Please notice that the term computer system here includes hardware, software, network
transmission paths, and people who interact with these components. By this definition,
everything from a desktop workstation to the Internet qualifies as a computer system.
An attacker is a person who tries to gain an advantage by exploiting a security hole.
Attackers are misfeasors, masqueraders, or clandestine users.
These authorized users gain additional but unauthorized access to resources on
a system or otherwise misuse their authorization. Examples include programmers who use their
accounts to exploit operating system (OS) vulnerabilities and gain administrative privileges, or
accountants who embezzlemoney by falsifying records in a database to which they have regular
access. A misfeasor is an "inside" person, someone within an organization who introduces a
security risk or poses a threat.
These people use authorized user access privileges to enter a system and
then, posing as that user, attack the system. Examples include hackers who obtain usernames and
passwords by cracking password files, and then use that information to gain entry to the system.
Masqueraders are usually persons outside the organization.
These individuals are insiders or outsiders who obtain their own, distinct
unauthorized access to a system. Examples include hackers who obtain administrative access to a
system long enough to create their own user accounts for subsequent access.
The concepts of access and authorization are not necessarily limited to user accounts within
an OS. Physical access to an equipment closet or authorization to place orders for new telephony
service are examples of other types of access and authorization. All persons who have any degree
of physical or logical interaction with a system, its components, or its processes are capable of
compromising system security.
The goals of an attacker range from innocuous to severely damaging:
Most thrill-seeking attackers are trophy grabbing. Their intent is not to
disrupt or damage a system, but to prove that they can enter the system. Such accomplishments
are badges of achievement in the hacker community.
The most common goal of a security attack is information theft. Intruders
seek sensitive information such as credit card numbers, usernames, passwords, and medical records.
This type of attack involves attackers who use computer resources without
paying for them. Software pirates who crack systems to host stolen software, or warez, for others
to download are guilty of service theft. Clandestine users also commit service theft by having
unauthorized accounts on a server.
This is the act of illegally assuming the identity of another person, or
masquerading, to gain control of that person's resources (usually computer and economic
privileges). An example of this is an attacker who uses stolen social security numbers and credit
histories to establish and exercise unauthorized lines of credit. Identity theft does not necessarily
involve information theft. For example, an attacker can commit e-mail forgerywithout stealing
sensitive information about the e-mail address owner.
This attack is more serious than information theft because the attacker alters
data rather than simply copying it. A student who changes a grade in a university registrar's
database is tampering. This example is stealthy tampering/the attack is not intended to draw
attention. A more extreme form of tampering is defacement, in which a hacker alters a system in
a very noticeable way, usually to make a personal or political statement. The disgruntled
computer operator who, upon dismissal, embeds nasty messages about management in a login
script, or the activist group that hacks into a corporate Web site are typical examples.
Denial of Service (DoS)
DoS can be the most damaging type of security attack. It
diminishes server capacity for authorized clients and temporarily disrupts access to the system. In
the worst cases, DoS attacks render a system unusable for a protracted period by destroying not
only its ability to communicate, but also any data that has been entrusted to it. DoS also can
occur as an unintentional side effect of service theft. For example, hosting pirated warez can
bring down a system because of the excessive download activity.
Although attackers continue to create new methods for violating computer system security,
the vulnerabilities they exploit remain the same. These vulnerabilities can be divided into five
The unquestioning, unchecked acceptance of a person or agent. Attacks that
exploit this vulnerability include: compromised system utilities, e-mail forgery, IP spoofing,
keystroke monitoring, logic bomb, masquerading, shoulder surfing, social engineering, Trojan
A defense is a countermeasurefor dealing with security attacks. Administrators can employ
five types of defenses:
ObfuscationConfusing the attacker by obscuring publicly available information that exposes
vulnerability. Examples include: anonymity, encryption, packet stuffing, public key cryptography,
shielding, steganography, trash disposal.
Authentication and Authorization Ensuring that a person or system claiming an identity is
the real owner of the identity, and granting access on a "must have" basis. Examples include:
badges and cards, biometrics, password, shared secret, signature, watermark.
Monitoring and Auditing Observing system vulnerabilities, either in real time or through
audit tools, to detect attacks. Examples include: filtering, firewall, integrity check, intrusion
detection, misuse detection, password checker, peer review, process review, security audit tools,
Currency Consistently using tested software updates and periodically reviewing human
processes and procedures. Examples include: patching, process review, upgrading.
Education and Enforcement Effectively equipping system designers and users with
knowledge of security risks, and then enforcing application of this knowledge. Examples include:
reminders, tip of the day, training.
The key to preventing security attacks from diminishing system performance is knowledge.
IT administrators can develop their security strategies by studying historical and contemporary
attacks, appropriate defenses, and the evolving trends in the computer security industry.
1, misfeasor [,mis'fi:zə]
2, masquerader [,mæskə'reidə]
3, clandestine [klæn'destin]
4, embezzle [im'bezl]
5, falsify [fɔ:lsifai]
7, innocuous [i'nɔkjuəs]
8, trophy ['trəufi]
10, forgery ['fɔ:dʒəri]
11, tampering ['tæmpəriŋ]
12, defacement [di'feismənt]
13, dismissal [dis'misəl]
14, nasty ['næsti]
15, exploit [iks'plɔit]
16, countermeasure ['kauntə,meʒə]
17, obfuscation [,ɔbfʌ'skeiʃən]