لطفا منتظر باشید ...
Weaknesses and Vulnerabilities
External and internal weaknesses and vulnerabilities must be considered. External weaknesses include malware, spyware, hackers, crackers, and script kiddies.Malware is a group of destructive programs such as viruses or worms. The following list defines some types of malware:
- Virus
A virus is a piece of code that is capable of attaching to programs, disks, or computer memory to propagate itself. Viruses also carry a payload with an action they must carry out. The action can be anything from displaying a message to erasing a computer hard disk. - Worm
Like viruses, worms replicate. They are capable of making copies of themselves, and they use e-mail and network facilities to spread to other resources. - Trojan horse
Trojan horses do not have the capability to replicate. By pretending to be a useful utility or a clever game, Trojan horses convince the user that they should be installed on a PC or on a server. - Spyware
This is software that gathers user information and sends it to a central site. The popular music-sharing program Kazaa came with spyware attached to the original program. It is even mentioned in the user license agreement, so that when users accept the agreement, they are giving permission to install the spyware and send personal user information to a central site. - Hoax
This is a special kind of malware. Hoaxes do not contain any code, instead relying on the gullibility of the users to spread. They often use emotional subjects such as a child's last wish. Any e-mail message that asks you to forward copies to everyone you know is almost certainly a hoax.
Often driven by a passion for computing, a hacker is a person who is proficient in using and creating computer software to gain illegal access to information. Hackers do no malicious damage whatsoever.NOTEMany people confuse hackers and crackers. In popular terminology, the term hacker is used to describe an individual who attempts an unauthorized and malicious activity. The press and public have muddied the definitions so much that both now often mean people with malicious intent.Crackers differ from hackers. A cracker uses various tools and techniques to gain illegal access to various computer platforms and networks with the intention of harming the system.Script kiddies are a subclass of crackers. They use scripts made by others to exploit a security flaw in a certain system.A common security mistake is to assume that attacks always come from outside your organization. Many companies build a massive wall around their buildings, but they leave all inside doors unlocked. The following list shows some of the potential threats from inside your organization:
- Authenticated users
These users already have access to the network. They are authenticated and authorized to use certain resources on the network. Often they use the access they have to get to confidential data such as payrolls or personnel records. - Unauthorized programs
Users within your organization sometimes install additional programs and plug-ins that are not authorized by your organization. Often they open a hole to your network by doing this. - Unpatched software
It is also very important to keep up with the latest updates or patches. Once a software bug or flaw is identified, vendors provide an update to their affected customers. It is good practice to check for updates and patches frequently, especially for your browser and operation system. If you are running a Microsoft operating system such as Windows 2000, you need to go to following URL:http://www.microsoft.com/windows2000/downloads/critical/default.asp.This URL takes you to a page similar to the one shown in Figure 1-2. All critical updates are available to download from that page.Figure 1-2. Critical Update Page
[View full size image]
![[View full size image]](/image/library/english/13756_01fig02_alt.jpg;380136){kind=link}