Security Links

 

 

Copyright © 2004
netfiniti.
All Rights Reserved.

 

 

 

FAQ No 1. What are common security threats and vulnerabilities?

FAQ No 2. What is the motivation of threat?

FAQ No 3. What are the potential impact of infrastructure attacks?

FAQ No. 1 What are common security threats and vulnerabilities?

Threat: any person, object, or event that, if realized, can potentially cause damage to the network or networked device.

Unauthorized Access/ Compromises
Impersonation
Denial of Service
Viruses/Worms/Malicious Codes
SPAM attack

Unauthorized Access

Unauthorized access is when an unauthorized entity gains access to an asset and has the possibility to tamper with that asset. Gaining access is usually the result of intercepting some information in transit over an insecure channel or exploiting an inherent weakness in a technology or a product.

Shared media networks are particularly susceptible to eavesdropping because this type of network transmits packets everywhere along the network as they travel from the origin to the final destination. An intruder can tap into an Ethernet switch and, using a packet-decoding program, such as EtherPeek or TCPDump, read the data crossing the Ethernet. In recent years, it has been getting much easier for anyone with a portable laptop to acquire software that can capture data crossing data networks.

Ways of Obtaining Unauthorized Access
Establishing false identity with false credentials
Physical access to network devices
Eavesdropping on shared media networks

Ways to Use Unauthorized Access
Sending email that authorizes money transfers or terminating an employee
Modifying records to establish a better credit Retrieving confidential records, such as salary for all employees or medical histories rating

Impersonation

Impersonation of individuals is common. Most of these scenarios pertain to gaining access to authentication sequences and then using this information to attain unauthorized access. Once the access is obtained, the damage created depends on the intruder's motives. If you're lucky, the intruder is just a curious individual roaming about cyberspace. However, most of us will not be that lucky and will find our confidential information compromised and possibly damaged.

With the aid of cryptographic authentication mechanisms, impersonation attacks can be prevented. An added benefit of these authentication mechanisms is that, in some cases, nonrepudiation is also achieved. A user participating in an electronic communication exchange cannot later falsely deny having sent a message. This verification is critical for situations involving electronic financial transactions or electronic contractual agreements because these are the areas in which people most often try to deny involvement in illegal practices.

Impersonation can be deterred to some degree by using authentication and integrity security services such as digital signatures. A digital signature confirms the identity of the sender and the integrity of the contents of the data being sent.

Denial of Service

Denial of service (DoS) is an interruption of service either because the system is destroyed, or because it is temporarily unavailable. Examples include destroying a computer's hard disk, severing the physical infrastructure, and using up all available memory on a resource.

Some DoS attacks can be avoided by applying vendor patches to affected software. For example, many vendors have patched their IP implementations to prevent intruders from taking advantage of the IP reassembly bugs. A few DoS attacks cannot be stopped, but their scope of affected areas can be constrained.

Worms

A worm is self-propagating malicious code. Unlike a virus, which requires a user to do something to continue the propagation, a worm can propagate by itself. The highly-automated nature of the worms coupled with the relatively widespread nature of the vulnerabilities they exploit allows a large number of systems to be compromised within a matter of hours. (Code Red infected more than 250,000 systems in just 9 hours on July 19, 2001.)

Some worms include built-in denial-of-service attack payloads (Code Red) or web site defacement payloads (sadmind/IIS, Code Red); and others have dynamic configuration capabilities (W32/Leaves). But the biggest impact of these worms is that their propagation effectively creates a denial of service in many parts of the Internet because of the huge amounts of scan traffic generated, and they cause much collateral damage (examples include DSL routers that crash; cable modem ISPs whose networks are completely overloaded, not by the scanning itself but by the burst of underlying network management (ARP) traffic that the scanning triggers; and printers that crash or print reams of junk output).

Vulnerabilities

Vulnerability: A weakness in a host or network that can be exploited by a threat.

Insecure protocols/services running on a host
Exploitable security hole on a host without latest patches or workarounds
Poorly protected hosts and networks without firewalls, IDSs, etc.
Use of weak or default passwords
Insecure configuration of hosts
Execution of malicious codes by a user – Trojan, backdoor program
Use of pirated or downloaded software from a public site without verifying    checksum (integrity) and authenticity (signature)
Social engineering

FAQ No 2. What is the motivation of threat?                                        

Understanding some of the motivations for an attack can give you some insight about which areas of the network are vulnerable and what actions an intruder will most likely take. The perception is that, in many cases, the attacks occur from the external Internet. Therefore, a firewall between the Internet and the trusted corporate network is a key element in limiting where the attacks can originate. Firewalls are important elements in network security, but securing a network requires looking at the entire system as a whole.

Some of the more common motivations for attacks are listed here:

Greed: The intruder is hired by someone to break into a corporate network to steal or alter information for the exchange of large sums of money.

Prank: The intruder is bored and computer savvy and tries to gain access to any interesting sites.

Notoriety: The intruder is very computer savvy and tries to break into known hard-to-penetrate areas to prove his or her competence. Success in an attack can then gain the intruder the respect and acceptance of his or her peers.

Revenge: The intruder has been laid off, fired, demoted, or in some way treated unfairly. The more common of these kinds of attacks result in damaging valuable information or causing disruption of services.

Ignorance: The intruder is learning about computers and networking and stumbles on some weakness, possibly causing harm by destroying data or performing an illegal act.

There is a large range of motivations for attacks. When looking to secure your corporate infrastructure, consider all these motivations as possible threats.

FAQ No 3. What are the potential impact of infrastructure attacks?      

Denial of service
Because of the asymmetric nature of the threat, denial of service is likely to remain a high-impact, low-effort modus operandi for attackers. Most organizations’ Internet connections have between 1 and 155 megabits per second (Mbps) of bandwidth available. Attacks have been reported in the hundreds of Mbps and up, more than enough to saturate nearly any system on the Internet.

Compromise of sensitive information
Some viruses attach themselves to existing files on the systems they infect and then send the infected files to others. This can result in confidential information being distributed without the author’s permission (Sircam is an example).

Misinformation
Intruders might be able to modify news sites, produce bogus press releases, and conduct other activities, all of which could have economic impact.

Time and resources diverted from other tasks
Perhaps the largest impact of security events is the time and resource requirements to deal with them. Computer Economics estimated that the total economic impact of Code Red was $2.6 billion, and Sircam cost another $1.3 billion (for comparison, they estimate that the 9/11 attacks will cost around $15.8 billion to restore IT and communication capabilities).