Bảo mật hệ thống mạng part

CHAPTER 2 Types of Attacks Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. 15 16 Network Security: A Beginner’s Guide ad things can happen to an organization’s information or computer systems in manyways.Someofthesebadthingsaredoneonpurpose(maliciously)andothers occurbyaccident.Nomatterwhytheeventoccurs,damageisdonetotheorganiza- tion. Because of this, we will call all of these events “attacks” regardless of whether there was malicious intent or not. There are four primary categories of attacks: Access Modification Denial of service Repudiation We will cover each of these in detail in the following sections. Attacks may occur through technical means (a vulnerability in a computer system) or they may occur through social engineering. Social engineering is simply the use of non-technical means to gain unauthorized access—for example, making phone calls or walking into a facility and pretending to be an employee. Social engineering attacks may be the most devastating. Attacksagainstinformationinelectronicformhaveanotherinterestingcharacteristic: information can be copied but it is normally not stolen. In other words, an attacker may gainaccesstoinformation,buttheoriginalownerofthatinformationhasnotlostit.Itjust now resides in both the original owner’s and the attacker’s hands. This is not to say that damage is not done; however, it may be much harder to detect since the original owner is not deprived of the information. ACCESS ATTACKS An access attack is an attempt to gain information that the attacker is unauthorized to see. This attack can occur wherever the information resides or may exist during transmission (seeFigure2-1).Thistypeofattackisanattackagainsttheconfidentialityoftheinformation. Snooping Snooping is looking through information files in the hopes of finding something interest-ing. If the files are on paper, an attacker may do this by opening a filing cabinet or file drawerandsearchingthroughfiles.Ifthefilesareonacomputersystem,anattackermay attempt to open one file after another until information is found. Eavesdropping When someone listens in on a conversation that they are not a part of, that is eavesdrop-ping. To gain unauthorized access to information, an attacker must position himself at a Chapter 2: Types of Attacks 17 Information on file servers Mainframe Communications tower City Information on local hard drives Desktop computer Information coming off fax machines or printers Fax Information stored on media and left in the office or on backups taken off-site Information on paper in the office Figure 2-1. Places where access attacks can occur location where information of interest is likely to pass by. This is most often done elec-tronically (see Figure 2-2). Interception Unlike eavesdropping, interception is an active attack against the information. When an attacker intercepts information, she is inserting herself in the path of the information and capturing it before it reaches its destination. After examining the information, the at-tacker may allow the information to continue to its destination or not (see Figure 2-3). 18 Network Security: A Beginner’s Guide Figure 2-2. Eavesdropping How Access Attacks Are Accomplished Access attacks take different forms depending on whether the information is stored on paper or electronically in a computer system. Information on Paper If the information the attacker wishes to access exists in physical form on paper, he needs togainaccesstothepaper.Paperrecordsandinformationarelikelytobefoundinthefol-lowing locations: In filing cabinets In desk file drawers On desktops In fax machines In printers In the trash In long term storage Inordertosnooparoundthelocations,theattackerneedsphysicalaccesstothem.Ifhe’s anemployee,hemayhaveaccesstoroomsorofficesthatholdfilingcabinets.Deskfiledraw- Chapter 2: Types of Attacks 19 The attacker’s system sits in the path of the traffic and captures it. The attacker may choose to allow the traffic to continue or not. Attacker’s computer Traffic from the desktop to the mainframe travels over the local area network. Desktop computer Mainframe Figure 2-3. Interception ersmaybeincubesorinunlockedoffices.Faxmachinesandprinterstendtobeinpublicar-eas and people tend to leave paper on these devices. Even if offices are locked, trash and recycling cans tend to be left in the hallways after business hours so they can be emptied. Long-term storage may pose a more difficult problem, especially if the records are stored off-site.Gainingaccesstotheothersitemaynotbepossibleifthesiteisownedbyavendor. Precautions such as locks on filing cabinets may stop some snooping but a deter-mined attacker might look for an opportunity such as a cabinet left unlocked over lunch. The locks on filing cabinets and desks are relatively simple locks and may be picked by someone with knowledge of locks. Physicalaccessisthekeytogainingaccesstophysicalrecords.Goodsitesecuritymay prevent an outsider from accessing physical records but will likely not prevent an em-ployee or insider from gaining access. Electronic Information Electronic information may be stored: In desktop machines In servers On portable computers ... - tailieumienphi.vn