Hacker
Professional
- Messages
- 1,044
- Reaction score
- 813
- Points
- 113
Vulnerabilities related to vulnerabilities in system and application software.
The current vulnerabilities of system and application software include the following vulnerabilities:
- system functions and procedures, with a certain change in the parameters of which it is possible to use them for the unauthorized system, and such changes are not detected by the OS itself;
- lack of necessary information security systems that implement authentication measures, integrity checks, etc .;
- errors in programs, under certain conditions leading to failures;
- functions and procedures of application software that are not able to function in one OS due to a conflict in the allocation of system resources;
Vulnerabilities in special software are associated only with the emergence of threats as a result of malfunctions and failures of software and hardware.
2. Vulnerabilities caused by the presence of a hardware device in the information system
The hardware tab as a source of threats is not considered in the IS of the Institution.
3. Vulnerabilities associated with the implementation of networking protocols and data transmission channels
Only vulnerabilities related to the implementation of network communication protocols and data transmission channels are considered.
4. Vulnerabilities caused by flaws in the organization of technical protection of information from unauthorized access
Software security mechanisms do not provide the required level of PD protection in IS. Vulnerabilities caused by the shortcomings of the organization of TZI from the NSD are considered as relevant.
5. Vulnerabilities of software and hardware information systems as a result of malfunctions, failures of these funds
Vulnerabilities of hardware and software of the Institution's IS as a result of malfunctions, failures of these tools are not considered.
6. Vulnerabilities of information security tools
In IS, only ISS certified in accordance with security requirements, including SKZI, are used. Therefore, the vulnerabilities of the information security system are not considered and are taken as irrelevant.
7. Technical channels of information leakage
Threats of leakage of acoustic (speech) and species information in the IS of the Institution are excluded, since there is no speech input of information in the IS, and blinds are installed on the windows to exclude the viewing of the displayed text information in the premises of the IS of the Institution.
The placement of monitor screens excludes unauthorized viewing of information. Visitors to the premises in which the technical means of the Institution's IP are located are not allowed unaccompanied by persons admitted to the KZ.
It is assumed that the number of possible attack channels does not include leakage channels due to PEMIN, due to the fact that the volume and composition of information processed and stored in the IS is insufficient to motivate external intruders to such an attack. Ways to implement threats in information systems The following ways to implement threats in IS can be distinguished:
1. Using the existing vulnerabilities of the IS software and hardware, allowing the use of vulnerabilities in data transfer protocols, intercepting passwords, bypassing the ISS and carrying out a destructive effect on the ISS.
2. Implementation of new vulnerabilities in IS at the stage of design, development and maintenance of IS using standard or non-standard means.
3. Destruction, theft of IC hardware and storage media.
4. Theft, damage to elements of a structured cable network.
