Security
Before examining Windows 2000 security features, it is good to understand what threats security technologies address. Table 13.3 describes several types of attacks. Different attacks pose different dangers, including the loss of data confidentiality, integrity, and availability.
Creating a list similar to this in your security plan demonstrates the complexity of security problems you face and will help you establish a set of standard labels for each category of risk.
Table 13.3 Types of Attacks That Pose Security Risks in an Organization
Security Attack |
Description |
|---|---|
Identity interception |
The intruder discovers the user name and password of a valid user. This can occur by a variety of methods, both social and technical. |
Masquerade |
An unauthorized user pretends to be a valid user. For example, a user assumes the IP address of a trusted system and uses it to gain the access rights that are granted to the impersonated device or system. |
Replay attack |
The intruder records a network exchange between a user and a server and plays it back at a later time to impersonate the user. |
Data interception |
If data is moved across the network as plaintext, unauthorized persons can monitor and capture the data. |
Manipulation |
The intruder causes network data to be modified or corrupted. Unencrypted network financial transactions are vulnerable to manipulation. Viruses can corrupt network data. |
Repudiation |
Network-based business and financial transactions are compromised if the recipient of the transaction cannot be certain who sent the message. |
Macro viruses |
Application-specific viruses exploit the macro language of sophisticated documents and spreadsheets. |
Denial of service |
The intruder floods a server with requests that consume system resources and either crash the server or prevent useful work from being done. Crashing the server sometimes provides opportunities to penetrate the system. |
Malicious mobile code |
This term refers to malicious code running as an auto-executed ActiveX control or Java applet downloaded from the Internet. |
Misuse of privileges |
An administrator of a computing system uses full privileges over the operating system to obtain private data. |
Trojan horse |
This is a general term for a malicious program that masquerades as a desirable and harmless tool. For example, a screen saver that mimics a logon dialog box in order to acquire a users name and password and then secretly sends that password to an attacker. |
Social engineering attack |
Sometimes breaking into a network is as simple as calling new employees, telling them you are from the IT department, and asking them to verify their password for your records. |