Saturday, December 29, 2012







  threats vs. vulnerabilities








Working Group


Khlood  ali alawaji                           3051118
Rawan abd allah alamri                    3051013
ohood zaid alamri                            3051061
Hadeel mohammed alseahli              3051114













 threats vs. vulnerabilities





Threat :




The term “threat” refers to the source and means of a particular type of attack. A threat assessment is performed to determine the best approaches to securing a system against a particular threat, or class of threat. Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one’s resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker’s resources.


Vulnerability
The term “vulnerability” refers to the security flaws in a system that allow an attack to be successful. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities, and helps to provide data used to identify unexpected dangers to security that need to be addressed. Such vulnerabilities are not particular to technology — they can also apply to social factors such as individual authentication and authorization policies


 


Difference Between Threat & Vulnerability

Difference Between Threat, Vulnerability and Risk

A vulnerability is a weakness or flaw found in software and operating systems that threats try to exploit. Threats are malicious files or programs that attack an application's or operating system's vulnerability to gain access to your computer. A vulnerability is essentially a weakness, or Achilles' heel, found in a program. Threats come in many forms, depending on their mode of attack. From viruses to Trojans, spyware and bots, threats have evolved into sophisticated programs intended to harm computers





Security Threats , and Vulnerabilities


Security Threats :

Information is the key asset in most organizations. Companies gain a competitive advantage by knowing how to use that information. The threat comes from others who would like to acquire the information or limit business opportunities by interfering with normal business processes.

The object of security is to protect valuable or sensitive organizational information while making it readily available. Attackers trying to harm a system or disrupt normal business operations exploit vulnerabilities by using various techniques, methods, and tools. System administrators need to understand the various aspects of security to develop measures and policies to protect assets and limit their vulnerabilities.



Cc723507.secthr01(en-us,TechNet.10).gif





Natural Disasters:
Nobody can stop nature from taking its course. Earthquakes, hurricanes, floods, lightning, and fire can cause severe damage to computer systems. Information can be lost, downtime or loss of productivity can occur, and damage to hardware can disrupt other essential services. Few safeguards can be implemented against natural disasters. The best approach is to have disaster recovery plans and contingency plans in place. Other threats such as riots, wars, and terrorist attacks could be included here. Although they are human-caused threats, they are classified as disastrous.


Human Threats:

1- Malicious threats 
consist of inside attacks by disgruntled or malicious employees and outside attacks by non-employees just looking to harm and disrupt an organization.
Malicious attackers normally will have a specific goal, objective, or motive for an attack on a system. These goals could be to disrupt services and the continuity of business operations by using denial-of-service (DoS) attack tools. They might also want to steal information or even steal hardware such as laptop computers. Hackers can sell information that can be useful to competitors.

Disgruntled employees can create both mischief and sabotage on a computer system. Organizational downsizing in both public and private sectors has created a group of individuals with organizational knowledge who may retain potential system access. System managers can limit this threat by invalidating passwords and deleting system accounts in a timely manner. However, disgruntled current employees actually cause more damage than former employees. Common examples of computer-related employee sabotage include:
·         Changing data
·         Deleting data
·         Destroying data or programs with logic bombs
·         Crashing systems
·         Holding data hostage
·         Destroying hardware or facilities
·         Entering data incorrectly



 2- Non-malicious threats 
usually come from employees who are untrained in computers and are unaware of security threats and vulnerabilities. Users who open up Microsoft Word documents using Notepad, edit the documents, and then save them could cause serious damage to the information stored on the document.
Users, data entry clerks, system operators, and programmers frequently make unintentional errors that contribute to security problems, directly and indirectly. Sometimes the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, errors create vulnerabilities. Errors can occur in all phases of the system life cycle.


gives a theoretical model that can be used to determine the various threats, goals, methods, and vulnerabilities used in an attack.
Cc723507.secthr02(en-us,TechNet.10).gif


The following table gives some examples

threats
Motives /goals
Methods
Security policies
• Employees
• Malicious
• Ignorant
• Non-employees
• Outside attackers
• Natural disasters
• Floods
• Deny services
• Steal information
• Alter information
• Damage information
• Delete information
• Social engineering
• Viruses, Trojan horses, worms
• Packet replay
• Packet modification
• IP spoofing
• Mail bombing
• Various hacking tools
• Vulnerabilities
• Assets
• Information and data
• Productivity
• Hardware
• Personnel




Security Vulnerabilities


 a malicious attacker uses a method to exploit vulnerabilities in order to achieve a goal. Vulnerabilities are weak points or loopholes in security that an attacker exploits in order to gain access to the network or to resources on the network  . the vulnerability is not the attack, but rather the weak point that is exploited. Some weak points are:

Passwords
 Password selection will be a contentious point as long as users have to select one. The problem usually is remembering the correct password from among the multitude of passwords a user needs to remember. 

Protocol design
 Communication protocols sometimes have weak points. Attackers use these to gain information and eventually gain access to systems. Some known issues are:
  • TCP/IP. The TCP/IP protocol stack has some weak points that allow:
  • IP address spoofing
  • TCP connection request (SYN) attacks

 Telnet

The Telnet protocol allows a user to log onto a system over the network and use that system as though the user was sitting at a terminal that was directly connected. The telnet command provides a user interface to a remote system. When using the Microsoft telnet client to log on to the Microsoft Windows 2000 Telnet service, it uses the NTLM protocol to log the client on. Problems arise when integrating Microsoft systems and UNIX systems. When logging on to a system from a Microsoft telnet client to UNIX TELNET daemon service or vice versa, the user name and password are sent over the network in plain text. Since the user name and password characters are not encrypted, it is possible for an electronic eavesdropper to capture a user name and password for a system for which a telnet connection is being established.

File Transfer Protocol (FTP)

 As with Telnet, if the FTP service is running and users need to send or retrieve information from a secure location then user names and passwords are transmitted in clear text.

Asynchronous transfer mode (ATM)

Security can be compromised by what is referred to as "manhole manipulation"—direct access to network cables and connections in underground parking garages and elevator shafts..

Device administration

 Switches and routers are easily managed by an HTTP interface or through a command line interface. Coupled to the use of weak passwords (for example, public passwords), it allows anybody with some technical knowledge to take control of the device.

Modems

 Modems have become standard features on many desktop computers. Any unauthorized modem is a serious security concern. People use them not just to connect to the Internet, but also to connect to their office so they can work from home. The problem is that a modem is a means of bypassing the "firewall" that protects a network from outside intruders. A hacker using a "war dialer" tool to identify the modem telephone number and a "password cracker" tool to break a weak password can gain access to the system. Due to the nature of computer networking, once a hacker connects to that one computer, the hacker can often connect to any other computer in the network.


Example:
   non-malicious threat (ignorant employees).

An employee known here as John Doe copies games and other executables from a 1.44 MB disk onto his local hard drive and then runs the executables. Unfortunately, the games contained various viruses and Trojan horses. The organization had not yet deployed any anti-virus software. After a short time, John Doe and other employees began to notice strange and unforeseen events occurring on their computers, causing disruption of services and possible corruption of data. The following figure explains the various vulnerabilities that existed and the loss in assets that are involved.

Figure 3:



Example: 
  natural disasters

An organization has various modems and Integrated Services Digital Network (ISDN) router installations and does not have surge protection. During a thunderstorm, lightning strikes the telephone and ISDN lines. All modems and ISDN routers are destroyed, taking with them a couple of motherboards. The following diagram shows the vulnerability and the loss of assets.

Cc723507.secthr05(en-us,TechNet.10).gif
                                                       


Conclusion

Malicious attackers will use various methods, tools, and techniques to exploit vulnerabilities in security policies and controls to achieve a goal or objective. Non-malicious attacks occur due to poor security policies and controls that allow vulnerabilities and errors to take place. Natural disasters can occur at any time, so organizations should implement measures to try to prevent the damage they can cause
















Many of life's failures are people who
 did not realize how close they were
 to success when they gave up.













Reference