IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.88 Misuse of active contents<br />

During surfing on the Internet, WWW sites with active contents can be loaded<br />

on the user's computer (e.g. ActiveX or Java Applets). This software can be<br />

purposefully used in order to spy out confidential data from the user and<br />

return such information to the perpetrator via the Internet.<br />

A Java-enabled browser allows Java applets to be loaded from the Internet and<br />

performed without being detecting by the user. This causes serious security<br />

risks for the Java user:<br />

- A Java Applet can use standard network protocols (such as SMTP) in order<br />

to send data from the user's computer.<br />

- A Java Applet can attack a Java system by corrupting its memory or it can<br />

attack a subordinate operating system by falsifying data or canceling<br />

important processes.<br />

- A Java Applet can take up the whole storage space of the system or create<br />

high-priority messages. An attack on availability is also possible if the Java<br />

safety model is interpreted correctly.<br />

Unlike Java, the functionality of ActiveX is barely limited. An ActiveX<br />

program can contain all commands up to the formatting of the hard disk.<br />

<strong>The</strong>se small executable codes are called controls. <strong>The</strong> controls, usually<br />

distributed for illustration or entertainment can also have malicious elements<br />

which then have access to the file system of the user's computer or control<br />

other programs without being noticed by the user. ActiveX Controls can delete<br />

the hard disk, contain a virus or a Trojan horse, or search the hard disk for<br />

certain information. All of this can happen without the user or observer of the<br />

control noticing it. While the observer runs a game transmitted by the controls,<br />

this control can in the background search the E-mail for particular<br />

information.<br />

By presetting their WWW browsers accordingly, users can ensure that only<br />

digitally-signed ActiveX controls are performed. However, such a digital<br />

signature only proves that the producer of the ActiveX control is known by a<br />

certification body and that the control provided by this producer was loaded<br />

unchanged. This says nothing about how such a control functions or if it is<br />

undamaged, and no guarantee is given for this.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!