This article discusses threats, explaining what they are and how they can affect network traffic.
A threat is any circumstance or event with the potential to adversely impact data or systems via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. Threats may involve intentional actors (e.g., attacker who wants to access information on a server) or unintentional actors (e.g., administrator who forgets to disable user accounts of a former employee.) Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area.
A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is an event or situation initiated or caused by a threat source that has the potential for causing adverse impact.
Many threats against data and resources are possible because of mistakes—either bugs in operating system and applications that create exploitable vulnerabilities, or errors made by end users and administrators.
Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:
- Eavesdropping. Information remains intact, but its privacy is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information.
- Tampering. Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume.
- Impersonation. Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
- Spoofing. A person can pretend to be someone else. For example, a person can pretend to have the email address
jdoe@example.net
, or a computer can identify itself as a site calledwww.example.net
when it is not. This type of impersonation is known as spoofing. - Misrepresentation. A person or organization can misrepresent itself. For example, suppose the site
www.example.net
pretends to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods.
- Spoofing. A person can pretend to be someone else. For example, a person can pretend to have the email address
Original Document Information
- Author(s): Ella Deon Lackey
- Last Updated Date: 2012
- Copyright Information: © 2012 Red Hat, Inc.
- Link: Red Hat Certificate System Common Criteria Certification 8.1: Deployment, Planning, and Installation
Original Document Information
- Author(s): Joint Task Force Transformation Initiative
- Title: National Institute of Standards and Technology (NIST) Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments
- Last Updated Date: September 2012
- Copyright Information: This document is not subject to copyright.
Original Document Information
- Author(s): Karen Scarfone, Wayne Jansen, and Miles Tracy
- Title: National Institute of Standards and Technology (NIST) Special Publication 800-123, Guide to General Server Security
- Last Updated Date: July 2008
- Copyright Information: This document is not subject to copyright.