29-11-2012, 01:17 PM
Network Vulnerabilities
network valunverity.doc (Size: 275 KB / Downloads: 25)
Vulnerabilities are weakness in the security system, for example, in procedures, design, or implementation that might be exploited to cause loss or harm. This category includes only general explanation of vulnerabilities. System/Application specific information is available in Attacks category.
Below are some common vulnerabilites:
Hardware Vulnerabilities definition
Generally caused by the exploitation of features having been put into the hardware to differentiate it from the competition or to aid in the support and maintenance of the hardware. Some exploitable features include terminals with memory that can be reread by the computer and downloadable configuration and password protection for all types of peripheral devices, including printers. It is the crackers creative misuse of these features that can turn a feature into a vulnerability.Because we can see what devices are hooked to the system, it is rather simple to attack by adding devices, changing them, removing them, intercepting the traffic to them, or flooding them with traffic until they can no longer function.
"Involuntary machine slaughter": accidental acts not intended to do serious damage to the hardware involved.
"Voluntary machine slaughter" or "machinicide," usually involves someone who actually wishes to harm the computer hardware or software.
Software Vulnerabilities
Deletion. Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called configuration management so that software is not deleted, destroyed, or replaced accidentally.
Modification.
Logic bomb - changes made so that a program fails when certain conditions are met or when a certain date or time is reached.
Trojan horse - a program that overtly does one thing while doing another
Virus - a specific type of Trojan horse that can be used to spread its "infection" from one computer to another
Trapdoor - a program that has a secret entry point
Information leaks - code that makes information accessible to unauthorized people or programs
Theft - unauthorized copying of software.