image Computer Vulnerabilities

Computer
Vulnerabilities

bar

Overview

Computers concentrate tremendous amounts of data in one location where it is vulnerable to unauthorized disclosure, modification, or destruction. The greater the concentration, the greater the consequences of any security breach.

The dramatic increase in interconnections between computer networks, and the popularity of the Internet, have made it easier for countries, groups, or individuals with malicious intentions to intrude into inadequately protected systems. They can use that access to steal or make unauthorized changes in sensitive information, commit fraud, or disrupt operations.

At least seven foreign countries are training their intelligence officers how to hack into U.S. computers.1  Threats to Computer Systems describes the changing face of computer crime. The ego-oriented and attention-seeking adolescents who steal information as trophies to demonstrate their prowess are still common. However, the field is becoming dominated by professionals who steal information for sale and disgruntled employees who damage systems or steal information for revenge or profit.

The common saying that "security is everyone's responsibility" is especially true with computer security. It is essential that you understand the vulnerabilities of this new medium that is changing the world because YOU -- unknowingly -- can endanger your entire computer network. Your network is only as secure as its weakest link.

Routine security procedures are discussed in Appropriate Use of Computer Systems in the Protecting Classified Information module. A slightly different version of Appropriate Use of Computer Systems is found in the Protecting Sensitive Unclassified Information module. This module on technical vulnerabilities provides a deeper and broader understanding of computer security issues and why some of those routine security requirements are necessary.

How Hackers Work is a simple introduction to a complex topic. It is written for the employee who knows how to use a computer but doesn't know or care about the technical details of how the computer works. How We Unknowingly Make It Easy for the Hackers is what everyone who uses a computer really needs to understand. It's main point is that weaknesses in the "peopleware" -- the people who use the computers -- can be just as damaging as weaknesses in the software or hardware.

You unknowingly help the computer criminals when you use a Weak Password, use an unauthorized or otherwise Insecure Modem, or fall prey to what the hackers call "Social Engineering" (conning well-intentioned computer users into providing information that helps the hacker gain unauthorized access to their computer system).

Exploitation of these weaknesses is described in detail in Case 1 and Case 2.  These two accounts describe "penetration tests" -- the work of an outside computer security specialist hired by several corporations to test their computer security. They reveal what an expert hacker was able to accomplish and how he did it with just a couple days work. These cases were selected from among many others because they focus on how hackers exploit common human weaknesses, not just esoteric software or hardware weaknesses that only computer experts can understand. Due to the length of these case studies, it is easier to print them and read them in hard copy then to read them online.

Using the Internet Securely points out, among other things, how participation in computer chat rooms or news groups could cause you to become a target for intelligence collection. Other topics cover the security issues relating to E-Mail, the high risk of Theft of Laptop Computers, and why information is still recoverable on your Hard Drive even after you "delete" it.

Related Topics: Appropriate Use of Computer Systems in the Protecting Classified Information module, The Insider Threat to Information Systems in the Treason 101 module. Hacking U.S. Government Computers from Overseas in the Spy Stories module.

References
1. Fortune, February 3, 1997, quoting presentation to computer security conference by FBI official Dennis Hughes.

 

Next -->
SECURITY BRIEFING TABLE OF CONTENTS