Computer

Security Threats
By Michael Ramos
Introduction
 What are Computer security threats?
 Various types of threats
 Conclusion
What is a Computer Security
Threat
 In Computer Security a threat is a possible
danger that might exploit a vulnerability to
breach security and thus cause possible
harm.
 A threat can be either
 Intentional (an individual cracker or a criminal
organization)
 Accidental (the possibility of a computer
malfunctioning, or the possibility of a natural
disaster such as an earthquake, a fire, or
a tornado) or otherwise a circumstance,
capability, action, or event
Errors and Omissions
 Errors are caused not only by data entry clerks
processing hundreds of transactions per day, but also
by all types of users who create and edit data.
 Many programs, especially those designed by users
for personal computers, lack quality control
measures.
 Users, data entry clerks, system operators, and
programmers frequently make errors that contribute
directly or indirectly to security problems. In some
cases, the error is the threat, such as a data entry
error or a programming error that crashes a system.
In other cases, the errors create vulnerabilities. Errors
can occur during all phases of the systems life cycle.
Fraud and Theft
 Computer systems can be exploited for both
fraud and theft both by automating
traditional methods of fraud and by using
new methods.
 For example, individuals may use a computer to
skim small amounts of money from a large
number of financial accounts, assuming that
small discrepancies may not be investigated.
 Computer fraud and theft can be committed
by insiders or outsiders. Insiders are responsible
for the majority of fraud.
Employee Sabotage
 Common examples of computer-related
employee sabotage include:
 destroying hardware or facilities,
 planting logic bombs that destroy
 programs or data
 entering data incorrectly,
 "crashing" systems
 deleting data,
 holding data hostage and changing data
Malicious Hackers
 Malicious hackers, sometimes called crackers,
refers to those who break into computers
without authorization. They can include both
outsiders and insiders.
 The hacker threat should be considered in
terms of past and potential future damage.
Although current losses due to hacker attacks
are significantly smaller than losses due to
insider theft and sabotage, the hacker
problem is widespread and serious.
Loss of Physical and
Infrastructure Support
 The loss of supporting infrastructure
includes power failures (outages, spikes,
and brownouts), loss of communications,
water outages and leaks, sewer problems,
lack of transportation services, fire, flood,
civil unrest, and strikes.
Industrial Espionage
 Industrial espionage is the act of gathering
proprietary data from private companies or the
government for the purpose of aiding another
companies.
 Industrial espionage can be perpetrated either by
companies seeking to improve their competitive
advantage or by governments seeking to aid their
domestic industries.
 Since information is processed and stored on
computer systems, computer security can help
protect against such threats; it can do little,
however, to reduce the threat of authorized
employees selling that information.
Malicious Code
 Malicious code refers to viruses, worms,
Trojan horses, logic bombs, and other
"uninvited" software.
 Actual costs attributed to the presence of
malicious code have resulted primarily
from system outages and staff time
involved in repairing the systems.
Nonetheless, these costs can be
significant.
Virus
 A code segment that replicates by attaching
copies of itself to existing executables. The
new copy of the virus is executed when a user
executes the new host program.
 The virus may include an additional "payload"
that triggers when specific conditions are
met.
 For example, some viruses display a text string
on a particular date. There are many types of
viruses, including variants, overwriting, resident,
stealth, and polymorphic.
Trojan Horse
A program that performs a desired task,
but that also includes unexpected and
undesirable function.
 Example an editing program for a multiuser
system. This program could be modified to
randomly delete one of the users' files each
time they perform a useful function such as
editing, but the deletions are unexpected
and definitely undesired!
Worm
A self-replicating program that is self-
contained and does not require a host
program.
 The program creates a copy of itself and
causes it to execute; no user intervention
is required. Worms commonly use network
services to propagate to other host
systems.
Threats to Personal Privacy
 The accumulation of vast amounts of
electronic information about individuals
by governments, credit bureaus, and
private companies, combined with the
ability of computers to monitor, process,
and aggregate large amounts of
information about individuals have
created a threat to individual privacy.
Conclusion
 What are Computer security threats?
 Various types of threats
References
 Guttman, Barbara, and Edward Roback. An
Introduction to Computer Security the NIST
Handbook. Gaithersburg, MD: U.S. Dept. of
Commerce, Technology Administration,
National Institute of Standards and
Technology, 1995. Print.
 Wikipedia. Wikimedia Foundation, 17 Nov.
2013. Web. 03 Dec. 2013.
 Panko, R. R. Corporate Computer and
Network Security. Upper Saddle River, NJ:
Pearson Prentice Hall, C2004., n.d. Print.