To get the results he want, an attacker must use a computer or network vulnerability, which is defined as follows:
Vulnerability is a weakness of the system allowing unauthorized action. These are errors that occur in different stages of development, or the using of the system. They can therefore be classified in the following categories:
- Design vulnerability – an error that occurs during the first phase of life of a product, that of design, and that even a perfect subsequent implementation will not remove
- Implementation vulnerability – occurs due to the implementation phase of the project.
- Configuration vulnerability – occurs due to the errors made in configuring systems, such as using the default access codes or writable files with passwords
The result is an unauthorized consequence of part of an event
- Increased access – an increase in unauthorized access to a computer or network
- Disclosure of information – the propagation of information to persons not authorized to have access to these information
- Corruption of information – unauthorized alteration of data on a computer or network
- Denial of service – intentional degradation or blocking of system resources
- Theft of resources – unauthorized use of a computer or network resources
Solutions of protection to these types of problems are not simple because often have to be treated their causes. It can achieve significant progress dealing with the greatest attention the security issues in the design, implementation of products, and in the use.
A summary classification of the types of incidents, along with the legal regulation of international cybercrime is shown below, in accordance with the study Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries made in 2002 by Rand Europe for the European Commission.
O clasificare sintetică a tipurilor de incidente, în paralel cu reglementarea legală a criminalităţii informatice la nivel internaţional este prezentată mai jos, după studiul Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries realizat în 2002 de Rand Europe pentru Comisia Europeană.
|Incidents||Regulatory Cybercrime Convention|
|Getting information about a possible target (probing, scanning)||ARTICLE 6 – Abuses on devices|
|Compromising the system by unauthorized code execution||ARTICLE 4 – Damage of data integrity
ARTICLE 5 – Damage of system integrity
|Denial of service||ARTICLE 5 – Damage of system integrity|
|Compromising system (theft, modification, deletion)||ARTICLE 2 – Illegal access|
|Intrusion attempt||ARTICLE 2 – Illegal access, in conjunction with ARTICLE 11 – Attempt and aiding|
|Unauthorized access to information||ARTICLE 2 – Illegal access
ARTICLE 3 – Illegal interception
|Accesul neautorizat la transmiterea datelor||ARTICLE 3 – Illegal interception|
|Altering information||ARTICLE 4 – Damage of data integrity|
|Illegal access communication systems||ARTICLE 2 – Illegal access|