Planning Distributed Security

Previous Topic Next Topic

Security Risks

Before this chapter examines the security features of Windows 2000, it is a good idea to review the types of network security problems that an IT manager faces. Table 11.2 describes several types of security risks and provides a common basis for the subsequent discussion of security features, strategies, and technologies. Creating a list similar to this in your security plan demonstrates the complexity of security problems you face and will help you establish a set of standard labels for each category of risk.

Table 11.2 Types of Security Risks in an Organization

Security Risk Description
Identity interception The intruder discovers the user name and password of a valid user. This can occur by a variety of methods, both social and technical.
Masquerade An unauthorized user pretends to be a valid user. For example, a user assumes the IP address of a trusted system and uses it to gain the access rights that are granted to the impersonated device or system.
Replay attack The intruder records a network exchange between a user and a server and plays it back at a later time to impersonate the user.
Data interception If data is moved across the network as plaintext, unauthorized persons can monitor and capture the data.
Manipulation The intruder causes network data to be modified or corrupted. Unencrypted network financial transactions are vulnerable to manipulation. Viruses can corrupt network data.
Repudiation Network-based business and financial transactions are compromised if the recipient of the transaction cannot be certain who sent the message.
Macro viruses Application-specific viruses could exploit the macro language of sophisticated documents and spreadsheets.
Denial of service The intruder floods a server with requests that consume system resources and either crash the server or prevent useful work from being done. Crashing the server sometimes provides opportunities to penetrate the system.
Malicious mobile code This term refers to malicious code running as an auto-executed ActiveX® control or Java Applet uploaded from the Internet on a Web server.
Misuse of privileges An administrator of a computing system knowingly or mistakenly uses full privileges over the operating system to obtain private data.
Trojan horse This is a general term for a malicious program that masquerades as a desirable and harmless utility.
Social engineering attack Sometimes breaking into a network is as simple as calling new employees, telling them you are from the IT department, and asking them to verify their password for your records.

© 1985-2000 Microsoft Corporation. All rights reserved.