Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 17
¾ Individual – Detailed information on an individual person, family, company or Government is
targeted. Terrorists and criminals might use this approach.
¾ Data Harvest – Bulk data is targeted normally by criminal elements for the purpose of a scam.
This might include personal, or financial information so that groups of people can be targeted
automatically. A good, implemented security policy with data encryption can offer much greater
protection from this type of privacy violation.
Confidentiality
Very similar to the definition of privacy, but confidentiality is concerned with preventing unauthorized
disclosure of information. Confidential information is normally data which could be used by others to gain
advantage and differs from private information in that it might not be personal in nature, or subject to any
data protection legislation.
Integrity
Privacy and confidentiality are concerned with not letting unauthorized persons or systems read data,
whereas integrity is concerned with the data itself and it’s known condition. The integrity of any data is that
it must be in the same state and condition as when it was last written by an authorized person or process
and that it has not been altered for example by a computer virus or a disk error or a malicious attacker.
Non-repudiation
This is the evidence that something took place, making it impossible to deny. For example, being able to
prove that an email message was sent and delivered, similar to a recorded postal delivery requiring the
recipient to “sign for” the goods. In this case, it is very difficult (if not impossible) to deny that it was
delivered.
Attackers
This section describes the types of attackers and why you might be attacked. It also discusses how attackers
obtain vast amounts of information in support of their illicit activities.
Classification of Attackers and Motives
¾ Script Kiddies – These are amateurs who have little or no experience of breaking in to computer
systems. They do it for fun mainly or the kudos of saying that they broke in. A script kiddie will
normally run a program or utility supplied to him and won’t understand the underlying security
implications.
¾ Hackers – More experienced computer users and programmers that break in to computers and
networks, but cause little or no damage. They are still trespassing however, but are often
differentiated from the cracker, who will often cause malicious damage to systems or data.