Page Navigation:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
Printable Version: RFC1244.PDF
RFC 1244 Site Security Handbook July 1991
2.2.3 Identifying the Threats
Once the assets requiring protection are identified, it is
necessary to identify threats to those assests. The threats can
then be examined to determine what potential for loss exists. It
helps to consider from what threats you are trying to protect your
assets.
The following sections describe a few of the possible threats.
2.2.3.1 Unauthorized Access
A common threat that concerns many sites is unauthorized access
to computing facilities. Unauthorized access takes many forms.
One means of unauthorized access is the use of another user's
account to gain access to a system. The use of any computer
resource without prior permission may be considered
unauthorized access to computing facilities.
The seriousness of an unauthorized access will vary from site
to site. For some sites, the mere act of granting access to an
unauthorized user may cause irreparable harm by negative media
coverage. For other sites, an unauthorized access opens the
door to other security threats. In addition, some sites may be
more frequent targets than others; hence the risk from
unauthorized access will vary from site to site. The Computer
Emergency Response Team (CERT - see section 3.9.7.3.1) has
observed that well-known universities, government sites, and
military sites seem to attract more intruders.
2.2.3.2 Disclosure of Information
Another common threat is disclosure of information. Determine
the value or sensitivity of the information stored on your
computers. Disclosure of a password file might allow for
future unauthorized accesses. A glimpse of a proposal may give
a competitor an unfair advantage. A technical paper may
contain years of valuable research.
2.2.3.3 Denial of Service
Computers and networks provide valuable services to their
users. Many people rely on these services in order to perform
their jobs efficiently. When these services are not available
when called upon, a loss in productivity results.
Denial of service comes in many forms and might affect users in
a number of ways. A network may be rendered unusable by a
Site Security Policy Handbook Working Group [Page 12]