VII. THREATS AND VULNERABILITY
can take all shapes and forms; natural disasters, like those listed, are common
security problems because one has no control over the original cause of the
problem. Preparing for disaster is a vital part of a disaster recovery or
contingency plan. Examples of Natural Disasters that should be discussed are:
- Natural Accidents
- Fire: The threat of fire should not be under estimated. One should provide specific
site documentation for fire risk and exposure. This documentation should
contain at a minimum:
- The construction techniques that demonstrate the fire resistance of
the building containing the system. Raised floors and ceilings, curtains,
rugs, furniture, and drapes should be from non combustible materials.
- The procedures used to manage the paper and other combustible
supplies for the computer facilities. In addition, this should document the
control of inflammable or dangerous activities in areas surrounding the
- The storage of magnetic media outside the computer room.
- The periodic training of operators in fire fighting techniques and
assigned responsibilities in case of fire.
- The use of water for fire protection is usually advised. The two
major forms of protection are.
- Automated carbon dioxide. If so, do all personnel have training in
the use of gas masks and other safety devices.
- Halogenated agents
- Flood: The potential for flood should be minimized by locating computer equipment above
the flood plane. Another source of flood damage is the water distribution
and fire protection systems. Water should not flow through pipes above the
- Brown-outs: Computers are susceptible to sudden surges or drops in electrical line voltage.
Depending on the importance of the data being processed, efforts should be
made to shield the computer from these variations. Electronic devices
ranging from inexpensive surge processors to uninterruptible power supplies
are available to provide the level of protection required.
- Lightning: Isolation and grounding should be provided for both the computer equipment
and for the power supply.
- Accidental Acts (Threats): Many threats to a system result from unintentional errors created either by a user or
by the system itself. The most common forms of accidental threats are caused by
employee mistakes, frequently resulting from poor training and improper use of
tools. Possible results include unintentional damage to the system, modification
or destruction of user programs or data, disclosure of sensitive information, or
residual data that the user or management cannot find. On-going training
programs, both formal and informal, can help prevent many of these problems. At
a minimum the following should be discussed:
- Disclosure of data
- Modification/Destruction of data
- Faulty software
- Residual data
- Wrong parameters
- Malicious Acts (Threats): These threats are the result of deliberate attempts to circumvent or defeat the
systems’ protection mechanisms or to exploit the weaknesses in such
mechanisms. Many entertaining anecdotes illustrate the items listed. All too
often, however, it is easy to overlook the ethical, legal and potentially
damaging implications of such activities. The following malicious acts
should be supplemented from the current news when appropriate:
- Trap doors: A trap door is an embedded segment of code which allow one to circumvent the
normal security or administrative protection of a system.
- Trojan Horse: The Trojan horse technique of penetration “consists of supplying the computer
with what is perceived appropriate and acceptable information, but in
reality contains secret instructions for unauthorized behavior.”
- Tampering: Systems should be designed such that the data are protected from unauthorized
changes or modification.
- Snooping or browsing: One should design systems such that user access is contained to data and
information for which they have a need.
- Intentional disclosure of data
- Viruses: Computer viruses are particularly new and dangerous form of active intrusion. These
computer programs infiltrate a computer system and attack the operating
system, application programs, and data in the same way a cancer virus or
retro viruses attack the human system. They can lie dormant for a time,
hidden from the user or operator of the system, before they become active.
By the time they are discovered, a great deal of damage may have occurred
and much data may have been destroyed and lost. Viruses are composed of
- A mission component (such as to delete files, send data to a
certain user, etc.);
- A trigger mechanism (which activates at a specific time or with the
occurrence specific event, e.g., the person’s name not being on the
payroll list); and
- A self-propagating component (whereby it attaches itself to files,
programs, or whatever the creator of the virus is in search of).
The threat from viruses increases when interconnected systems are involved
because the virus can be injected into one element and quickly spread to
other interconnected elements or have access to the infected element.
- Locus of Attack: The locus of attack is a place or places from which an attack upon a system may originate.
The locus of attack becomes increasing complex as a system grows through
networking, communications and connectivity. Additional material should be
introduced in a networking and communications course. Each item listed provides
an example of potential vulnerability of sensitive data.
- Terminals: Terminals are frequently in less well controlled facilities. Plans should be made for
passwords and physical interlocks to minimize the terminal as a source
of information compromise.
- Gateways: The gateway from another system should be protected carefully. One should not
rely on the security of the distal end of the link.
PC/workstations are frequently in less well controlled
facilities. A workstation may harbor software that at some time in the
future may attack your security system. Plans should be made for passwords
and physical interlocks to minimize the workstation as a source of