mali-  Virus  Applica-  Malicious   Replicates   All computers   Limit con-  Changes in file  Contain,
           cious       tion   software that   within com-  Common cat-  nectivity.   sizes or date/  identify and
           Software           attaches itself to  puter system,   egories  Limit down- time stamps   recover
                              other software.  potentially at-  Boot sector  loads   Computer is   Antivirus scan-
                              For example, a   taching itself to   Terminate   Use only   slow starting   ners- look for
                              patched soft-  every software   authorized   or slow run-  known viruses
                                                    and Stay
                              ware applica-  application   Resident   media for   ning   Antivirus moni-
                              tion in which   Behavior cat-  (TSR)   loading data  Unexpected   tors- look for
                              the patch’s   egories   Application   and software  or frequent   virus related
                              algorithm is   Innocuous   software   Enforce   system failures  application
                              designed to                   mandatory        behaviors
                                        Humorous  Stealth (or   Change of
                              implement the   Data alter-  access con-  system date/  Attempt to
                              same patch on   ing   Chameleon)   trols. Viruses  time   determine
                              other applica-      Mutation   generally   Low computer  source of infec-
                              tions, thereby   Cata-  engine   cannot run   memory or   tion and issue
                              replicating.  strophic   Network   unless host   increased   alert
                                                  Mainframe  application
                                                                    bad blocks on
                                                            is running  disks
                                           LOVELY PROFESSIONAL UNIVERSITY                                   203