1.3. Classification of threats to information systems

By threat we mean potential impacts on the system, which directly or indirectly can cause damage to the user. The immediate realization of the threat is called an attack .

Knowledge of the possible threats, as well as the vulnerabilities of protection that these threats usually exploit, is necessary in order to choose the most economical means of ensuring security.

It makes sense to distinguish between unintentional and intentional threats.

Intentional threats are related to:

• hardware or software errors: processor failures, power failures, unreadable floppy disks, communication errors, program errors;
• human errors: incorrect input, incorrect mounting of disks, launching of incorrect programs, loss of disks, sending data to the wrong address;
• force majeure.

Deliberate threats, as opposed to random ones, are aimed at harming users of information systems and, in turn, are divided into active and passive . Passive threat - unauthorized access to information without changing the state of the system, active - is associated with attempts to intercept and change information.

There is no generally accepted classification of security threats. One of the classification options can be performed according to the following criteria:

• by purpose of implementation;

• on the principle of impact on the system;

• by the nature of the impact on the system;

• due to the occurrence of a used security error;

• according to the way the attack impacts the object;

• on the object of attack;

• by means of attack used;

• as an object of attack.

The most common security threats include:

Unauthorized access (NSD) - the most common type of computer violations. It consists in the user obtaining access to a resource for which he does not have permission in accordance with the organization’s security policy.

Denial of service. It is a deliberate blocking of legal access to information and other resources;

Illegal use of privileges . Attackers using this method of attack usually use staffing software that operates in an emergency mode. Illegal seizure of privileges is possible either in the presence of errors in the system itself, or in the case of negligence in managing the system. Strict adherence to the rules of the management of the protection system, adherence to the principle of minimum privileges allows to avoid such violations.

  "Hidden Channels". They represent the transmission of information between system processes that violate the system security policy. In an environment with shared access to information, the user may not receive permission to process the data of interest to him, but may come up with workarounds for this. “Hidden channels” can be implemented in various ways, in particular using program bookmarks (“Trojan horses”).

"Masquerade". Under the "masquerade" refers to the performance of any action by one user on behalf of another user. Such actions to another user may be allowed. The violation is the assignment of rights and privileges.

"Garbage Collection." After the end of the work, the processed information is not always completely removed from the PC memory. Data is stored on the media until overwritten or destroyed; when performing these actions on the vacated disk space are their remnants. If the header of the file is distorted, it is difficult to read them, but it is still possible with the help of special programs and equipment. Such a process is called "garbage collection." It can lead to leakage of important information.

"Hatches". Represent   hidden, undocumented entry point to a software module. “Hatches” refer to the category of threats arising due to errors in the implementation of a project (the system as a whole, the complex of programs, etc.). Therefore, in most cases, the detection of "hatches" - the result of a random search.

Malicious programs. Recently, cases of exposure to a computing system with specially created programs have become frequent. To refer to all programs of this kind, the term “malware” has been proposed. These programs directly or indirectly disorganize the process of information processing or contribute to the leakage or distortion of information. The most common types of such programs include:

• "Virus" is a program that is able to infect other programs by modifying them so that they include a copy of the virus.

• “Trojan Horse” - a program that contains hidden or explicit program code, the execution of which disrupts the functioning of the security system. Trojan Horses can open, modify, or destroy data or files. They are embedded in public programs, for example, in network service programs, e-mail.

• “Worm” - a program distributed in systems and networks via communication lines. Such programs are similar to viruses: they infect other programs, and differ from viruses in that they are not capable of self-replication.

• A “greedy” program is a program that captures (monopolizes) individual resources of a computer system, preventing other programs from using them.

• “Bacteria” - a program that makes copies of itself and becomes a parasite, overloading the memory of the PC and the processor.

• “Logic Bomb” is a program that causes damage to files or computers (from data corruption to complete destruction of data). "Logical bomb" is inserted, as a rule, during the development of the program, and it works when a certain condition is fulfilled (time, date, input of a code word).

• "Loopholes" - the entry point into the program, through which access to some system functions. Detected by analyzing the operation of the program.

Also, the class of malicious programs includes sniffers (programs that intercept network packets), password recovery programs, buffer overflow attacks, and in some applications, disassemblers and debuggers.

The listed attacks are often used together to implement complex attacks. For example, a Trojan program can be used to collect information about users on a remote computer and send it to an attacker, after which the latter can carry out a masquerade attack.