Finance          Automotive          Computers          Health          Shopping          Sports         News          Reference           Print Facts in English - BCUZ.COMlos hechos en Español

Computer security



The aviation industry is especially important when analyzing computer security because the involved risks include expensive equipment and cargo, transportation infrastructure and even human life. Security can be compromised by hardware and software malpractice, human error and faulty operating environments. Threats which exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction and human error. [4]

The consequences of a successful intentional or accidental misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns, like data theft or loss, network and air traffic control outages, which can lead to airport closures, loss of aircraft or even death of passengers. Military systems which control munitions pose an even greater risk, one which is evident enough not to warrant a further explanation.

A proper attack does not need to be very high tech, or well funded, for a power outage at an airport alone can cause repercussions worldwide. [5]. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past. Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radars' sight, controllers must rely on periodic radio communications through a third party.

Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.

[

Notable system accidents

In 1983, Korean Airlines Flight 007, a Boeing 747 was shot down by Soviet SU-15 jets after a navigation computer malfunction caused the aircraft to steer 185 miles off course into Soviet Union airspace. All 269 passengers were killed. [6]

In 1994, over a hundred intrusions were made by unidentified hackers into the Rome Laboratory, the US Air Force’s main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome’s networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user. [7]

Electromagnetic interference is another threat to computer safety and in 1989, a United States Air Force F-16 jet accidentally dropped a 230 kg bomb in West Georgia after unspecified interference caused the jet’s computers to release it. [8]

A similar telecommunications accident also happened in 1994, when two UH-60 Blackhawk helicopters were destroyed by F-15 aircraft in Iraq because the IFF system’s encryption system malfunctioned.

[

Terminology

The following terms used in engineering secure systems are explained below.

  • Firewalls can either be hardware devices or software programs. They provide some protection from online intrusion, but since they allow some applications (e.g. web browsers) to connect to the Internet, they don't protect against some unpatched vulnerabilities in these applications (e.g. lists of known unpatched holes from Secunia and SecurityFocus).
  • Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications.
  • Thus simple microkernels can be written so that we can be sure they don't contain any bugs: eg EROS and Coyotos.

A bigger OS, capable of providing a standard API like POSIX, can be built on a secure microkernel using small API servers running as normal programs. If one of these API servers has a bug, the kernel and the other servers are not affected: e.g. Hurd or Minix 3.

  • Cryptographic techniques can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified.
  • Strong authentication techniques can be used to ensure that communication end-points are who they say they are.

Secure cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system.

  • Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers.
  • Mandatory access control can be used to ensure that privileged access is withdrawn when privileges are revoked. For example, deleting a user account should also stop any processes that are running with that user's privileges.
  • Capability and access control list techniques can be used to ensure privilege separation and mandatory access control. The next sections discuss their use.

Some of the following items may belong to the computer insecurity article:

  • application with known security flaws should not be run. Either leave it turned off until it can be patched or otherwise fixed, or delete it and replace it with some other application. Publicly known flaws are the main entry used by worms to automatically break into a system and then spread to other systems connected to it. The security website Secunia provides a search tool for unpatched known flaws in popular products.
Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, but eavesdroppers cannot.
Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, but eavesdroppers cannot.
  • Backups are a way of securing information; they are another copy of all the important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Suggested locations for backups are a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside bank vaults. There is also a fourth option, which involves using one of the file hosting services that backs up files over the Internet for both business and individuals.
    • Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. The building can be on fire, or an explosion may occur. There needs to be a recent backup at an alternate secure location, in case of such kind of disaster. Further, it is recommended that the alternate location be placed where the same disaster would not affect both locations. Examples of alternate disaster recovery sites being compromised by the same disaster that affects the primary site include having had a primary site in World Trade Center I and the recovery site in 7 World Trade Center, both of which were destroyed in the 9/11 attack, and having one's primary site and recovery site in the same coastal region, which leads to both being vulnerable to hurricane damage (e.g. primary site in New Orleans and recovery site in Jefferson Parish, both of which were hit by Hurricane Katrina in 2005). The backup media should be moved between the geographic sites in a secure manner, in order to prevent them from being stolen.
  • Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules.
  • Access authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer - such as through an interactive logon screen - or individual services, such as an FTP server. There are many methods for identifying and authenticating users, such as passwords, identification cards, and, more recently, smart cards and biometric systems.
  • Encryption is used to protect the message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. Public key encryption is a refined and practical way of doing encryption. It allows for example anyone to write a message for a list of recipients, and only those recipients will be able to read that message.
  • Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network.
  • Pinging The ping application can be used by potential crackers to find if an IP address is reachable. If a cracker finds a computer they can try a port scan to detect and attack services on that computer.
  • Social engineering awareness keeps employees aware of the dangers of social engineering and/or having a policy in place to prevent social engineering can reduce successful breaches of the network and servers.
  • Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by crackers. They can be used to catch crackers or fix vulnerabilities.

[

Notes

  1. ^ Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008
  2. ^ New hacking technique exploits common programming error. SearchSecurity.com, July 2007
  3. ^ J. C. Willemssen, "FAA Computer Security". GAO/T-AIMD-00-330. Presented at Committee on Science, House of Representatives, 2000.
  4. ^ P. G. Neumann, "Computer Security in Aviation," presented at International Conference on Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security, 1997.
  5. ^ J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 65-70.
  6. ^ KAL Flight 007. Check-six.com, Mar 2008
  7. ^ Information Security. United States Department of Defense, 1986
  8. ^ Air Force Bombs Georgia. The Risks Digest, vol. 8, no. 72, May 1989

[

References

[

Further reading

Wikibooks
Wikibooks has a book on the topic of
  • The Information Age - an e-primer providing a comprehensive review of the digital and information and communications technology revolutions and how they are changing the economy and society. The primer also addresses the challenges arising from the widening digital divide.
  • pwn2own - a $25,000 computer security competition in which competitors are challenged to create a previously unknown security exploit and fully penetrate security on a correctly patched Windows, Mac or Linux computer. The 2007 winner took 12 hours to crack Mac OS X security via a vulnerability later classified as "highly critical" by Secunia [1].
  • Boeing 787 Integration - Avionics Magazine provides an overview of computer systems and their security and integration upon Boeing's latest and largest long-range airliner, including networking and fly-by-wire concerns.

[

See also

Computer security Portal




BCUZ.com FACTS Encyclopedia content is licensed under the GFDL as approved by Wikipedia.
For more information review our copyright contact and privacy policy.
© 1996 - BCUZ.COM - We have all the FACTS you need about Small Business Financing, Behavior Disorder, Having Too Many Bills, Needing Cash Fast, Structured Settlements, Frequent Flier Programs, Top Steak Houses, The Mayan Indians, Norfolk and Suffolk England, Growing Longer Hair and a full reference English Encyclopedia and Spanish Encyclopedia.Privacy Policy