|
The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg
|
bet | 5/15 | Sana | 30.03.2021 | Hajmi | 58,92 Kb. | | #13786 |
What products are susceptible? All kinds of software products are susceptible to data tampering threats and therefore should address them.
Repudiability
What's the threat? An untrusted user performing an illegal operation without the ability to be traced. Repudiability threats are associated with users (malicious or otherwise) who can deny a wrongdoing without any way to prove otherwise.
What do these threats have in common?
Way to avoid logging of important security event.
Spoofing can be used to conceal the identity of the agent performing an action.
Tampering with security log can result in repudiability.
Examples
Undetected attempts to break into a user account by the attacker. Lack of failed logon audits is the vulnerability.
Deletion of sensitive files inadvertently or maliciously by a user. Lack of successful auditing of object access is the vulnerability.
Ability of a malicious user to deny sending a message. Lack of message signatures and signature verification before accepting the message is the vulnerability.
|
| |