VII. THREATS AND VULNERABILITY
A. Natural Disasters
Disasters can take all shapes and forms; natural disasters, like those listed, are common security problems because one has no control over the original cause of the problem. Preparing for disaster is a vital part of a disaster recovery or contingency plan. Examples of Natural Disasters that should be discussed are:
The threat of fire should not be under estimated. One should provide specific site documentation for fire risk and exposure. This documentation should contain at a minimum:
a. The construction techniques that demonstrate the fire resistance of the building containing the system. Raised floors and ceilings, curtains, rugs, furniture, and drapes should be from non combustible materials.
b. The procedures used to manage the paper and other combustible supplies for the computer facilities. In addition, this should document the control of inflammable or dangerous activities in areas surrounding the computer room.
c. The storage of magnetic media outside the computer room.
d. The periodic training of operators in fire fighting techniques and assigned responsibilities in case of fire.
e. The use of water for fire protection is usually advised. The two major forms of protection are.
1) Automated carbon dioxide. If so, do all personnel have training in the use of gas masks and other safety devices.
2) Halogenated agents
The potential for flood should be minimized by locating computer equipment above the flood plane. Another source of flood damage is the water distribution and fire protection systems. Water should not flow through pipes above the computer facility.
Computers are susceptible to sudden surges or drops in electrical line voltage. Depending on the importance of the data being processed, efforts should be made to shield the computer from these variations. Electronic devices ranging from inexpensive surge processors to uninterruptible power supplies are available to provide the level of protection required.
Adequate isolation and grounding should be provided for both the computer equipment and for the power supply.
B. Accidental Acts (Threats)
Many threats to a system result from unintentional errors created either by a user or by the system itself. The most common forms of accidental threats are caused by employee mistakes, frequently resulting from poor training and improper use of tools. Possible results include unintentional damage to the system, modification or destruction of user programs or data, disclosure of sensitive information, or residual data that the user or management cannot find. On-going training programs, both formal and informal, can help prevent many of these problems. At a minimum the following should be discussed:
- Disclosure of data
- Modification/Destruction of data
- Faulty software
- Residual data
- Wrong parameters
C. Malicious Acts (Threats)
These threats are the result of deliberate attempts to circumvent or defeat the systems’ protection mechanisms or to exploit the weaknesses in such mechanisms. Many entertaining anecdotes illustrate the items listed. All too often, however, it is easy to overlook the ethical, legal and potentially damaging implications of such activities. The following malicious acts should be supplemented from the current news when appropriate:
1. Trap doors
A trap door is an embedded segment of code which allow one to circumvent the normal security or administrative protection of a system.
2. Trojan Horse
The Trojan horse technique of penetration “consists of supplying the computer with what is perceived appropriate and acceptable information, but in reality contains secret instructions for unauthorized behavior.”
Systems should be designed such that the data are protected from unauthorized changes or modification.
4. Snooping or browsing
One should design systems such that user access is contained to data and information for which they have a need.
5. Intentional disclosure of data
Computer viruses are particularly new and dangerous form of active intrusion. These computer programs infiltrate a computer system and attack the operating system, application programs, and data in the same way a cancer virus or retro viruses attack the human system. They can lie dormant for a time, hidden from the user or operator of the system, before they become active. By the time they are discovered, a great deal of damage may have occurred and much data may have been destroyed and lost. Viruses are composed of three parts:
a. A mission component (such as to delete files, send data to a certain user, etc.);
b. A trigger mechanism (which activates at a specific time or with the occurrence specific event, e.g., the person’s name not being on the payroll list); and
c. A self-propagating component (whereby it attaches itself to files, programs, or whatever the creator of the virus is in search of).
The threat from viruses increases when interconnected systems are involved because the virus can be injected into one element and quickly spread to other interconnected elements or have access to the infected element.
D. Locus of Attack
The locus of attack is a place or places from which an attack upon a system may originate. The locus of attack becomes increasing complex as a system grows through networking, communications and connectivity. Additional material should be introduced in a networking and communications course. Each item listed provides an example of potential vulnerability of sensitive data.
Terminals are frequently in less well controlled facilities. Plans should be made for passwords and physical interlocks to minimize the terminal as a source of information compromise.
The gateway from another system should be protected carefully. One should not rely on the security of the distal end of the link.
PC/workstations are frequently in less well controlled facilities. A workstation may harbor software that at some time in the future may attack your security system. Plans should be made for passwords and physical interlocks to minimize the workstation as a source of information compromise.