» » » » » » Vulnerabilities and unauthorized results in cybercrime

Vulnerabilities and unauthorized results in cybercrime

password-64047

Vulnerabilities

To get the results he want, an attacker must use a computer or network vulnerability, which is defined as follows:

Vulnerability is a weakness of the system allowing unauthorized action. These are errors that occur in different stages of development, or the using of the system. They can therefore be classified in the following categories:

  • Design vulnerability – an error that occurs during the first phase of life of a product, that of design, and that even a perfect subsequent implementation will not remove
  • Implementation vulnerability – occurs due to the implementation phase of the project.
  • Configuration vulnerability – occurs due to the errors made in configuring systems, such as using the default access codes or writable files with passwords

Unauthorized results

The result is an unauthorized consequence of part of an event

  • Increased access – an increase in unauthorized access to a computer or network
  • Disclosure of information – the propagation of information to persons not authorized to have access to these information
  • Corruption of information – unauthorized alteration of data on a computer or network
  • Denial of service – intentional degradation or blocking of system resources
  • Theft of resources – unauthorized use of a computer or network resources

Solutions of protection to these types of problems are not simple because often have to be treated their causes. It can achieve significant progress dealing with the greatest attention the security issues in the design, implementation of products, and in the use.

A summary classification of the types of incidents, along with the legal regulation of international cybercrime is shown below, in accordance with the study Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries made in 2002 by Rand Europe for the European Commission.

O clasificare sintetică a tipurilor de incidente, în paralel cu reglementarea legală a criminalităţii informatice la nivel internaţional este prezentată mai jos, după studiul Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries realizat în 2002 de Rand Europe pentru Comisia Europeană.

Incidents Regulatory Cybercrime Convention
Getting information about a possible target (probing, scanning) ARTICLE 6 – Abuses on devices
Compromising the system by unauthorized code execution ARTICLE 4 – Damage of data integrity
ARTICLE 5 – Damage of system integrity
Denial of service ARTICLE 5 – Damage of system integrity
Compromising system (theft, modification, deletion) ARTICLE 2 – Illegal access
Intrusion attempt ARTICLE 2 – Illegal access, in conjunction with ARTICLE 11 – Attempt and aiding
Unauthorized access to information ARTICLE 2 – Illegal access
ARTICLE 3 – Illegal interception
Accesul neautorizat la transmiterea datelor ARTICLE 3 – Illegal interception
Altering information ARTICLE 4 – Damage of data integrity
Illegal access communication systems ARTICLE 2 – Illegal access

Leave a Reply

Your e-mail address will not be published. Required fields are marked *