CHARACTERISTICS OF COMPUTER INTRUSION AND KINDS OF SECURITY BREACHES
1.CHARACTERISTICS OF COMPUTER INTRUSION
The target of a crime involving computers may be any piece of the computing system.A computing system is a collection of hardware,software,storage media,data,and persons that an organization uses to do computing tasks.Whereas the obvious target of a bank robbery is cash,a list of names and addresses of depositors might be valuable to a competing bank.The list might be on paper,recorded on a magnetic medium,stored in internal computer memory,or transmitted electronically across a medium such as a telephone line.This multiplicity of targets makes computer security difficult.
In any security system,the weakest point is the most serious vulnerability.A robber intent on stealing something from your house will not attempt to penetrate a two-inch thick metal door if a window gives easier aclearcase/" target="_blank" >ccess.A sophisticated perimeter physical security system does not compensate for unguarded access by means of a simple telephone line and a modem.The“weakest point”philosophy can be restated as the following principle.
Principle of Easiest Penetration.An intruder must be expected to use any available means of penetration.This will not necessarily be the most obvious means,nor will it necessarily be the one against which the most solid defense has been installed[1].
This principle says that computer security specialists must consider all possible means of penetration,because strengthening one may just make another means more appealing to intruders[2].We now consider what these means of penetration are.
2.KINDS OF SECURITY BREACHES
In security,an exposure is a form of possible loss or harm in a computing system;examples of exposures are unauthorized disclosure of data,modification of data,or denial of legitimate access to computing.A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.A human who exploits a vulnerability perpetrates an attack on the system.Threats to computing systems are circumstances that have the potential to cause loss or harm;human attacks are examples of threats,as are natural disasters,inadvertent human errors,and internal hardware or software flaws[3].Finally,a control is a protective measure—an action,a device,a procedure,or a technique一that reduces a vulnerability.
The major assets of computing systerns are hardware,software,and data.There are four kinds of threats to the security of a computing system:interruption,interception,modification,and fabrication.The four threats all exploit vulnerabilities of the assets in computing systems.These four threats are shown in Fig. 18-1.
(1)In an interruption,an asset of the system becomes lost or unavailable or unusable.An example is malicious destruction of a hardware device,erasure of a program or data file,or failure of on operating system file manager so that it cannot find a particular disk file.
(2)An interception means that some unauthorized party has gained access to an asset.The outside party can be a person,a program,or a computing system.Examples of this type of failure are illicit copying of program or data files,or wiretapping to obtain data in a network.While a loss may be discovered fairly quickly,a silent interceptor may leave no traces by which the interception can be readily detected[4].
(3)If an unauthorized party not only accesses but tampers with an asset,the failure becomes a modif ication.For example,someone might modify the values in a database,alter a program so that it performs an additional computation,or modify data being transmitted electronically.It is even possible for hardware to be modified.Some cases of modification can be detected with simple measures,while other more subtle changes may be almost impossible to detect.
(4)Finally,an unauthorized party might fabricate counterfeit objects for a computing system.The intruder may wish to add spurious transactions to a network communication system,or add records to an existing data base.Sometimes these additions can be detected as forgeries,but if skillfully done,they are virtually indistinguishable from the real thing.
These four classes of interference with computer activity—interruption,interception,modification,and fabrication—can describe the kinds of exposures possible.Examples of these kinds of interferences are shown in Fig. 18-2.
NOTES
[1]not…,nor结构,译为“既不…也不…”,against which…为定语从句,修饰前面的one,one代表means。
[2]主句中由that引出的是宾语从句。because引出的原因状语从句中,主语为strengthening one,more appealing为宾语补足语。
[3]由分号隔开的长句,后一句有插入语as are natural disasters。
[4]While引出的是让步状语从句,可译为“虽然…”。
KEYWORDS
breach 破坏,缺口,违背 attack 攻击
vulnerability 脆弱性 interception 截获,窃听
penetration 渗入,穿透 threat 威胁
exposure 暴露 fabrication 伪造,建造
EXERCISES
Multiple choices.
(1)A computer system is a collection of .
a.hardware b.software
c.persons d.data
(2)An intruder may use to penetrate a computer system.
a.the most obvious means b.the less obvious means
c.any available means d.one fixed way
(3)A sophisticated perimeter physical security system .
a.can compensate for unguarded access by telephone line
b.can not compensate for unguarded access by telephone line
c.can compensate for unguarded access by a modem
d.can not compensate for unguarded access by a modem
(4)The weakest point is .
a.the easiest penetration b.the most serious vulnerability
c.expected by any intruder d.difficult to break
(5)The major assets of computing systems are .
a.hardware b.software
c.data d.all of them
(6)Interruption can cause asset of system .
a.useful b.unusable
c.unavailable d.lost
(7)Unauthorized party can be .
a.a computer system b.a person
c.legal user d.a program
(8)Examples of modification include .
a.modification of the values in a data base
b.altering a program
c.modifying data being transmitted
d.making the operating system unavailable
(9)Fabrication intrusion includes .
a.to add spurious transaction b.to interrupt a system
c.to fabricate objects d.to add records
(10)There are kinds of threats to the security of a computer system.
a.three b.four
c.five d.six
答案:
(1)a,b,c,d (2)b,c
(3)b,d (4)a,b,c
(5)a,b,c,d (6)b,c,d
(7)a,b,d (8)a,b,c
(9)a,c,d (10)b
翻译:
入侵计算机的特点和破坏安全的类型
1.入侵计算机的特点
对计算机犯罪的目标可以是计算机系统的任何部分。计算机系统是指硬件、软件、存储媒体、数据和部门中用计算机去完成计算任务的人的集合。银行抢劫的目标显然是现金,而储户姓名和地址清单对竞争的银行来说是很有价值的。这种清单可以是书面上的、记录在磁介质上的、存储在内存中的或通过像电话线那样的媒体以电子方式传送的。这么多的目标使得处理计算机安全问题很困难。
任何安全系统,最薄弱点是最致命的。一个强盗要偷你房间中的东西,如果破窗而入更容易,他绝不会穿过两英寸厚的铁门。很高级的全范围实物安全系统并不能防范通过电话线和调制解调器这种简单的无设防接入。最“薄弱点”法则可用下述原理描述。
最容易渗入原理。入侵者必定要使用一种可以渗入的方法,这种方法既不一定是最常用的,也不一定是针对已经采取了最可靠防范措施的。
这一原理说明计算机安全专家必须考虑所有可能的攻击方法。也许正是由于你加强了某一方面,入侵者可能会想出另外的对付方法。我们现在就说明这些渗入的方法是什么。
2.破坏安全的类型
在计算机系统中,暴露是一种使计算机系统安全丧失或受到伤害的一种形式;暴露的例子有非授权的数据泄露、数据修改或拒绝合法访问计算机。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。有人会利用脆弱性对系统进行罪恶的攻击。潜在的引起安全丧失或伤害的环境是对计算机系统的威胁;人类的攻击像自然灾害一样是一场灾难,人们非故意错误和硬件或软件缺陷一样是威胁的例子。最后,控制是一种保护性措施(控制可以是一种动作、一个设备、一个过程或一种技术),控制的目的是减少脆弱性。
计算机系统的主要资源是硬件、软件和数据。有4种对计算机安全的威胁:中断、截获、修改和伪造。这4种威胁都利用了计算机系统资源的脆弱性,如图18-1所示。
(1)在中断情况下,系统资源开始丢失,不可用或不能用。例如,恶意破坏硬件设备,抹除程序或数据文件或造成操作系统的文件管理程序失效,以致不能找到某一磁盘文件。
(2)截获是指某非授权用户掌握了资源访问权。外界用户可以是一个人、一个程序或一个计算机系统。这种威胁的例子如程序或数据文件的非法复制,或私自搭线入网去获取数据。数据丢失可能会很快被发现,但暗中的截获者很可能并不留下任何容易检测的痕迹。
(3)如果非授权用户不仅可以访问而且可以篡改资源,则失效就成为修改了。例如,某人可以修改数据库中的值,更改一个程序、以便完成另外的计算,或修改正在传送的数据、甚至还可能修改硬件。某些情况下可以用简单的测量手段检测出所做的修改,但某些微妙的修改是不可能检测出来的。
(4)最后,非授权用户可以伪造计算机系统的一些对象。入侵者企图向网络通信系统加入假的事务处理业务,或向现有的数据库加入记录。有时,这些添加的数据可以作为伪造品检测出来,但如果做得很巧妙,这些数据实际上无法与真正的数据分开。
这4种对计算机工作的干扰(中断、截获、修改或伪造)表明了可能出现的几种威胁类型,如图18-2展示了这几种干扰的实例。