• What do these threats have in common
    		•

    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg




    Download 58.92 Kb.
    bet5/15
    Sana30.03.2021
    Hajmi58.92 Kb.
    #13786
    1   2   3   4   5   6   7   8   9   ...   15
    What products are susceptible?  All kinds of software products are susceptible to data tampering threats and therefore should address them.

    Repudiability



    What's the threat?  An untrusted user performing an illegal operation without the ability to be traced. Repudiability threats are associated with users (malicious or otherwise) who can deny a wrongdoing without any way to prove otherwise.

    What do these threats have in common?

    • Way to avoid logging of important security event.

    • Spoofing can be used to conceal the identity of the agent performing an action.

    • Tampering with security log can result in repudiability.

    Examples

    • Undetected attempts to break into a user account by the attacker. Lack of failed logon audits is the vulnerability.

    • Deletion of sensitive files inadvertently or maliciously by a user. Lack of successful auditing of object access is the vulnerability.

    • Ability of a malicious user to deny sending a message. Lack of message signatures and signature verification before accepting the message is the vulnerability.



    Download 58.92 Kb.
    1   2   3   4   5   6   7   8   9   ...   15




    Download 58.92 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg

    Download 58.92 Kb.