The target of a crime involving computers may be any piece of the computing system.A computing system is a collection of hardware,software,storage media,data,and persons that an organization uses to do computing tasks.Whereas the obvious target of a bank robbery is cash,a list of names and addresses of depositors might be valuable to a competing bank.The list might be on paper,recorded on a magnetic medium,stored in internal computer memory,or transmitted electronically across a medium such as a telephone line.This multiplicity of targets makes computer security difficult. 'TWZ@8h~
In any security system,the weakest point is the most serious vulnerability.A robber intent on stealing something from your house will not attempt to penetrate a two-inch thick metal door if a window gives easier access.A sophisticated perimeter physical security system does not compensate for unguarded access by means of a simple telephone line and a modem.The“weakest point”philosophy can be restated as the following principle. &,B\ig1Jf
Principle of Easiest Penetration.An intruder must be expected to use any available means of penetration.This will not necessarily be the most obvious means,nor will it necessarily be the one against which the most solid defense has been installed[1]. (V2~txMh
This principle says that computer security specialists must consider all possible means of penetration,because strengthening one may just make another means more appealing to intruders[2].We now consider what these means of penetration are.