Unauthorized Intrusion in Information Systems
Unauthorized intrusion refers to any attempt to gain access to information systems, data, or organizational resources without proper authorization. Such intrusions pose a serious threat to confidentiality, integrity, and availability of information assets. Intrusions can broadly be classified into physical intrusion and logical intrusion, both of which can cause significant operational, financial, and reputational damage to an organization.
In a physical intrusion, an attacker gains direct physical access to an organization’s premises or computing infrastructure. This may involve entering restricted areas to steal hardware, remove hard disks, copy sensitive information, or sabotage systems. In contrast, logical intrusion involves unauthorized access through digital means, such as hacking into systems, bypassing authentication mechanisms, installing malicious software, or intercepting communications within the organization.
32.1 Physical Access vs. Logical Access
Physical Access
In computer security, physical access refers to the ability to directly touch, manipulate, or interact with computer systems, servers, or network devices. Physical access often allows attackers to bypass many logical security controls, such as operating system authentication or application-level security. For example, an intruder with physical access may insert a boot disk or external drive to start the system and gain unauthorized control.
Physical access also enables the installation of unauthorized surveillance equipment, such as keystroke loggers or network sniffers, which can silently capture sensitive information over time. Therefore, physical security measures—such as access-controlled rooms, surveillance cameras, and security guards—are a critical first line of defense.
Logical Access
Logical access refers to interaction with systems and data through software-based mechanisms. This access is typically controlled using identification, authentication, and authorization procedures, such as usernames, passwords, biometric systems, and access control lists. Logical intrusion occurs when these controls are bypassed or compromised.
Logical Threats
Logical threats involve damage to software and data without any physical damage to the underlying hardware. In severe cases, corrupted software or data may render the hardware itself unusable. For example, a virus or malicious program may corrupt file systems, create bad sectors on a hard drive, or disrupt system operations, ultimately requiring hardware replacement.
Examples of Logical Threats
- Unauthorized access to sensitive payroll data or confidential corporate budget information
- Interception or tapping of communication lines to spy on internal organizational communications
- Installation of spyware, malware, or backdoors to monitor or manipulate system activity
32.2 Computer Viruses
A computer virus is a type of malicious software designed to infect a system and replicate itself. Once written, virus code is typically embedded within a legitimate program. When the host program is executed, the virus is activated and spreads by attaching copies of itself to other programs or files within the system.
Viruses may be relatively benign or highly destructive. Some may simply display messages or slow system performance, while others may corrupt memory, delete files, or cause applications to malfunction. The term “virus” is often used generically to describe a wide range of malicious programs that exploit operating system functions to propagate themselves.
Common Targets of Virus Attacks
- Executable program files
- File directory systems that track file locations
- Boot and system areas required to start the computer
- Data files containing critical business information
Viruses vs. Worms
A worm is a standalone malicious program that spreads automatically across network connections. Unlike viruses, worms do not attach themselves to other programs. Instead, they exploit security weaknesses in operating systems or network configurations to propagate rapidly across multiple systems, often causing network congestion and widespread disruption.
Virus vs. Bug
A bug is an unintentional software defect or internal malfunction caused by errors in programming logic or design. Bugs result in incorrect or unexpected behavior but are not malicious in nature. Examples include incorrect calculations, unstable beta software, or faulty data handling.
The process of identifying and removing bugs is known as debugging. While bugs are internal software issues, viruses are external threats introduced deliberately. However, poorly written or buggy software may contain vulnerabilities that allow viruses to be introduced and exploited.
32.3 Sources of Virus Transmission
Viruses and worms spread through multiple channels, with the internet being the most common. Downloading files through web browsers, email attachments, and online services significantly increases the risk of infection.
Common sources of virus transmission include:
- Free software downloaded from the internet
- Pirated software obtained from unauthorized sources
- Game software with wide user appeal
- Email attachments that execute malicious code
- Portable hard drives and USB flash drives used across multiple systems
32.4 Types of Computer Viruses
Computer viruses can be classified into several broad categories based on how they operate and the type of damage they cause.
- Boot Sector Viruses
- Overwriting Viruses
- Droppers
- Trojan Horses
Boot Sector Viruses
The boot sector contains the information required to start a computer. When this area is infected, the virus is loaded into memory during system startup and can spread to the operating system and application software.
Overwriting Viruses
Overwriting viruses replace the contents of infected files with their own code. As a result, the original program or data file becomes unusable and must be deleted.
Droppers
A dropper is not a virus itself but a program designed to install a virus onto a system while performing another seemingly legitimate function.
Trojan Horses
A Trojan horse is a malicious program disguised as legitimate or useful software. Once executed, it performs unauthorized actions without the user’s knowledge.
- Logic Bomb: Triggered when specific conditions are met
- Time Bomb: Activated on a particular date or time
Virus and Worm Controls
Effective protection against viruses and worms requires a combination of management controls and technical controls. Neither approach is sufficient on its own; both must work together to provide comprehensive security.
32.5 Management and Procedural Controls
Management controls involve policies, procedures, and user awareness initiatives designed to reduce security risks. Examples include:
- Building systems from clean, original master copies
- Scanning USB devices on standalone machines before use
- Keeping antivirus software and definitions up to date
- Scanning all new software before installation
- Ensuring servers run current virus-detection software
- Maintaining secure and verified network device updates
- Implementing and testing regular backup procedures
- Educating users about email-based threats and safe practices
- Reviewing antivirus policies at least annually
- Preparing documented virus response and eradication procedures
32.6 Technical Controls
Technical controls rely on hardware and software mechanisms to prevent or limit infections. Key technical measures include:
- Using firmware-based boot virus protection
- Implementing remote booting and hardware-based passwords
- Using write-protected media where applicable
- Blocking insecure protocols through firewalls
- Deploying intrusion detection and prevention systems
By integrating strong management policies with effective technical safeguards, organizations can significantly reduce the risk of unauthorized intrusion and protect their critical information systems.
Practical Security Tip
Strong authentication is essential for preventing unauthorized access. You can generate secure credentials using this Strong Password Generator tool from ZeePedia.