CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)       9  5.7  Risk Identification

5.7.2  Risk Assessment 1 5.7.4  Vulnerabilities

A threat is a probability of causing harm. It is a combination of the capability to do harm, the opportunity to do harm, and intent.

As we’ve discussed throughout this book, threats to network security are almost endless. A very partial list of sources of threats could include:

• The random cracker looking for a server on which to host Warez or “to see if he can break in to a system”.
  
  
• The newbie system administrator who “thought he knew how to use that UNIX command”.
  
  
• The deliberate cyber-spy looking to accumulate competitive information on your company that he can use to improve his own company’s positioning.
  
  
• The ex-employee who desires revenge.
  
  
• The political activist who wishes to deface the web sites of companies whose policies he disagrees with.
  
  
• The random technical person who resorts to extortion (“give me $20,000 or I’ll release the credit card number list I got off your web site”) to finance their new BMW.
  
  
• The employee who doesn’t know that email attachments ending in “.exe” should not be opened without the system administrator’s permission.

Areas of special attention when looking for activities indicating the presence of new threats include:

• New user accounts or accounts with unusual activity IE. logins at O’Dark:30 when the account is a daytime user.
  
  
• Changes in file lengths or dates.
  
  
• Shrinking log files.
  
  
• New files especially ones that have strange file names or extensions.
  
  
• System crashes.
  
  
• Unusual activity that just doesn’t “feel right”.

5.7.2  Risk Assessment 1 5.7.4  Vulnerabilities