Chp 5 Access Control Threats
Birthday Attack (birthday paradox)
compares the values an attacker has against a set of password hashes for which he knows the passwords. Eventually, the attacker will find a password that matches. Countermeasures are to implement encryption on the transmission.
Sniffer Attack
in the context of password attacks simply uses a sniffer to capture an unencrypted or plaintext password. Security professionals should periodically use these to see if they can determine passwords using these tools. Encryption of the password transmission prevents this
Backdoor (trapdoor)
is a mechanism implemented in many devices or applications that gives the user who uses the backdoor unlimited access to the device or application. Most established vendors no longer release devices or applications with this security issue. You should be aware of any of theses in the devices or applications you manage.
Phishing
is a social engineering attack in which attackers try to learn personal information, including credit card information and financial data. This type of attack is usually carried out by implementing a fake website that very closely resembles a legitimate website. Users enter data, including credentials on the fake website, allowing the attackers to capture any information entered.
Whaling
is a type of phishing that specifically targets high-level executives or other high-profile individuals.
Vishing
is a type of phishing that uses a phone system or VoIP technologies. The user initially receives a call, text, or email that says to call a specific number and provide personal information such as name, birth date, Social Security number, and credit card information.
Advanced Persistent Threat (APT)
is an attack in which an unauthorized person gains access to a network and remains for a long period of time with the intention being to steal data. Does not aim to cause damage to the network or organization. Its main aim is to gain access to valuable information. Once the attacker gains access to the network, he usually sets up a backdoor. To prevent discovery, the attacker rewrites code and employs sophisticated evasion techniques. The best method to detect this is to look for anomalies or large amounts of data transfers in outbound data.
Password threats
is any attack that attempts to discover user passwords. The most common are dictionary attacks, brute-force attacks, birthday attacks, rainbow table attacks, and sniffer attacks. countermeasures are to implement complex password policies, require users to change passwords on a regular basis, employ account lockout policies, encrypt password files, and use password-cracking tools to discover weak passwords.
Mobile Code
is any software that is transmitted across a network to be executed on a local system. Examples include Java applets, Java script code, and ActiveX controls. includes security controls, Java sandboxes, and ActiveX digital code signatures. Malicious mobile code can be used to bypass access controls. Users should only download from legitimate sites and vendors.
Rainbow Table Attack
is similar to a birthday attack in that comparisons are used against known hash values. However, in this attack, a rainbow table is used that contains the cryptographic hashes of passwords. Using an up-to-date hashing algorithm (versus one that is outdated) is the first step in protecting against this type of attack. Salting is the process of randomizing each hash by adding random data that is unique to each user to their password hash, so even the same password has a unique hash.
Social Engineering Threats
occur when attackers use believable language and user gullibility to obtain user credentials or some other confidential information. These threats that you should understand include phishing/pharming, shoulder surfing, identity theft, and dumpster diving. The best countermeasure is to provide user security awareness training. This training should be required and must occur on a regular basis
Sniffing (Eavesdropping)
occurs when an attacker inserts a device or software into the communication medium that collects all the information transmitted over the medium. are used by both legitimate security professionals and attackers. Organizations should monitor and limit the use of these. To protect against their use, you should encrypt all traffic on the network.
dictionary attack
occurs when attackers use a dictionary of common words to discover passwords. An automated program uses the hash compares this hash value to entries in the system password file. Although the program comes with a dictionary, attackers also use extra dictionaries that are found on the Internet. You should implement a security rule that says that a password must NOT be a word found in the dictionary to protect against these attacks. You can also implement an account lockout policy so that an account is locked out after a certain number of invalid login attempts.
Spoofing (masquerading)
occurs when communication from an attacker appears to come from trusted sources. The goal of this type of attack is to obtain access to credentials or other personal information. A man-in-the-middle attack uses spoofing as part of the attack. Some security professionals consider phishing attacks to be the same as this attack.
Privilege Creep (authorization creep)
occurs when users are given new rights without having their old rights revoked..
Access Aggregation
occurs when users gain more access across more systems. It can be intentional, as when single sign-on is implemented, or unintentional, when users are granted more rights without considering the rights that they already have. To protect against this organizations should implement permissions/rights policies that review an account when permissions or rights changes are requested. For example, if a user is moving from the accounting department to the sales department, the user account should no longer have permissions or rights to accounting resources.
DDoS
an attack that is carried out from multiple attack locations. Vulnerable devices are infected with software agents, called zombies. This turns the vulnerable devices into botnets, which then carry out the attack. Because of the distributed nature of the attack, identifying all the attacking botnets is virtually impossible. The botnets also help to hide the original source of the attack
DoS
an attack that occurs when attackers flood a device with enough requests to degrade the performance of the targeted device. include SYN floods and teardrop attacks.
Pharming
an attack that pollutes the contents of a computer's DNS cache so that requests to a legitimate site are actually routed to an alternate site.
Emanating
are electromagnetic signals that are emitted by an electronic device. Attackers can target certain devices or transmission mediums to eavesdrop on communication without having physical access to the device or medium. The TEMPEST program, researches ways to limit emanations and standardizes the technologies used. Any equipment that meets TEMPEST standards suppresses signal emanations using shielding material. Devices that meet TEMPEST standards usually implement an outer barrier or coating, called a Faraday cage or Faraday shield. TEMPEST devices are most often used in government, military, or law enforcement.
Brute-Force Attack (exhaustive attack)
are more difficult to carry out because they work through all possible combinations of numbers and characters. It carries out password searches until a correct password is found. These attacks are also very time-consuming.
Buffer Overflow
are portions of system memory that are used to store information. occurs when the amount of data that is submitted to the application is larger than the this can handle. Typically, this type of attack is possible because of poorly written application or operating system code. This can result in an injection of malicious code. To protect against this issue, organizations should ensure that all operating systems and applications are updated with the latest service packs, updates, and patches. In addition, programmers should properly test all applications to check for these conditions. Finally, programmers should use input validation to ensure that the data submitted is not too large for the buffer.
Spear Phishing Attack
attack carried out against a specific target by learning about the target's habits and likes. take longer to carry out, because of the information that must be gathered.