Information security. Types of Threats

Started by merlinraj, Jul 29, 2022, 02:51 AM

Previous topic - Next topic

merlinrajTopic starter


The security of a virtual server can only be considered straight as "information security". Many have heard this phrase, but not everybody understands what it is?

"Information security" is the process of ensuring the availability, integrity and confidentiality of details.

By "accessibility" is meant, respectively, the provision of access to knowledge. "Integrity" is about ensuring the accuracy and completeness of details. "Confidentiality" means ensuring that only authorized users have access to information.



Based on your goals and tasks performed on the virtual server, multiple measures and degrees of protection applicable for each of these three points will be necessary.

For example, if you use a virtual server only as a means to surf the Internet, then from the necessary means to ensure security, first of all, there will be the use of anti-virus protection, as well as the observance of elementary security rules when working on the Web.

In another case, if you have a selling site or a game server hosted on the server, then the necessary protection measures will be completely disparate.

Knowledge of possible threats, as well as security vulnerabilities that these threats usually exploit, is necessary in order to choose the most complete security tools, for this we will consider the main points.

"Threat" means the potential opportunity to violate information security in one way or another. An attempt to implement a threat is called an "attack", and the one who implements this attempt is called an "intruder". Most often, the threat is a consequence of the presence of vulnerabilities in the protection of information systems.

Consider the most common threats to which modern information systems are exposed.


Information security threats that cause the most damage

Consider below the classification of types of threats according to various criteria:

    Threat straight to information security:
        Availability
        Integrity
        Confidentiality
    Components that threats target:

        Data
        Programs
        Equipment
        Supporting infrastructure
    By way of implementation:

        accidental or intentional
        natural or man-made
    According to the location of the source of the threat are:

        Internal
        External


As mentioned at the beginning, the concept of "threat" in disparate situations is often interpreted differently. And the necessary security measures will be disparate . For example, for a markedly open organization, privacy threats may simply not exist - all knowledge is considered public, but in most cases illegal access is a serious danger.

Applied to virtual servers, the threats that you, as a server administrator, need to take into account are the threat to data availability, confidentiality, and data integrity. For the possibility of carrying out threats aimed at the confidentiality and integrity of data that are not related to the hardware or infrastructure component, you are directly and solely responsible. Including the application of the necessary protective measures, this is your immediate task.

Threats aimed at the vulnerabilities of the programs you use, often you, as a user, will not be able to influence, except not to use these programs. It is allowed to use these programs only if the implementation of threats using the vulnerabilities of these programs is either not advisable from the point of view of an attacker, or does not have significant losses for you as a user.

Providing the necessary security measures against threats aimed at equipment, infrastructure or threats of a man-made and natural nature is straight handled by the hosting company that you have chosen and from which you rent your servers. In this case, it is necessary to approach the choice most carefully, the right hosting company at the proper level will provide you with the reliability of the hardware and infrastructure components.

You, as a virtual server administrator, should take these types of threats into account only in cases where even a short-term loss of access or a partial or complete stop in the server's performance due to the fault of the hosting company can lead to disproportionate problems or losses. This happens quite rarely, but for objective reasons, no hosting company can provide 100% Uptime.


Threats directly to information security

The main threats to accessibility include

    Internal failure of the information system;
    Failure of supporting infrastructure.


The main sources of internal failures are:

    Violation (accidental or intentional) of the established rules of operation
    Exit of the system from normal operation due to accidental or deliberate actions of users (exceeding the estimated number of requests, excessive amount of processed details, etc.)
    Errors when (re)configuring the system
    Malicious software
    Software and hardware failures
    Data destruction
    Destruction or damage to equipment


In relation to the supporting infrastructure, it is recommended to consider the following threats:

    Violation of the operation (accidental or intentional) of communication systems, power supply, water and / or heat supply, air conditioning;
    Destruction or damage to premises;
    The inability or unwillingness of service personnel and / or users to perform their duties (civil unrest, traffic accidents, terrorist act or its threat, strike, etc.).


Major Integrity Threats

Can be divided into static integrity threats and dynamic integrity threats.

It is also worth dividing into threats to the integrity of service knowledge and meaningful data. Service information refers to access passwords, data transfer routes in the local network, and similar details. Most often and in almost all cases, the attacker, consciously or not, turns out to be an employee of the organization who is familiar with the mode of operation and protection measures.

In order to violate static integrity, an attacker can:

    Enter incorrect data
    To change the data


Threats to dynamic integrity are reordering, theft, duplication of data, or the introduction of additional messages.

Top privacy threats

Confidential details can be divided into subject and service. Service information (for example, user passwords) does not belong to a specific subject area, it plays a technical role in the information system, but its disclosure is especially dangerous, since it is fraught with obtaining unauthorized access to all details, including subject knowledge.

Even if information is stored on a computer or intended for computer use, threats to its privacy may be non-computer and generally non-technical.

Abuse of power is one of the most nasty threats that are difficult to defend against. On many types of systems, a privileged user (such as a system administrator) is able to read any (unencrypted) file, access any user's mail, and so on. Another example is service damage. Typically, the service engineer has unrestricted access to the equipment and is able to bypass software protection mechanisms.


To apply the most optimal protection measures, it is necessary to assess not only the threats to information security, but also the possible damage, for this, the acceptability characteristic is used, thus, the possible damage is determined as acceptable or unacceptable. To do this, it is useful to approve your own criteria for the admissibility of damage in monetary or other form.

Everyone who starts organizing information security must answer three basic questions:

    What to protect?
    From whom to protect, what types of threats are prevailing: external or internal?
    How to protect, by what methods and means?


Taking all of the above into account, you can most fully assess the relevance, possibility and criticality of threats. After evaluating all the necessary knowledge and weighing all the pros and cons. You will be able to select the most effective and complete methods and means of protection.

  •  
    The following users thanked this post: maxikk

maxikk

In my opinion (this opinion is most likely laid down by university teachers), information security is still a state, not a process.
The processes are information protection and information security, through which this state is achieved. You can beat me with sticks, but the expression "information security  is a process .." hurts the eye a little.
  •  

arthyk

All threats in the article are classified quite meticulously, and it seems to me that they can be attributed not only to the virtual servers that are mentioned at the beginning. I think this is a universal list of network security threats.
The advice not to use programs through which an attacker can harm is certainly good, but ... it is often difficult for the user to determine which program has vulnerabilities. You probably need to contact "expensive" specialists to check all the software used.
  •  

cambridgesf

Threats to information (computer) security are various actions that can lead to violations of the state of information protection. In other words, these are potentially possible events, processes or actions that can damage information and computer systems.
IS threats can be divided into two types: natural and artificial. Natural phenomena include natural phenomena that do not depend on humans, such as hurricanes, floods, fires, etc. Artificial threats depend directly on the person and can be intentional and unintentional.

Unintentional threats arise due to carelessness, inattention and ignorance. An example of such threats may be the installation of programs that are not among the necessary ones for operation and further disrupt the operation of the system, which leads to the loss of information.
Deliberate threats, unlike the previous ones, are created on purpose. These include attacks by intruders both from outside and from inside the company. The result of the implementation of this type of threat is the loss of funds and intellectual property of the organization.
  •