Professional Documents
Culture Documents
allows an attacker to access data that is contrary to the specified access restrictions for
that data
MITRE believes that when an attack is made possible by a weak or inappropriate security policy,
this is better described as 'exposure': An exposure is a state in a computing system (or set of
systems) which is not a universal vulnerability, but either:
is a primary point of entry that an attacker may attempt to use to gain access to the system
or data is considered a problem according to some reasonable security policy
Virus programs use vulnerabilities in operating system and application software to gain
unauthorized access, spread, and do damage.
If software vulnerabilities did not exist, I believe that viruses would not exist and gaining any
unauthorized access to resources would be very difficult indeed. The primary tools for
unauthorized access would then become:
Network sniffing.
Most unauthorized access would then most likely be done by employees of the organization or
the unauthorized access would be due to very sloppy firewall administration or user error.