 |
|
|
|
 |
 |
|
|
|
|
|
|
|
|
Scope
The kinds of malicious actions possible in the whole area of Computing (hereafter called "attacks") are many and varied, and we're certainly not aiming to give a complete listing here! Rather, below are a few examples to illustrate the diversity. While Cryptography (e.g. RSA encryption) is the standard example people think of for security, the subject is really much broader...
Target systems
Web traffic is the most obvious example; these days people send personal details, bank account numbers, confidential documents and much more over the internet, and it is generally considered the job of cryptography to ensure that these transactions are secure, and so noone can read this information in transit (Confidentiality). In addition; it is important that noone but the intended web site can decrypt the information, or else they might intercept and change it before passing it on (Integrity).
However, if an attacker somehow manages to gain access to the web site the user is communicating with, then all the clever cryptography was in vain... perhaps they can just read someone's account details straight from a database on the server. Similarly, if somehow the user's computer is compromised, it may be that this malicious third party can read the information even as it is being typed. Bear in mind that is often just as good, if not better, to manage to intercept someone's password from some web service than any particular details; and this may be acquired by similar means.
It is not just information flow that needs to be kept secure however; other security attacks focus on gaining access to a user's computer in order to cause trouble, or perhaps to read private information from there. Imagine how keen a web-marketing company might be to be able to determine which web sites a user visited regularly? Or perhaps a software company would like to see what programs a user has installed, and even whether they are genuine copies.
<< back: The CIA Principle next: How are Security Attacks made? >>
