Xem mẫu
CHAPTER 2
Types of Attacks
Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. 15
16 Network Security: A Beginner’s Guide
ad things can happen to an organization’s information or computer systems in manyways.Someofthesebadthingsaredoneonpurpose(maliciously)andothers occurbyaccident.Nomatterwhytheeventoccurs,damageisdonetotheorganiza-
tion. Because of this, we will call all of these events “attacks” regardless of whether there was malicious intent or not.
There are four primary categories of attacks:
Access Modification Denial of service Repudiation
We will cover each of these in detail in the following sections.
Attacks may occur through technical means (a vulnerability in a computer system) or they may occur through social engineering. Social engineering is simply the use of non-technical means to gain unauthorized access—for example, making phone calls or walking into a facility and pretending to be an employee. Social engineering attacks may be the most devastating.
Attacksagainstinformationinelectronicformhaveanotherinterestingcharacteristic: information can be copied but it is normally not stolen. In other words, an attacker may gainaccesstoinformation,buttheoriginalownerofthatinformationhasnotlostit.Itjust now resides in both the original owner’s and the attacker’s hands. This is not to say that damage is not done; however, it may be much harder to detect since the original owner is not deprived of the information.
ACCESS ATTACKS
An access attack is an attempt to gain information that the attacker is unauthorized to see. This attack can occur wherever the information resides or may exist during transmission (seeFigure2-1).Thistypeofattackisanattackagainsttheconfidentialityoftheinformation.
Snooping
Snooping is looking through information files in the hopes of finding something interest-ing. If the files are on paper, an attacker may do this by opening a filing cabinet or file drawerandsearchingthroughfiles.Ifthefilesareonacomputersystem,anattackermay attempt to open one file after another until information is found.
Eavesdropping
When someone listens in on a conversation that they are not a part of, that is eavesdrop-ping. To gain unauthorized access to information, an attacker must position himself at a
Chapter 2: Types of Attacks 17
Information on file servers
Mainframe Communications tower
City
Information on local hard drives
Desktop computer
Information coming off fax machines or printers
Fax
Information stored on media and left in the office or on backups taken off-site
Information on paper in the office
Figure 2-1. Places where access attacks can occur
location where information of interest is likely to pass by. This is most often done elec-tronically (see Figure 2-2).
Interception
Unlike eavesdropping, interception is an active attack against the information. When an attacker intercepts information, she is inserting herself in the path of the information and capturing it before it reaches its destination. After examining the information, the at-tacker may allow the information to continue to its destination or not (see Figure 2-3).
18 Network Security: A Beginner’s Guide
Figure 2-2. Eavesdropping
How Access Attacks Are Accomplished
Access attacks take different forms depending on whether the information is stored on paper or electronically in a computer system.
Information on Paper
If the information the attacker wishes to access exists in physical form on paper, he needs togainaccesstothepaper.Paperrecordsandinformationarelikelytobefoundinthefol-lowing locations:
In filing cabinets
In desk file drawers On desktops
In fax machines In printers
In the trash
In long term storage
Inordertosnooparoundthelocations,theattackerneedsphysicalaccesstothem.Ifhe’s anemployee,hemayhaveaccesstoroomsorofficesthatholdfilingcabinets.Deskfiledraw-
Chapter 2: Types of Attacks 19
The attacker’s system sits in the path of the traffic and captures it. The attacker may choose to allow the traffic to continue or not.
Attacker’s computer
Traffic from the desktop to the mainframe travels over the local area network.
Desktop computer Mainframe
Figure 2-3. Interception
ersmaybeincubesorinunlockedoffices.Faxmachinesandprinterstendtobeinpublicar-eas and people tend to leave paper on these devices. Even if offices are locked, trash and recycling cans tend to be left in the hallways after business hours so they can be emptied. Long-term storage may pose a more difficult problem, especially if the records are stored off-site.Gainingaccesstotheothersitemaynotbepossibleifthesiteisownedbyavendor.
Precautions such as locks on filing cabinets may stop some snooping but a deter-mined attacker might look for an opportunity such as a cabinet left unlocked over lunch. The locks on filing cabinets and desks are relatively simple locks and may be picked by someone with knowledge of locks.
Physicalaccessisthekeytogainingaccesstophysicalrecords.Goodsitesecuritymay prevent an outsider from accessing physical records but will likely not prevent an em-ployee or insider from gaining access.
Electronic Information Electronic information may be stored:
In desktop machines In servers
On portable computers
...
- tailieumienphi.vn
nguon tai.lieu . vn