threats vs. vulnerabilities
Working Group
Khlood ali alawaji 3051118
Rawan abd allah alamri 3051013
ohood zaid alamri 3051061
Hadeel mohammed alseahli 3051114
threats vs. vulnerabilities
Threat :
The term “threat” refers to the source and means
of a particular type of attack. A threat assessment is performed to determine
the best approaches to securing a system against a particular threat, or class
of threat. Penetration testing exercises are substantially focused on assessing
threat profiles, to help one develop effective countermeasures against the
types of attacks represented by a given threat. Where risk assessments focus
more on analyzing the potential and tendency of one’s resources to fall prey to
various attacks, threat assessments focus more on analyzing the attacker’s
resources.
Vulnerability
The
term “vulnerability” refers to the security flaws in a system that allow an
attack to be successful. Vulnerability testing should be performed on an
ongoing basis by the parties responsible for resolving such vulnerabilities,
and helps to provide data used to identify unexpected dangers to security that
need to be addressed. Such vulnerabilities are not particular to technology —
they can also apply to social factors such as individual authentication and
authorization policies
Difference Between Threat & Vulnerability
A vulnerability is a weakness or flaw found in software and
operating systems that threats try to exploit. Threats are malicious files or
programs that attack an application's or operating system's vulnerability to
gain access to your computer. A vulnerability is essentially a weakness, or
Achilles' heel, found in a program. Threats come in many forms, depending on
their mode of attack. From viruses to Trojans, spyware and bots, threats have
evolved into sophisticated programs intended to harm computers
Security Threats , and Vulnerabilities
Security Threats :
Information is the key asset in most organizations. Companies gain
a competitive advantage by knowing how to use that information. The threat
comes from others who would like to acquire the information or limit business
opportunities by interfering with normal business processes.
The object of security is to protect valuable or sensitive
organizational information while making it readily available. Attackers trying
to harm a system or disrupt normal business operations exploit vulnerabilities
by using various techniques, methods, and tools. System administrators need to
understand the various aspects of security to develop measures and policies to
protect assets and limit their vulnerabilities.
Natural Disasters:
Nobody can stop nature from taking its course. Earthquakes,
hurricanes, floods, lightning, and fire can cause severe damage to computer
systems. Information can be lost, downtime or loss of productivity can occur,
and damage to hardware can disrupt other essential services. Few safeguards can
be implemented against natural disasters. The best approach is to have disaster
recovery plans and contingency plans in place. Other threats such as riots,
wars, and terrorist attacks could be included here. Although they are
human-caused threats, they are classified as disastrous.
Human Threats:
1- Malicious threats
consist of inside attacks by disgruntled or malicious employees and outside
attacks by non-employees just looking to harm and disrupt an organization.
Malicious attackers normally will have a specific goal, objective,
or motive for an attack on a system. These goals could be to disrupt services
and the continuity of business operations by using denial-of-service (DoS)
attack tools. They might also want to steal information or even steal hardware
such as laptop computers. Hackers can sell information that can be useful to
competitors.
Disgruntled employees can create both mischief and sabotage on a
computer system. Organizational downsizing in both public and private sectors
has created a group of individuals with organizational knowledge who may retain
potential system access. System managers can limit this threat by invalidating
passwords and deleting system accounts in a timely manner. However, disgruntled
current employees actually cause more damage than former employees. Common
examples of computer-related employee sabotage include:
·
Changing data
·
Deleting data
·
Destroying data or
programs with logic bombs
·
Crashing systems
·
Holding data hostage
·
Destroying hardware or
facilities
·
Entering data
incorrectly
2- Non-malicious threats
usually
come from employees who are untrained in computers and are unaware of security
threats and vulnerabilities. Users who open up Microsoft Word documents using
Notepad, edit the documents, and then save them could cause serious damage to
the information stored on the document.
Users, data entry clerks, system operators, and
programmers frequently make unintentional errors that contribute to security
problems, directly and indirectly. Sometimes the error is the threat, such as a
data entry error or a programming error that crashes a system. In other cases,
errors create vulnerabilities. Errors can occur in all phases of the system
life cycle.
gives a theoretical model that can be used to determine the various
threats, goals, methods, and vulnerabilities used in an attack.
threats
|
Motives /goals
|
Methods
|
Security policies
|
• Employees
• Malicious • Ignorant • Non-employees • Outside attackers • Natural disasters • Floods |
• Deny services
• Steal information • Alter information • Damage information • Delete information |
• Social engineering
• Viruses, Trojan horses, worms • Packet replay • Packet modification • IP spoofing • Mail bombing • Various hacking tools |
•
Vulnerabilities
• Assets • Information and data • Productivity • Hardware • Personnel |
Security Vulnerabilities
a malicious attacker uses a method to exploit vulnerabilities in order to achieve a goal.
Vulnerabilities are weak points or loopholes in security that an attacker
exploits in order to gain access to the network or to resources on the network . the vulnerability is not the attack, but
rather the weak point that is exploited. Some weak points are:
Passwords
Password selection will be a contentious point as long as users
have to select one. The problem usually is remembering the correct password
from among the multitude of passwords a user needs to remember.
Protocol design
Communication protocols sometimes have
weak points. Attackers use these to gain information and eventually gain access
to systems. Some known issues are:
- TCP/IP. The TCP/IP protocol stack has some weak points that
allow:
- IP
address spoofing
- TCP
connection request (SYN) attacks
Telnet
The Telnet protocol allows a user to log onto a
system over the network and use that system as though the user was sitting at a
terminal that was directly connected. The telnet command provides a user
interface to a remote system. When using the Microsoft telnet client to log on
to the Microsoft Windows 2000 Telnet service, it uses the NTLM protocol to log
the client on. Problems arise when integrating Microsoft systems and UNIX
systems. When logging on to a system from a Microsoft telnet client to UNIX
TELNET daemon service or vice versa, the user name and password are sent over
the network in plain text. Since the user name and password characters are not
encrypted, it is possible for an electronic eavesdropper to capture a user name
and password for a system for which a telnet connection is being established.
File Transfer Protocol (FTP)
As with Telnet, if the FTP service is
running and users need to send or retrieve information from a secure location
then user names and passwords are transmitted in clear text.
Asynchronous transfer mode (ATM)
Security can be compromised
by what is referred to as "manhole manipulation"—direct access to
network cables and connections in underground parking garages and elevator
shafts..
Device administration
Switches and routers are
easily managed by an HTTP interface or through a command line interface.
Coupled to the use of weak passwords (for example, public passwords), it allows
anybody with some technical knowledge to take control of the device.
Modems
Modems have become standard features on many desktop computers.
Any unauthorized modem is a serious security concern. People use them not just
to connect to the Internet, but also to connect to their office so they can
work from home. The problem is that a modem is a means of bypassing the
"firewall" that protects a network from outside intruders. A hacker
using a "war dialer" tool to identify the modem telephone number and
a "password cracker" tool to break a weak password can gain access to
the system. Due to the nature of computer networking, once a hacker connects to
that one computer, the hacker can often connect to any other computer in the network.
non-malicious
threat (ignorant employees).
An employee known here as John Doe copies games and other
executables from a 1.44 MB disk onto his local hard drive and then runs the
executables. Unfortunately, the games contained various viruses and Trojan
horses. The organization had not yet deployed any anti-virus software. After a
short time, John Doe and other employees began to notice strange and unforeseen
events occurring on their computers, causing disruption of services and
possible corruption of data. The following figure explains the various
vulnerabilities that existed and the loss in assets that are involved.
Example:
natural disasters
An organization has various modems
and Integrated Services Digital Network (ISDN) router installations and does
not have surge protection. During a thunderstorm, lightning strikes the
telephone and ISDN lines. All modems and ISDN routers are destroyed, taking
with them a couple of motherboards. The following diagram shows the
vulnerability and the loss of assets.
Conclusion
Malicious attackers will use
various methods, tools, and techniques to exploit vulnerabilities in security
policies and controls to achieve a goal or objective. Non-malicious attacks
occur due to poor security policies and controls that allow vulnerabilities and
errors to take place. Natural disasters can occur at any time, so organizations
should implement measures to try to prevent the damage they can cause
Many of life's failures are people who
did not
realize how close they were
to success when they gave up.
|
Reference