fips191_8
FIPS PUB 191
2 THREATS, VULNERABILITIES, SERVICES & MECHANISMS
A threat can be any person, object, or event that, if realized, could potentially cause damage to
the LAN. Threats can be malicious, such as the intentional modification of sensitive information,
or can be accidental, such as an error in a calculation, or the accidental deletion of a file. Threats
can also be acts of nature, i.e. flooding, wind, lightning, etc. The immediate damage caused by
a threat is referred to as an impact.
Vulnerabilities are weaknesses in a LAN that can be exploited by a threat.
For example,
unauthorized access (the threat) to the LAN could occur by an outsider guessing an obvious
password. The vulnerability exploited is the poor password choice made by a user. Reducing
or eliminating the vulnerabilities of the LAN can reduce or eliminate the risk of threats to the
LAN. For example, a tool that can help users choose robust passwords may reduce the chance
that users will utilize poor passwords, and thus reduce the threat of unauthorized LAN access.
A security service is the collection of security mechanisms, supporting data files, and procedures
that help protect the LAN from specific threats.
For example, the identification and
authentication service helps protect the LAN from unauthorized LAN access by requiring that
a user identify himself, as well as verifying that identity. The security service is only as robust
as the mechanisms, procedures, etc. that make up the service.
Security mechanisms are the controls implemented to provide the security services needed to
protect the LAN. For example, a token based authentication system (which requires that the user
be in possession of a required token) may be the mechanism implemented to provide the
identification and authentication service. Other mechanisms that help maintain the confidentiality
of the authentication information can also be considered as part of the identification and
authentication service.
This section is composed of two parts. The first part discusses threats, impacts and related
vulnerabilities. The threats are generally categorized based on the impact caused if the threat is
realized. For each impact category there is a discussion regarding the threats that may cause the
impact, potential losses from the threat, and the vulnerabilities that may be exploited by the
threat. The second part of this section discusses LAN security services and the possible
mechanisms that can be implemented to provide these services.
2.1 Threats and Vulnerabilities
Identifying threats requires one to look at the impact and consequence of the threat if it is
realized. The impact of the threat, which usually points to the immediate near-term problems,
results in disclosure, modification, destruction, or denial of service. The more significant long-
term consequences of the threat being realized are the result of lost business, violation of privacy,
10