Categories
Useful Links
Threats
When modelling a security system, the first step to consider is threat assessment, which consists in understanding the nature and type of the principal attacks in order to figure out what are the threats and evaluate the cost of these potential attacks on the system.
Information Gathering
Information gathering consists in getting information about the target system. The objective is to obtain details about the network topology, the system configuration and the network devices in order to discover potential vulnerabilities, and plan more sophisticated attacks. Three types of attacks can be used at this effect:
Footprint
Footprinting uses reconnaissance techniques to get the profile of a security model and discover its vulnerabilities. This attack can notably permit to collect the range of IP addresses used within the private network, the types and addresses of the DNS Server, the information about network’s mail servers, the contact details for administrative, technical, and billing tasks, details about hardware locations, the ip address of the internet gateway…Some of the tool used for footprinting are samspade, nslookup, traceroute, Nmap and neotrace.
Scanning
Scanning attacks use identification techniques to gain access into the private network. It usually generates traffic on the network that solicits a response to collect network configuration information. The major scanning processes are presented hereafter:
Sweeping
This attack helps to determine the mapping of a network and identify the running components of a network. A basic example is the ping sweep, which bombards the network of ping requests to determine the active IP addresses of hosts.
War Dialing
War dialing is a process to determine phone numbers connected to a modem in order to find unprotected systems and obtain such information as fax machines, modem access points, PBS access points. This attack employs software like PhoneSweep, TeleSweep and ToneLoc that automatically dial a range of phone numbers and log the wanted information.
War Driving
War Driving (also known as war walking or war biking) is a technique used to located and identify wireless networks –using mobile devices such as a PDA, GPS or Laptop—in order to simply access the internet connection or eavesdrop confidential information.
Port Scanning
Port scanning is a process which consists in listening the ports of a given IP address either to detect or use available ports (open ports) or to simply determine the type of services used on active ports.Enumeration
Enumeration is a process to retrieve user accounts, groups, directories, and domains on systems. It is able to extract usernames, network resources, network shares, system banners, routing tables, SNMP information and many more.
Social Engineering
Social engineering is the practice of obtaining confidential information about a system by manipulating people who have privileged access to the information system. This attack is the most dangerous because undetectable by any security model. Social Engineering uses various techniques to gain the trust of the target user, using either Human-based or computer-based techniques.
Application and Operating Systems Attacks
“Some programs and network services were not originally designed with strong security in mind and are inherently vulnerable to attack.”(Kirch 2000) Even strongly secured, all application and operating systems contain breaches and are vulnerable to some kinds of attacks. The principles ones are Stackbased overflow attacks, Password Attacks and Web Application Attacks.
Stack-based overflow attacks
According to the Wikipedia definition, Stack-based overflow is a process or a program that tries to store data beyond the boundaries of a fixed-length buffer. It can lead to data integrity issues and unavailability of the system.
Password Attacks
Password attacks use sophisticated techniques such as brute force, dictionary or FMB attacks to obtain passwords. This attack is mostly successful as most people use simple password.
Web Application Attacks
This type of attacks exploits the common security holes (such as open ports of a firewall, or known vulnerabilities of Applications) to disrupt services or access confidential information.
Network Attacks
Sniffing
Sniffing is the technique of eavesdropping the traffic traversing a network in order to extract information such as account details, passwords and low-level protocol information.
Spoofing
Spoofing uses impersonation techniques to gain control over a network. Different methods can be used:Hardware spoofing
Hardware spoofing refers to the ability to change the physical address of an hardware such as the MAC address.IP Spoofing
IP Spoofing is the ability to modify the IP address of the sender
Session Hijacking
Session Hijacking takes advantage over the TCP protocol, to intercept and/or modify the content send between two entities in the network.
Denial of service
Resource starvation
Resource starvation is a DoS attack that consumes all the system resources of the targeted system (such as CPU, Memory and hard disk space) and attempts to disrupt the availability of any services provided by the system.
Bandwidth consumption
Bandwidth consumption consists in flooding the network with a huge amount of data, which results in an overload on the network making it unavailable for use.
Routing attacks
In routing attacks, the hacker tries to alter the routing tables of the victim (by poisoning the entries of the tables) in order to intercept the information.
DNS Cache Poisoning
This attack targets DNS servers and consists in poisoning DNS entries by sending incorrect information and altering the mapping between host names and IP addresses. This attack directly affects the availability of the targeted web-site, and makes it possible for the hacker to redirect users to a fake copy of the website (spoofed web-site) in order to try to collect confidential information (pharming) or propagate malware.
Distributed DoS
Distributed DoS is a DoS attack performed by a network (called a botnet) of compromised computers (called zombies or bots). Once under his control, a hacker can manipulate his “zombie army” to target a specific organization without being identifiable. (NISCC 2006)
Malicious Software
Malicious software also called malware, is a general term to refer to any software designed to cause damage to the computer it is installed on. They come in with many different flavors causing more or less harm. Refers to:Miscrosoft Malware Definition
Spyware
Spyware is malicious code that generally install itself on client systems, usually without the agreement or knowledge of the user. It seeks to gather personal or sensitive information about users (account names, passwords, credit card numbers and logins) and generally sends it to malicious third parties.
Virus
Viruses are software programs designed to “crash a victim’s system, consume the system resources, or send sensitive information back to the hackers”(internet security and firewalls). Virus attaches itself to a program or file, and infects its victim only by running or opening it. They need “human action” to spread over the network that is by the action of transferring or sharing infected information.
Trojan Horses
Trojan horse or simply Trojan is a piece of software which appears to provide useful services at first glance but will in fact cause harm once installed on the system, without the victim suspecting it. Depending on its objective, the Trojan may seriously damage the system by deleting files and destroying information on the system; however, there are often designed to create a secret door for the hacker to access the system, allowing confidential or personal information to be compromised. Contrary to virus, they do not have the ability to replicate themselves and propagate to infect other systems.
Worm
A worm is similar to a virus by its design, but differs in it capacity to replicate itself on the system and then travel across the network by its own means. The resulting effect is mostly system memory saturation and/or network bandwidth high consumption, leading to a denial of service (unavailability of the system resources).
Backdoor
A backdoor program is used to create a secret entry point for a hacker to remotely access the system and gain control of it, trying to remain hidden from casual inspection.Productivity and Reputation Threats
SPAM
SPAM stands for Self Promotional Advertising Message. Also known as junk emails, they saturate the mail boxes and harm the productivity of employees. SPAM can negatively affect the reputation of a company, if it has been generated by the mail system of the company. Indeed, spammers generally use mail servers insecurely configured as open relay to send large amount of junk messages.
Instant messaging
Instant messaging is widely used in the daily life, however, it can be excessively used by employees and harm their productivity.