Planning Distributed Security
Planning Distributed Security |
|
Before this chapter examines the security features of Windows 2000, it is a good idea to review the types of network security problems that an IT manager faces. Table 11.2 describes several types of security risks and provides a common basis for the subsequent discussion of security features, strategies, and technologies. Creating a list similar to this in your security plan demonstrates the complexity of security problems you face and will help you establish a set of standard labels for each category of risk.
Table 11.2 Types of Security Risks in an Organization
| Security Risk | Description |
|---|---|
| Identity interception | The intruder discovers the user name and password of a valid user. This can occur by a variety of methods, both social and technical. |
| Masquerade | An unauthorized user pretends to be a valid user. For example, a user assumes the IP address of a trusted system and uses it to gain the access rights that are granted to the impersonated device or system. |
| Replay attack | The intruder records a network exchange between a user and a server and plays it back at a later time to impersonate the user. |
| Data interception | If data is moved across the network as plaintext, unauthorized persons can monitor and capture the data. |
| Manipulation | The intruder causes network data to be modified or corrupted. Unencrypted network financial transactions are vulnerable to manipulation. Viruses can corrupt network data. |
| Repudiation | Network-based business and financial transactions are compromised if the recipient of the transaction cannot be certain who sent the message. |
| Macro viruses | Application-specific viruses could exploit the macro language of sophisticated documents and spreadsheets. |
| Denial of service | The intruder floods a server with requests that consume system resources and either crash the server or prevent useful work from being done. Crashing the server sometimes provides opportunities to penetrate the system. |
| Malicious mobile code | This term refers to malicious code running as an auto-executed ActiveX® control or Java Applet uploaded from the Internet on a Web server. |
| Misuse of privileges | An administrator of a computing system knowingly or mistakenly uses full privileges over the operating system to obtain private data. |
| Trojan horse | This is a general term for a malicious program that masquerades as a desirable and harmless utility. |
| Social engineering attack | Sometimes breaking into a network is as simple as calling new employees, telling them you are from the IT department, and asking them to verify their password for your records. |