Threats and Vulnerabilities

A threat can be any person, object, or event that, if realized, could potentially cause damage to the LAN. Threats can be malicious, such as the intentional modification of sensitive information, or can be accidental, such as an error in a calculation, or the accidental deletion of a file. Threats can also be acts of nature, i.e. flooding, wind, lightning, etc. The immediate damage caused by a threat is referred to as an impact.

Vulnerabilities are weaknesses in a LAN that can be exploited by a threat. For example, unauthorized access (the threat) to the LAN could occur by an outsider guessing an obvious password. The vulnerability exploited is the poor password choice made by a user.

Reducing or eliminating the vulnerabilities of the LAN can reduce or eliminate the risk of threats to the LAN. For example, a tool that can help users choose robust passwords may reduce the chance that users will utilize poor passwords, and thus reduce the threat of unauthorized LAN access.

A security service is the collection of security mechanisms, supporting data files, and procedures that help protect the LAN from specific threats. For example, the identification and authentication service helps protect the LAN from unauthorized LAN access by requiring that a user identify himself, as well as verifying that identity.

The security service is only as robust as the mechanisms, procedures, etc. that make up the service. Security mechanisms are the controls implemented to provide the security services needed to protect the LAN.

For example, a token based authentication system (which requires that the user be in possession of a required token) may be the mechanism implemented to provide the identification and authentication service. Other mechanisms that help maintain the confidentiality of the authentication information can also be considered as part of the identification and authentication service.

Identifying threats requires one to look at the impact and consequence of the threat if it is realized. The impact of the threat, which usually points to the immediate nearterm problems, results in disclosure, modification, destruction, or denial of service.

The more significant long-term consequences of the threat being realized are the result of lost business, violation of privacy, civil law suits, fines, loss of human life or other long term effects. The approach taken here is to categorize the types of impacts that can occur on a LAN so that specific technical threats can be grouped by the impacts and examined in a meaningful manner.

For example, the technical threats that can lead to the impact ‘LAN traffic compromise’ in general can be distinguished from those threats that can lead to the impact ‘disruption of LAN functionalities’.

It should be recognized that many threats may result in more than one impact; however, for this discussion a particular threat will be discussed only in conjunction with one impact. The impacts that will be used to categorize and discuss the threats to a LAN environment are:

  • Unauthorized LAN access - results from an unauthorized individual gaining access to the LAN.
  • Inappropriate access to LAN resources - results from an individual, authorized or unauthorized, gaining access to LAN resources in an unauthorized manner.
  • Disclosure of data - results from an individual accessing or reading information and possibly revealing the information in an accidental or unauthorized intentional manner.
  • Unauthorized Modification to data and software - results from an individual modifying, deleting or destroying LAN data and software in an unauthorized or accidental manner.
  • Disclosure of LAN traffic - results from an individual accessing or reading information and possibly revealing the information in an accidental or unauthorized intentional manner as it moves through the LAN.
  • Spoofing of LAN traffic - results when a message appears to have been sent from a legitimate, named sender, when actually the message had not been.
  • Disruption of LAN functions - results from threats that block LAN resources from being available in a timely manner.