Attack Examples
Access attacks

Access attacks exploit known vulnerabilities in authentication services, FTP services, and Web services to gain entry to Web accounts, confidential databases, and other sensitive information . Access attacks can consist of the following:

Password Attacks
Password attacks can be implemented using several methods, including brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers , . Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks usually refer to repeated attempts to identify a user account, password, or both. These repeated attempts are called brute force attacks.

Often a brute-force attack is performed using a program that runs across the network and attempts to log in to a shared resource, such as a server. When an attacker gains access to a resource, he or she has the same access rights as the user whose account has been compromised. If this account has sufficient privileges, the attacker can create a back door for future access, without concern for any status and password changes to the compromised user account

The following are the two methods for computing passwords:

  • Dictionary cracking – The password hashes for all of the words in a dictionary file are computed and compared against all of the password hashes for the users. This method is extremely fast and finds very simple passwords.
  • Brute-force computation – This method uses a particular character set, such as A to Z, or A to Z plus 0 to 9, and computes the hash for every possible password made up of those characters. It will always compute the password if that password is made up of the character set you have selected to test. The downside is that time is required for completion of this type of attack.

Trust Exploitation
Although it is more of a technique than a hack itself, trust exploitation refers to an attack in which an individual takes advantage of a trust relationship within a network , . The classic example is a perimeter network connection from a corporation. These network segments often house Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) servers. Because all these servers reside on the same segment, the compromise of one system can lead to the compromise of other systems because these systems usually trust other systems attached to the same network.

Another example is a system on the outside of a firewall that has a trust relationship with a system on the inside of a firewall. When the outside system is compromised, it can take advantage of that trust relationship to attack the inside network. Another form of an access attack involves privilege escalation. Privilege escalation occurs when a user obtains privileges or rights to objects that were not assigned to the user by an administrator. Objects can be files, commands, or other components on a network device. The intent is to gain access to information or execute unauthorized procedures. This information will be used to gain administrative privileges to a system or device. They use these privileges to install sniffers, create backdoor accounts, or delete log files.

Trust exploitation-based attacks can be mitigated through tight constraints on trust levels within a network. Systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall. Such trust should be limited to specific protocols and should be authenticated by something other than an IP address where possible

Port Redirection
Port redirection attacks are a type of trust exploitation attack that uses a compromised host to pass traffic through a firewall that would otherwise be dropped . Consider a firewall with three interfaces and a host on each interface. The host on the outside can reach the host on the public services segment, but not the host on the inside. This publicly accessible segment is commonly referred to as a Demilitarized Zone (DMZ). The host on the public services segment can reach the host on both the outside and the inside. If hackers were able to compromise the public services segment host, they could install software to redirect traffic from the outside host directly to the inside host. Though neither communication violates the rules implemented in the firewall, the outside host has now achieved connectivity to the inside host through the port redirection process on the public services host. An example of an application that can provide this type of access is netcat.

Port redirection can be mitigated primarily through the use of proper trust models, which are network specific (as mentioned earlier). Assuming a system under attack, a host-based IDS can help detect a hacker and prevent installation of such utilities on a host.

Man-in-the-middle Attack
A man-in-the-middle attack requires that the hacker have access to network packets that come across a network. An example could be someone who is working for an Internet service provider (ISP) and has access to all network packets transferred between the ISP network and any other network.

Such attacks are often implemented using network packet sniffers and routing and transport protocols. The possible uses of such attacks are theft of information, hijacking of an ongoing session to gain access to private network resources, traffic analysis to derive information about a network and its users, Denial of Service (DoS), corruption of transmitted data, and introduction of new information into network sessions.

Man-in-the-middle attack mitigation is achieved by encrypting traffic in an IPSec tunnel, which would allow the hacker to see only cipher text.

Social Engineering
The easiest hack involves no computer skill at all. If an intruder can trick a member of an organization into giving over valuable information, such as locations of files, and servers, and passwords, then the process of hacking is made immeasurably easier.

Phishing
Phishing is a type of social engineering attack that involves using email or other types of messages in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher will masquerade as a trusted party that has a seemingly legitimate need for the sensitive information. Frequent phishing scams involve sending out spam emails that appear to be from common online banking or auction sites. These emails contain hyperlinks that appear to be legitimate, but will actually cause the user to visit a phony site set up by the phisher to capture their information. The site will appear to belong to the party that was faked in the email, and when the user enters their information it is recorded for the phisher to use.