II. THREATS
A variety of threats or failures that threaten communications and network security, can be grouped into three major categories:
- Passive intrusion
- Active intrusion
- Natural/Sabotage
In passive intrusion, messages and message traffic over the network are observed but not modified or disrupted. Passive intrusion focuses on the interception and reading of communications messages being transmitted between elements of the system, on the analysis of message lengths and traffic flow and traffic patterns in the network, and on the identification of network users. Passive intrusion can be accomplished in many ways, for example: wiretapping, emissions monitoring, and interception, or by posing as a legitimate user. The users and operators of the system are quite often unaware that passive intrusion has happened.
Active intrusion is done with the specific intent of adversely affecting system operation. It includes actions such as erasing or altering messages, reordering messages, generating bogus messages, or disrupting service by overloading the network.
Computer viruses are a particularly new and dangerous form of active intrusion. These computer programs infiltrate a computer system and attack the operating system, application programs, and data in the same way a cancer virus or retroviruses attack the human system. They can lie dormant for a time, hidden from the user or operator of the system, before they become active. By the time they are discovered, a great deal of damage may have occurred and much data may have been destroyed and lost. Viruses are composed of three parts:
- A mission component (such as to delete files, send data to a certain user, etc.);
- A trigger mechanism (which activates at a specific time or with the occurrence specific event, e.g., the person’s name not being on the payroll list); and
- A self-propagating component (whereby it attaches itself to files, programs, or whatever the creator of the virus is in search of).
The threat from viruses increases when interconnected systems are involved because the virus can be injected into one element and quickly spread to other interconnected elements or have access to the infected element.
The third category of threats or failures is one composed of natural disasters, catastrophes, and sabotage. The most significant threat to systems comes from mistakes, both errors and omissions, on the part of users or operators of systems.
Networks and communications systems must support a high degree of interconnectivity as well as a large diversity of elements. They provide a number of locus points vulnerable to attack by an intruder. If the network is not designed properly, failure of some of these points can also jeopardize the operation of the network and result in the loss of service. PC’s and workstations provide particularly good targets.