Prentice hall security in computing 4th edition oct 2006 ISBN 0132390779

Publisher: Prentice Hall Pub Date: October 13, 2006 Print ISBN-10: 0-13-239077-9 Print ISBN-13: 978-0-13-239077-4 Pages: 880 Table of Contents | Index The New State-of-the-Art in Inform

By Charles P Pfleeger - Pfleeger Consulting Group,Shari Lawrence Pfleeger - RAND Corporation

Publisher: Prentice Hall Pub Date: October 13, 2006 Print ISBN-10: 0-13-239077-9 Print ISBN-13: 978-0-13-239077-4 Pages: 880

Table of Contents | Index

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in

Computing as the definitive guide to information about computer security attacks and

countermeasures In their new fourth edition, Charles P Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest

technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security,

including attacks and controls Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition, goes beyond technology, covering crucial

management issues faced in protecting infrastructure and information This edition

contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments Another new chapter addresses privacy from data mining and identity theft, to RFID and e-voting.

New coverage also includes

Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks

Web application threats and vulnerabilities

Networks of compromised systems: bots, botnets, and drones

Rootkits including the notorious Sony XCP

Wi-Fi network security challenges, standards, and techniques

New malicious code attacks, including false interfaces and keystroke loggers Improving code quality: software engineering, testing, and liability approaches Biometric authentication: capabilities and limitations

Using the Advanced Encryption System (AES) more effectively

Balancing dissemination with piracy control in music and other digital content Countering new cryptanalytic attacks against RSA, DES, and SHA

Responding to the emergence of organized attacker groups pursuing profit

By Charles P Pfleeger - Pfleeger Consulting Group,Shari Lawrence Pfleeger - RAND Corporation

Publisher: Prentice Hall Pub Date: October 13, 2006 Print ISBN-10: 0-13-239077-9 Print ISBN-13: 978-0-13-239077-4 Pages: 880

Section 12.9 Exercises

Bibliography

Index

Many of the designations used by manufacturers and sellers todistinguish their products are claimed as trademarks Wherethose designations appear in this book, and the publisher wasaware of a trademark claim, the designations have been printedwith initial capital letters or in all capitals

The authors and publisher have taken care in the preparation ofthis book, but make no expressed or implied warranty of anykind and assume no responsibility for errors or omissions Noliability is assumed for incidental or consequential damages inconnection with or arising out of the use of the information orprograms contained herein

The publisher offers excellent discounts on this book when

ordered in quantity for bulk purchases or special sales, whichmay include electronic versions and/or custom covers and

content particular to your business, training goals, marketingfocus, and branding interests For more information, please

In the 1950s and 1960s, the prominent conference gatheringplaces for practitioners and users of computer technology werethe twice yearly Joint Computer Conferences (JCCs)initially

called the Eastern and Western JCCs, but later renamed theSpring and Fall JCCs and even later, the annual National (AFIPS)Computer Conference From this milieu, the topic of computersecuritylater to be called information system security and

currently also referred to as "protection of the national

information infrastructure"moved from the world of classifieddefense interests into public view

A few peopleRobert L Patrick, John P Haverty, and I amongothersall then at the RAND Corporationhad been talking aboutthe growing dependence of the country and its institutions oncomputer technology It concerned us that the installed systemsmight not be able to protect themselves and their data againstintrusive and destructive attacks We decided that it was time tobring the security aspect of computer systems to the attention

of the technology and user communities

The enabling event was the development within the NationalSecurity Agency (NSA) of a remote-access time-sharing systemwith a full set of security access controls, running on a Univac

494 machine, and serving terminals and users not only withinthe headquarters building at Fort George G Meade, Maryland,but also worldwide Fortuitously, I knew details of the system

Persuading two others from RAND to helpDr Harold Petersonand Dr Rein Turnplus Bernard Peters of NSA, I organized a

group of papers and presented it to the SJCC conference

management as a ready-made additional paper session to bechaired by me [1] The conference accepted the offer, and thesession was presented at the Atlantic City (NJ) Convention Hall

in 1967

The report of the committee was initially published as a

classified document and was formally presented to the sponsor(the DSB) in January 1970 It was later declassified and

republished (by the RAND Corporation) in October 1979 [2] Itwas widely circulated and became nicknamed "the Ware

report." The report and a historical introduction are available onthe RAND web site [3]

Subsequently, the United States Air Force (USAF) sponsoredanother committee chaired by James P Anderson [4] Its

report, published in 1972, recommended a 6-year R&D securityprogram totaling some $8M [5] The USAF responded and

funded several projects, three of which were to design and

implement an operating system with security controls for a

specific computer

Eventually these activities led to the "Criteria and Evaluation"program sponsored by the NSA It culminated in the "OrangeBook" [6] in 1983 and subsequently its supporting array of

documents, which were nicknamed "the rainbow series." [7]Later, in the 1980s and on into the 1990s, the subject became

centuries-long legacy of encryption technology and experiencefor protecting classified information in transit Finally, it

understood the personnel problem and the need to establish thetrustworthiness of its people And it certainly understood thephysical security matter

Thus, "the" computer security issue, as it was understood in the1960s and even later, was how to create in a computer system

a group of access controls that would implement or emulate theprocesses of the prior paper world, plus the associated issues ofprotecting such software against unauthorized change,

subversion, and illicit use, and of embedding the entire system

in a secure physical environment with appropriate managementoversights and operational doctrine and procedures The poorlyunderstood aspect of security was primarily the software issuewith, however, a collateral hardware aspect; namely, the riskthat it might malfunctionor be penetratedand subvert the

proper behavior of software For the related aspects of

communications, personnel, and physical security, there was aplethora of rules, regulations, doctrine, and experience to coverthem It was largely a matter of merging all of it with the

hardware/software aspects to yield an overall secure systemand operating environment

However, the world has now changed in essential ways Thedesktop computer and workstation have appeared and

proliferated widely The Internet is flourishing and the reality of

a World Wide Web is in place Networking has exploded andcommunication among computer systems is the rule, not theexception Many commercial transactions are now web-based;many commercial communitiesthe financial one in

particularhave moved into a web posture The "user" of anycomputer system can literally be anyone in the world

informationsystem outreach is the goal

based information systemits hardware, its software, its softwareprocesses, its databases, its communicationsto an environmentover which no onenot end-user, not network administrator orsystem owner, not even governmenthas control What must bedone is to provide appropriate technical, procedural,

The net effect of all of this has been to expose the computer-operational, and environmental safeguards against threats asthey might appear or be imagined, embedded in a societallyacceptable legal framework

of worldwide scope with a body of users that may not be knownand are not necessarily trusted Importantly, security controlsnow must deal with circumstances over which there is largely

no control or expectation of avoiding their impact Computersecurity, as it has evolved, shares a similarity with liability

insurance; they each face a threat environment that is known in

a very general way and can generate attacks over a broad

spectrum of possibilities; but the exact details or even time orcertainty of an attack is unknown until an event has occurred

On the other hand, the modern world thrives on informationand its flows; the contemporary world, society, and institutionscannot function without their computer-communication-basedinformation systems Hence, these systems must be protected

in all dimensionstechnical, procedural, operational,

environmental The system owner and its staff have become

Progress has been slow, in large part because the threat hasnot been perceived as real or as damaging enough; but also inpart because the perceived cost of comprehensive informationsystem security is seen as too high compared to the

cryptography (Chapters 2 and 12); the Common Criteria

(Chapter 5); the World Wide Web and Internet (Chapter 7);managing risk (Chapter 8); software vulnerabilities (Chapter 3);and legal, ethical, and privacy issues (Chapters 10 and 11) Thebook also describes security controls that are currently availablesuch as encryption protocols, software development practices,firewalls, and intrusion-detection systems Overall, this bookprovides a broad and sound foundation for the information-

Organizational and management motivation and commitment toget the security job done is Today, the collective informationinfrastructure of the country and of the world is slowly moving

up the learning curve; every mischievous or malicious eventhelps to push it along The terrorism-based events of recenttimes are helping to drive it Is it far enough up the curve tohave reached an appropriate balance between system safetyand threat? Almost certainly, the answer is, "No, not yet; there

is a long way to go." [10]

"Security Considerations in a Multi-Programmed ComputerSystem," Bernard Peters; Proceedings of the 1967 SpringJoint Computer Conference (later renamed to AFIPS

Conference Proceedings), pp 283 seq, vol 30, 1967

"Practical Solutions to the Privacy Problem," Willis H Ware;RAND, Santa Monica, CA; P-3544, April 1967 Also

published in Proceedings of the 1967 Spring Joint ComputerConference (later renamed to AFIPS Conference

Proceedings), pp 301 seq, Vol 30, 1967

"System Implications of Information Privacy," Harold E

Peterson and Rein Turn; RAND, Santa Monica, CA; P-3504,April 1967 Also published in Proceedings of the 1967

Spring Joint Computer Conference (later renamed to AFIPSConference Proceedings), pp 305 seq, vol 30, 1967

2 "Security Controls for Computer Systems," (Report of the

Defense Science Board Task Force on Computer Security),RAND, R-609-1-PR Initially published in January 1970 as aclassified document Subsequently, declassified and

republished October 1979

3 http://rand.org/publications/R/R609.1/R609.1.html,

http://rand.org/publications/R/R609.1/intro.html, Historicalsetting for R-609.1

http://seclab.cs.ucdavis.edu/projects/history

6 "DoD Trusted Computer System Evaluation Criteria," DoD

Computer Security Center, National Security Agency, Ft

George G Meade, Maryland; CSC-STD-001-83; Aug 15,1983

7 So named because the cover of each document in the series

had a unique and distinctively colored cover page For

example, the "Red Book" is "Trusted Network

Interpretation," National Computer Security Center, NationalSecurity Agency, Ft George G Meade, Maryland; NCSC-TG-

2

005, July 31, 1987 USGPO Stock number 008-000-00486-8 "A Retrospective on the Criteria Movement," Willis H Ware;

RAND, Santa Monica, CA; P-7949, 1995

http://rand.org/pubs/papers/P7949/

Every day, the news media give more and more visibility to theeffects of computer security on our daily lives For example, on

a single day in June 2006, the Washington Post included three

important articles about security On the front page, one articlediscussed the loss of a laptop computer containing personal

data on 26.5 million veterans A second article, on the front

page of the business section, described Microsoft's new productsuite to combat malicious code, spying, and unsecured

vulnerabilities in its operating system Further back, a third

article reported on a major consumer electronics retailer thatinadvertently installed software on its customers' computers,making them part of a web of compromised slave computers.The sad fact is that news like this appears almost every day,and has done so for a number of years There is no end in sight

Even though the language of computer securityterms such asvirus, Trojan horse, phishing, spywareis common, the

application of solutions to computer security problems is

uncommon Moreover, new attacks are clever applications of oldproblems The pressure to get a new product or new release tomarket still in many cases overrides security requirements forcareful study of potential vulnerabilities and countermeasures.Finally, many people are in denial, blissfully ignoring the seriousharm that insecure computing can cause

an oncoming car would slow down or yield We hope you neverhad to practice this, but sometimes you have to decide whetherdarting into the street without looking is the best means of

escaping danger The point is all these matters depend on

knowledge and experience We want to help you develop thesame knowledge and experience with respect to the risks ofsecure computing

How do you control the risk of computer security?

Learn about the threats to computer security

Understand what causes these threats by studying howvulnerabilities arise in the development and use of

computer systems

Survey the controls that can reduce or block these threats

Develop a computing styleas a user, developer, manager,consumer, and voterthat balances security and risk

The field of computer security changes rapidly, but the

underlying problems remain largely unchanged In this bookyou will find a progression that shows you how current complexattacks are often instances of more fundamental concepts

Users and Uses of This Book

This book is intended for the study of computer security Many

of you want to study this topic: college and university students,computing professionals, managers, and users of all kinds ofcomputer-based systems All want to know the same thing:how to control the risk of computer security But you may differ

management and legal issues Thus, the book covers five keyareas of interest:

computers

The first chapter introduces the concepts and basic vocabulary

of computer security Studying the second chapter provides anunderstanding of what encryption is and how it can be used ormisused Just as a driver's manual does not address how to

encryption schemes, but rather for users of encryption

Chapters 3 through 7 cover successively larger pieces of

software: individual programs, operating systems, complex

applications like database management systems, and finallynetworks, which are distributed complex systems Chapter 8discusses managing and administering security, and describeshow to find an acceptable balance between threats and

controls Chapter 9 addresses an important management issue

by exploring the economics of cybersecurity: understanding andcommunicating the costs and benefits In Chapter 10 we turn tothe personal side of computer security as we consider how

security, or its lack, affects personal privacy Chapter 11 coversthe way society at large addresses computer security, throughits laws and ethical systems Finally, Chapter 12 returns to

cryptography, this time to look at the details of the encryptionalgorithms themselves

Within that organization, you can move about, picking and

choosing topics of particular interest Everyone should read

Chapter 1 to build a vocabulary and a foundation It is wise toread Chapter 2 because cryptography appears in so many

different control techniques Although there is a general

progression from small programs to large and complex

networks, you can in fact read Chapters 3 through 7 out of

sequence or pick topics of greatest interest Chapters 8 and 9may be just right for the professional looking for non-technicalcontrols to complement the technical ones of the earlier

chapters These chapters may also be important for the

computer science student who wants to look beyond a narrowview of bytes and protocols We recommend Chapters 10 and

11 for everyone, because those chapters deal with the humanaspects of security: privacy, laws, and ethics All computing isultimately done to benefit humans, and so we present personalrisks and approaches to computing Chapter 12 is for peoplewho want to understand some of the underlying mathematicsand logic of cryptography

This book can be used as a textbook in a one- or two-semestercourse in computer security The book functions equally well as

a reference for a computer professional or as a supplement to

an intensive training course And the index and extensive

bibliography make it useful as a handbook to explain significanttopics and point to key articles in the literature The book hasbeen used in classes throughout the world; instructors oftendesign one-semester courses that focus on topics of particularinterest to the students or that relate well to the rest of a

community and in the rest of the user population

But this revision touched every existing chapter as well Thethreats and vulnerabilities of computing systems have not stood

the shift from individual hackers working for personal

reasons to organized attacker groups working for financialgain

programming flaws leading to security failures, highlightingman-in-the-middle, timing, and privilege escalation errors

recent malicious code attacks, such as false interfaces andkeystroke loggers

approaches to code quality, including software engineering,testing, and liability approaches

biometric authentication capabilities and limitations

the conflict between efficient production and use of digitalcontent (e.g., music and videos) and control of piracy

In addition to these major changes, there are numerous smallcorrective and clarifying ones, ranging from wording and

notational changes for pedagogic reasons to replacement,

deletion, rearrangement, and expansion of sections

Acknowledgments

It is increasingly difficult to acknowledge all the people whohave influenced this book Colleagues and friends have

contributed their knowledge and insight, often without knowingtheir impact By arguing a point or sharing explanations of

concepts, our associates have forced us to question or rethinkwhat we know

We thank our associates in at least two ways First, we havetried to include references to their written works as they haveinfluenced this book References in the text cite specific papersrelating to particular thoughts or concepts, but the bibliographyalso includes broader works that have played a more subtle role

in shaping our approach to security So, to all the cited authors,many of whom are friends and colleagues, we happily

Information Systems, the Contel Technology Center, the Centrefor Software Reliability of the City University of London, ArcaSystems, Exodus Communications, the RAND Corporation, andCable & Wireless If you worked with us at any of these

locations, chances are high that you had some impact on thisbook And for all the side conversations, debates, arguments,and light moments, we are grateful For this fourth edition,Roland Trope and Richard Gida gave us particularly helpful

suggestions for Chapters 9 and 10

Authors are the products of their environments We write toeducate because we had good educations ourselves, and

because we think the best response to a good education is topass it along to others Our parents, Paul and Emma Pfleegerand Emanuel and Beatrice Lawrence, were critical in supporting

us and encouraging us to get the best educations we could.Along the way, certain teachers gave us gifts through their

teaching Robert L Wilson taught Chuck how to learn aboutcomputers, and Libuse L Reed taught him how to write aboutthem Florence Rogart, Nicholas Sterling and Mildred Nadlertaught Shari how to analyze and probe

To all these people, we express our sincere thanks

Charles P Pfleeger

Shari Lawrence Pfleeger

Washington, D.C

Chapter 1 Is There a Security Problem in Computing?

How do we protect our most valuable assets? One option is toplace them in a safe place, like a bank We seldom hear of abank robbery these days, even though it was once a fairly

lucrative undertaking In the American Wild West, banks keptlarge amounts of cash on hand, as well as gold and silver, whichcould not be traced easily In those days, cash was much morecommonly used than checks Communications and

transportation were primitive enough that it might have beenhours before the legal authorities were informed of a robberyand days before they could actually arrive at the scene of thecrime, by which time the robbers were long gone To control thesituation, a single guard for the night was only marginally

effective Should you have wanted to commit a robbery, youmight have needed only a little common sense and perhapsseveral days to analyze the situation; you certainly did not

require much sophisticated training Indeed, you usually

learned on the job, assisting other robbers in a form of

apprenticeship On balance, all these factors tipped very much

in the favor of the criminal, so bank robbery was, for a time,considered to be a profitable business Protecting assets wasdifficult and not always effective

Today, however, asset protection is easier, with many factorsworking against the potential criminal Very sophisticated alarmand camera systems silently protect secure places like bankswhether people are around or not The techniques of criminalinvestigation have become so effective that a person can beidentified by genetic material (DNA), fingerprints, retinal

patterns, voice, a composite sketch, ballistics evidence, or otherhard-to-mask characteristics The assets are stored in a saferform For instance, many bank branches now contain less cashthan some large retail stores because much of a bank's

business is conducted with checks, electronic transfers, credit

party systems requiring the agreement of several people to

allow access, and other schemes Significant improvements intransportation and communication mean that police can be atthe scene of a crime in minutes; dispatchers can alert other

officers in seconds about the suspects to watch for From thecriminal's point of view, the risk and required sophistication are

so high that there are usually easier ways than bank robbery tomake money

Protecting Valuables

This book is about protecting our computer-related assets, notabout protecting our money and gold bullion That is, we plan todiscuss security for computing systems, not banks But we canlearn from our analysis of banks because they tell us some

general principles about protection In other words, when wethink about protecting valuable information, we can learn a lotfrom the way we have protected other valuables in the past Forexample, Table 1-1 presents the differences between how

people protect computing systems and how banks protect

money The table reinforces the point that we have many

challenges to address when protecting computers and data, butthe nature of the challenges may mean that we need differentand more effective approaches than we have used in the past

Items storing valuable assets are very small and portable The physical devices in computing can

be so small that thousands of dollars'worth of computing gear can

security to protect money.

Simple When information is handled electronically, no physical contact is necessary Indeed, when banks handle money electronically, almost all transactions can be done without any physical contact Money can be transferred through

computers, mail, or telephone.

Value of assets Very high Variable, from very high to very

low Some information, such as medical history, tax payments, investments, or educational background, is confidential Other information, about troop

movements, sales strategies, buying patterns, can be very sensitive Still other information, such as address and phone number, may be of no consequence and easily accessible by other means.

Protecting our valuables, whether they are expressed as

information or in some other way, ranges from quite

unsophisticated to very sophisticated We can think of the WildWest days as an example of the "unsophisticated" end of thesecurity spectrum And even today, when we have more

sophisticated means of protection than ever before, we still see

a wide range in how people and businesses actually use theprotections available to them

In fact, we can find far too many examples of computer securitythat seem to be back in the Wild West days Although someorganizations recognize computers and their data as valuableand vulnerable resources and have applied appropriate

protection, others are dangerously deficient in their securitymeasures In some cases, the situation is even worse than that

in the Wild West; as Sidebar 1-1 illustrates, some enterprises

corruption

Systems

The amount of software installed in an automobile grows larger from year to year Most cars, especially more expensive ones, use dozens of microcontrollers

to provide a variety of features to entice buyers There is enough variation in microcontroller range and function that the Society of Automotive Engineers (Warrendale, Pennsylvania) has set standards for the U.S automotive industry's software Software in the microcontrollers ranges through three classes:

low speed (class Aless than 10 kb per second) for convenience features, such as radios

medium speed (class B10 to 125 kb per second) for the general transfer of information, such as that related to emissions, speed, or instrumentation high speed (class Cmore than 125 kb per second) for real-time control, such as the power train or a brake-by-wire system

These digital cars use software to control individual subsystems, and then more software to connect the systems in a network [WHI01]

However, the engineers designing and implementing this software see no reason

to protect it from hackers Whitehorn-Umphres reports that, from the engineers' point of view, the software is too complicated to be understood by a hacker "And even if they could [understand it], they wouldn't want to."

Whitehorn-Umphres points out a major difference in thinking between hardware designers and software designers "As hardware engineers, they assumed that, perhaps aside from bolt-on aftermarket parts, everything else is and should be a black box." But software folks have a different take: "As a software designer, I assume that all digital technologies are fair game for being played with it takes a special kind of personality to look at a software-enabled device and see the potential for manipulation and changea hacker personality."

He points out that hot-rodders and auto enthusiasts have a long history of

tinkering and tailoring to make specialized changes to mass-produced cars And the unprotected software beckons them to continue the tradition For instance, there are reports of recalibrating the speedometer of two types of Japanese motorcycles to fool the bike about how fast it is really going (and thereby

enabling faster-than-legal speeds) Whitehorn-Umphres speculates that soon you will be able to "download new ignition mappings from your PC The next step will

be to port the PC software to handheld computers so as to make on-the-road modifications that much easier."

in a bank that had just suffered a several million-dollar loss

through computer-related embezzlement? In fact, the breach ofsecurity makes that bank painfully aware of all its security

weaknesses Once bitten, twice shy; after the loss, the bank willprobably enhance its security substantially, quickly becomingsafer than a bank that had not been recently victimized

Even when organizations want to take action against criminalactivity, criminal investigation and prosecution can be hindered

by statutes that do not recognize electromagnetic signals asproperty The news media sometimes portrays computer

intrusion by teenagers as a prank no more serious than tippingover an outhouse But, as we see in later chapters, computerintrusion can hurt businesses and even take lives The legal

systems around the world are rapidly coming to grips with thenature of electronic property as intellectual property critical toorganizational or mission success; laws are being implementedand court decisions declared that acknowledge the value of

information stored or transmitted via computers But this area

is still new to many courts, and few precedents have been

established

Throughout this book, we look at examples of how computersecurity affects our livesdirectly and indirectly And we examinetechniques to prevent security breaches or at least to mitigatetheir effects We address the security concerns of software

practitioners as well as those professionals, managers, and

users whose products, services, and well-being depend on theproper functioning of computer systems By studying this book,you can develop an understanding of the basic problems

underlying computer security and the methods available to deal

resident in memory, or transmitted over telephone lines orsatellite links, this information can be used in myriad ways to

sometimes underestimate the determination or creativity of

attackers Remember that computer security is a game withrules only for the defending team: The attackers can (and will)use any means they can Perhaps the hardest thing for peopleoutside the security community to do is to think like the

attacker One group of creative security researchers

vulnerability to the system's chief designer, who replied "thatwould work, but no attacker would try it" [BON06] Don't

believe that for a minute: No attack is out of bounds

Strengthening one aspect of a system may simply make

another means of penetration more appealing to intruders Forthis reason, let us look at the various ways by which a systemcan be breached

When you test any computer system, one of your jobs is toimagine how the system could malfunction Then, you improvethe system's design so that the system can withstand any ofthe problems you have identified In the same way, we analyze

a system from a security perspective, thinking about ways inwhich the system's security can malfunction and diminish thevalue of its assets

Vulnerabilities, Threats, Attacks, and Controls

A computer-based system has three separate but valuable

components: hardware, software, and data Each of these

assets offers value to different members of the communityaffected by the system To analyze security, we can brainstormabout the ways in which the system or its information can

experience some kind of loss or harm For example, we canidentify data whose format or contents should be protected insome way We want our security system to make sure that nodata are disclosed to unauthorized parties Neither do we wantthe data to be modified in illegitimate ways At the same time,

A threat to a computing system is a set of circumstances that

has the potential to cause loss or harm To see the difference

Figure 1-1 Threats, Controls, and Vulnerabilities.

However, we can see a small crack in the walla vulnerability thatthreatens the man's security If the water rises to or beyond thelevel of the crack, it will exploit the vulnerability and harm theman

There are many threats to a computer system, including

human-initiated and computer-initiated ones We have all

experienced the results of inadvertent human errors, hardwaredesign flaws, and software failures But natural disasters arethreats, too; they can bring a system down when the computerroom is flooded or the data center collapses from an

earthquake, for example

A human who exploits a vulnerability perpetrates an attack on

as when one system sends an overwhelming set of messages toanother, virtually shutting down the second system's ability tofunction Unfortunately, we have seen this type of attack

frequently, as denial-of-service attacks flood servers with moremessages than they can handle (We take a closer look at

systems; the threats are illustrated in Figure 1-2

Figure 1-2 System Security Threats.

gained access to an asset The outside party can be a

person, a program, or a computing system Examples ofthis type of failure are illicit copying of program or data

files, or wiretapping to obtain data in a network Although aloss may be discovered fairly quickly, a silent interceptormay leave no traces by which the interception can be

readily detected

In an interruption, an asset of the system becomes lost,

unavailable, or unusable An example is malicious

destruction of a hardware device, erasure of a program ordata file, or malfunction of an operating system file

manager so that it cannot find a particular disk file

If an unauthorized party not only accesses but tampers with

an asset, the threat is a modification For example,

someone might change the values in a database, alter aprogram so that it performs an additional computation, or

possible to modify hardware Some cases of modificationcan be detected with simple measures, but other, more

subtle, changes may be almost impossible to detect

Finally, an unauthorized party might create a fabrication of

counterfeit objects on a computing system The intrudermay insert spurious transactions to a network

communication system or add records to an existing

database Sometimes these additions can be detected asforgeries, but if skillfully done, they are virtually

indistinguishable from the real thing

These four classes of threatsinterception, interruption,

modification, and fabricationdescribe the kinds of problems wemight encounter In the next section, we look more closely at asystem's vulnerabilities and how we can use them to set

these off

processors or database management systems Sometimes themanufacturers release detailed specifications on how the

system was designed or operates, as guides for users and

integrators who want to implement other complementary

products But even without documentation, attackers can

purchase and experiment with many systems Often, only timeand inclination limit an attacker

Many systems are readily available Systems available to thepublic are, by definition, accessible; often their owners takespecial care to make them fully available so that if one

hardware component fails, the owner has spares instantly ready

to be pressed into service