files get deleted, classified information gets copied onto an unclassified disk, and coffee gets spilled
on a computer.
Part B: Methods of Attack.
The following are some common methods of attack:
Insider misuse. Some of the most serious breaches of security are performed by insiders
misusing their access authorizations. This is another reason why total security is unachievable.
Although a user's rights can be contained, they can never be so constrained as to preclude any
misuse.
Social engineering. The attacker uses lies and deception to con the victim into providing
information (e.g., passwords) that facilitates an attack. Strong technical safeguards can be useless
against this form of attack.
Password cracking: Many passwords are easily guessed or vulnerable to systematic attack.
These attacks are typically launched with the aid of a dictionary and password cracking program.
First the attacker acquires a file of encrypted passwords. Then the cracking program is used to
encrypt all of the words in the dictionary along with commonly chosen passwords until a match is
found in the encrypted password file.
Key cracking. If encryption keys are not sufficiently long, they can be systematically broken by
trying all possible keys until the correct one is found. Even keys that are long enough to withstand a
brute force attack can be cracked if he random number generator used to create keys is not
sufficiently good or if the cryptosystem has protocol failures or other weaknesses. In some cases,
keys have been broken within a few minutes.
Sniffers. "Sniffer" programs, installed on network nodes, intercept packets traversing the
network and ferret out login IDs and passwords, credit card numbers, or messages containing certain
keywords. This information is stored in a file, where it can be read by or transmitted back to the
owner of the program.
IP Spoofing. This involves forging the Internet Protocol (IP) address of a trusted host in order to
establish a connection with a victim machine. One method floods the trusted host with connection
requests and then, while the host is recovering, sends packets that forge the node's IP address. The
forged packets may contain data that allow the attacker to gain privileged access on the victim
machine.
Injecting viruses, Trojan horses, time bombs, and other malicious code. Malicious code is
injected into a target system through a disk or computer network. The code could alter or destroy
data or cause other types of mischief.
Exploiting weaknesses in operating systems, network protocols, and applications. In general,
any system vulnerability can be exploited to form an attack. Depending on the weaknesses, such
attacks may effectively circumvent access controls and encryption, allowing access to plaintext data
without the need to crack passwords or encryption keys. An intruder may be able to download tens
of thousands of credit or calling card numbers at a time. Weaknesses are often found in
configuration settings and parameter checking.
2-3
IT0772
Previous Page
