Access Attacks

As the name implies, the goal of an access attack is to gain access to a system or a network. Having gained access, the user can perform many different functions. These functions fall into three distinct categories:

• Interception If the unauthorized user can capture traffic going from the source to the destination, that user can store the data for later use. The data might be anything crossing the network segment connected to the sniffer (including confidential data such as personnel records, payroll, or research and development projects). If network management data is crossing the network, it is possible to acquire passwords for specific components and take control of that equipment. The methods used for intercepting traffic vary but usually require physical connectivity with the network. Upgrading from hub to switching technology greatly reduces the amount of traffic that can be captured by a network sniffer. The most effective way to protect your sensitive data is to save it in an encrypted format or to send it via an encrypted connection. The encryption prevents the intruder from being able to read the data. Figure 2-1 shows how interceptions can occur.

Figure 2-1. Interceptions Can Occur if Data Is Sent in an Unencrypted


Figure 2-1. Interceptions Can Occur if Data Is Sent in an Unencrypted


• Modification Having access, the unauthorized user can now alter the resource. This not only includes altering file content, it also includes system configurations, unauthorized system access, and unauthorized privilege escalation. Unauthorized system access is completed by exploiting vulnerabilities in either the operating system or another application running on that system. Unauthorized privilege escalation refers to a user with a low level but authorized account attempting to gain higher-level or more privileged user account information to raise the unauthorized user's privilege level. This higher privilege level then enables the intruder to have greater control of the target system or network.

• Fabrication Having access to the target system or network, the unauthorized user can create false objects and introduce them into the environment. This could include altering data or inserting packaged exploits such as a virus, worm, or Trojan horse that can continue to attack the network from within:

- Virus A computer virus can range from annoying to destructive. It consists of computer code that attaches itself to other software running on the computer. This way, each time the attached software opens, the virus reproduces and can continue to grow until it wreaks havoc on the infected system.

- Worm A worm is a virus that exploits vulnerabilities on networked systems to replicate itself. A worm scans a network looking for a system with a specific vulnerability. When it finds a host, it copies itself to that system and begins scanning from there, too.

- Trojan horse A Trojan horse is a program that usually claims to perform one function (such as a game) but does something completely different in addition the claimed function (such as corrupting the data on your hard disk). Many different types of Trojan horses get attached to systems, and the effects of these programs range from a minor irritation for the user to total destruction of the computer file system. Trojan horses are sometimes used to exploit systems by creating user accounts on systems that enable unauthorized users to gain access or upgrade their privilege level. Some Trojan horses capture data from the host system and send it back to a location where it can be accessed by the attacker. Other Trojan horses enable the attacker to take control of the system and enlist it in a DDoS attack, which is a common occurrence.

0 0

Post a comment