Access attacks exploit known vulnerabilities in authentication services, FTP
services, and Web services to gain entry to Web accounts, confidential
databases, and other sensitive information
. Access attacks
can consist of the following:
Password Attacks
Password attacks can be implemented using
several methods, including brute-force attacks, Trojan horse programs, IP
spoofing, and packet sniffers
,
. Although packet
sniffers and IP spoofing can yield user accounts and passwords, password
attacks usually refer to repeated attempts to identify a user account,
password, or both. These repeated attempts are called brute force attacks.
Often a brute-force attack is performed using a program that runs across the
network and attempts to log in to a shared resource, such as a server. When an
attacker gains access to a resource, he or she has the same access rights as
the user whose account has been compromised. If this account has sufficient
privileges, the attacker can create a back door for future access, without
concern for any status and password changes to the compromised user account
The following are the two methods for computing passwords:
-
Dictionary cracking – The password hashes for all of the words in a
dictionary file are computed and compared against all of the password hashes
for the users. This method is extremely fast and finds very simple
passwords.
-
Brute-force computation – This method uses a particular character
set, such as A to Z, or A to Z plus 0 to 9, and computes the hash for every
possible password made up of those characters. It will always compute the
password if that password is made up of the character set you have selected to
test. The downside is that time is required for completion of this type of
attack.
Trust Exploitation
Although it is more of a technique than a
hack itself, trust exploitation refers to an attack in which an individual
takes advantage of a trust relationship within a network
,
. The classic
example is a perimeter network connection from a corporation. These network
segments often house Domain Name System (DNS), Simple Mail Transfer Protocol
(SMTP), and Hypertext Transfer Protocol (HTTP) servers. Because all these
servers reside on the same segment, the compromise of one system can lead to
the compromise of other systems because these systems usually trust other
systems attached to the same network.
Another example is a system on the
outside of a firewall that has a trust relationship with a system on the inside
of a firewall. When the outside system is compromised, it can take advantage of
that trust relationship to attack the inside network. Another form of an access
attack involves privilege escalation. Privilege escalation occurs when a user
obtains privileges or rights to objects that were not assigned to the user by
an administrator. Objects can be files, commands, or other components on a
network device. The intent is to gain access to information or execute
unauthorized procedures. This information will be used to gain administrative
privileges to a system or device. They use these privileges to install
sniffers, create backdoor accounts, or delete log files.
Trust
exploitation-based attacks can be mitigated through tight constraints on trust
levels within a network. Systems on the outside of a firewall should never be
absolutely trusted by systems on the inside of a firewall. Such trust should be
limited to specific protocols and should be authenticated by something other
than an IP address where possible
Port Redirection
Port redirection attacks are a type of trust
exploitation attack that uses a compromised host to pass traffic through a
firewall that would otherwise be dropped
. Consider a
firewall with three interfaces and a host on each interface. The host on the
outside can reach the host on the public services segment, but not the host on
the inside. This publicly accessible segment is commonly referred to as a
Demilitarized Zone (DMZ). The host on the public services segment can reach the
host on both the outside and the inside. If hackers were able to compromise the
public services segment host, they could install software to redirect traffic
from the outside host directly to the inside host. Though neither communication
violates the rules implemented in the firewall, the outside host has now
achieved connectivity to the inside host through the port redirection process
on the public services host. An example of an application that can provide this
type of access is netcat.
Port redirection can be mitigated primarily
through the use of proper trust models, which are network specific (as
mentioned earlier). Assuming a system under attack, a host-based IDS can help
detect a hacker and prevent installation of such utilities on a host.
Man-in-the-middle Attack
A man-in-the-middle attack requires that
the hacker have access to network packets that come across a network. An
example could be someone who is working for an Internet service provider (ISP)
and has access to all network packets transferred between the ISP network and
any other network.
Such attacks are often implemented using network
packet sniffers and routing and transport protocols. The possible uses of such
attacks are theft of information, hijacking of an ongoing session to gain
access to private network resources, traffic analysis to derive information
about a network and its users, Denial of Service (DoS), corruption of
transmitted data, and introduction of new information into network
sessions.
Man-in-the-middle attack mitigation is achieved by encrypting
traffic in an IPSec tunnel, which would allow the hacker to see only cipher
text.
Social Engineering
The easiest hack involves no computer
skill at all. If an intruder can trick a member of an organization into giving
over valuable information, such as locations of files, and servers, and
passwords, then the process of hacking is made immeasurably easier.
Phishing
Phishing is a type of social engineering attack that
involves using email or other types of messages in an attempt to trick others
into providing sensitive information, such as credit card numbers or passwords.
The phisher will masquerade as a trusted party that has a seemingly legitimate
need for the sensitive information. Frequent phishing scams involve sending out
spam emails that appear to be from common online banking or auction sites.
These emails contain hyperlinks that appear to be legitimate, but will actually
cause the user to visit a phony site set up by the phisher to capture their
information. The site will appear to belong to the party that was faked in the
email, and when the user enters their information it is recorded for the
phisher to use.