GUIA GENERAL PARA PRESENTAR PROYECTOS DE INFRAESTRUCTURA CULTURAL PROGRAMA DE APOYO A LA INFRAESTRUCTURA CULTURAL EN LAS ENTIDADES

Information systems threats will be discussed in this topic, such threats are Transmission threats, Malicious code threats, and Password threats.

“A threat is simply any event that, if realized, can cause damage to a system, and create a loss of confidentiality, availability, or integrity. Threats can be malicious — such as the intentional modification of sensitive information — or they can be accidental — such as an error in a transaction calculation or the accidental deletion of a file.” (Krutz and Vines, 2001, P: 223).

As shown in Figure (2.6) which is based on (2007 CCSS); 64% of respondents said that they experience a security incident in the pas 12 months.

Figure (2. 6): Organizations Experiencing Security Incidents

Source: (2007 CCSS) http://www.gocsi.com, (Jan 2008)

Figure (2.7) shows the number of incidents that the respondents experienced in the past 12 months of the survey conduction.

Figure (2. 7): Number of Security Incidents

The threats that could affect the information security are increasing in a daily basis because of the increasing and extension of the businesses that depend on the information systems and computer networks. So it is not easy to count all the threats of information systems, and here are some types of information systems threats.

2.4.2.1 Transmission Threats

-Denial-of-Service (DOS): They are attacks which prevent the system from processing or

responding to legal requests for resources and objects. The most common form of denial of service attacks is transmitting so many data packets to a server which make it very busy and cannot process them all (Tittel and others, 2003).

Denial of Service is the common name of the attacks on resource availability. It occurs when invalid data is sent in such a way that confuses the server software and causes it to crash.

The denial of service threat not intending to stealth or damage information, its objective is to make that resource to stop functioning and make it not accessible by the authorized users. One example of such threat is to flood a mailbox with a unwanted email messages to make that email box full, which means he/she cannot receive the normal business messages (Hansche and others, 2004).

Distributed Denial-of-Service (DDoS): it occurs when the attacker compromises several

systems and uses them as launching platforms against one or more victims. The compromised systems used in the attack are often called slaves or zombies..

The compromised systems (called zombies) could be in hundreds or thousands, which means an army of computers or systems attacking the victim by sending it a lot of data packets, the victim computer in this case cannot process or handle that value of data, then it will not be able to serve the authorized users (Tittel and others, 2003).

Ping of Death: The ping program is used in the normal situation to check if a remote host

host and waiting that host to reply; if the remote host sending a reply packet that means it is operating and there is a connection between the sender and the receiver machines.

The ping of death attack is initiated by sending a 65,535 bytes long packet which is not valid, but this would be possible because packets are broken into fragments for transmission, in this case, the receiver system will not process a packet until all packets received and reassembled into one packet. The long packet will cause an overflow in the system’s internal buffers which make the system to crash (Hansche and others, 2004). The ping of death attack is a type of attack on a computer that involves sending a malformed or malicious ping to a computer. A ping is normally 64 bytes in size (or 84 bytes when IP header is considered); many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes.1

2.4.2.2 Malicious Code Threats

It is a code that can get access to a system and violates security policy. It includes various types of rogue code, such as viruses, worms, Trojan horses, and logic or time bombs” (Hansche and others, 2004, P: 161).

Viruses: “A computer virus is a malicious program designed to damage network

equipment, including stand-alone computers. A virus has two parts: the application that activates and spreads the virus, and the “payload,” which is what the virus does to the operating system or file.” (Stanger and others, 2002, P: 139).

A virus may also damage your data files, operating systems, and spreads to the computers on the network. It can infect your computer through the CD-ROM, Floppy disk or email (Pastor and Dulaney, 2004).

Worms: “Worms are programs that reproduce by copying themselves through computers

on networks” (Hansche and others, 2004, P: 162).

Trojan horse: “A Trojan horse is a code fragment that hides inside a program and

performs a disguised function” (Hansche and others, 2004, P: 162).

2.4.2.3 Password Threats

Passwords can be attacked when: The user creates a weak password. Sniffers can stealth the password while it’s transmission through the network. Recoding the keyboard clicks. By installing a Trojan horse in the victim’s computer (Hansche and others, 2004).

Appendix (3) shows the types of attacks and misuses that detected in the year of 2007, the information is extracted from (2007 CCSS).

Appendix (4) also shows the dollar amount losses by type of attack.