Classification of Attacks Flashcards
Basic principles
In order for an attack to be performed on a system, you must find a vulnerability w/in that system.
“You can never prove that a system is secure, only that is insecure”
In a legitimate working environment, developers have very tight deadlines and so they don’t generally have the time to test everything w/in an application before they release it and as a result, there are often overlooked vulnerabilities that are left in the “finalized” code.
Examples
Operating System attacks
Examples: - Bugs (bugs are relevant to practically any software) - Buffer - Unpatched Operating Systems - Exploit of the implementation of a specific network protocol - Cracking passwords - Breaking filesystem security
What does it take to protect a system from OS attacks ?
Protecting a system from OS attacks requires regular monitoring of the network as well as being informed about the latest trends in this area of knowledge and expertise.
An OS system will need to be continuously and regularly monitored for security breaches and patched must be implemented.
Run security updates as frequently as possible.
The relationship between complexity and vulnerability.
OS attacks
The more complex and extensive the code, the more likely that vulnerabilities will be present.
Protecting the Operating System is priority #1, at all times.
Application Level attacks
Applications nowadays are prone to vulnerabilities due to the developers’ inability to properly and thoroughly test the code. Hackers use different tools and techniques in order to discover and exploit these vulnerabilities and thus gain access to the application information.
AL attacks are similar to OS attacks but far less damaging and their scope is far narrower.
Examples
Application Level attacks
- Sensitive information disclosure
- Buffer overflow attack
- SQL injection
- Cross-site scripting
- Session hijacking
- Denial of service
- Man in the middle
- Phishing
Misconfiguration attacks
Misconfiguration attack happens when a hacker gains access to the system that has poorly configured security. This attack allows hackers to access the system and its files, and perform malicious actions.
Ex. from Erman, the EH boy himself (I love this man):
- Working on his server in the cloud, testing things out
- accidentally misconfigured the apache Web server to allow proxy requests
- Fell asleep at his keyboard
- When he woke up in the morning, his cloud service provider notified him that his Web server’s IP address was used to perform a DDoS attack on a Sony server
- Immediately reacted 6 hours later (I’m sorry, Erman, I’m just goofing)
- He shut down all outgoing traffic
- He accessed the virtual machine via the Web console (pretty much direct access from there)
- Began his investigation to see what went wrong
- Realized that he had accidentally managed to misconfigure to allow proxy requests to go through his Web server
- So, someone was using his Web server as a proxy place
- They sent a request, came to his Web server, and then conducted an attack on a Sony server form the Web server, hiding behind it.
Shrink-wrap Code attacks
Shrink-wrap attacks happen because programmers regularly utilize free libraries and code authorized from different sources. If a hacker manages to find vulnerabilities in that code, then that would cause a great deal of problems.
- Developers tend to recycle code
- They take recycled code form libraries and embed it into their software
- If that code pulled from that library has vulnerabilities, then your software will inherit those vulnerabilities
- The majority of hackers will not focus on finding vulnerabilities w/in an individual application or program, they will instead try to discover vulnerabilities w/in a library, because they would then have the capability of exploiting that vulnerability in who’sever application inherited that vulnerability (very cost efficient)
- It is generally a very good idea for a developer, when they make use of these libraries, to conduct fortifications, but this is generally absolutely tedious and a lot of the time, it’s not actually possible
- Another, more cost effective approach to try to prevent Shrink-wrap Code attacks when utilizing libraries is to make use of those that are much older, have a proven track record, and are updated and maintained, actively (helps to have an active community as well)
