First of all, we'll get into the types of threats there are against networked computers, and then some things that can be done to protect against various threats.
Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for
service.
The premise of a DoS attack is simple: send more requests to the machine than it can handle. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example). Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular. Some things that can be done to reduce the risk of being stung by a denial of service attack include
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for
service.
The premise of a DoS attack is simple: send more requests to the machine than it can handle. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example). Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular. Some things that can be done to reduce the risk of being stung by a denial of service attack include
-Not running your visible-to-the-world servers at a level too close to
capacity
capacity
-Using packet filtering to prevent obviously forged packets from entering into your network address space. Obviously forged packets would include those that claim to come from your own hosts,
addresses reserved for private networks as defined in RFC 1918, and the loopback network (127.0.0.0).
addresses reserved for private networks as defined in RFC 1918, and the loopback network (127.0.0.0).
-Keeping up-to-date on security-related patches for your hosts operating systems.
Unauthorized Access
“Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that our machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web
pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.
Executing Commands Illicitly It's obviously undesirable for an unknown and untrusted person to be able to execute commands on our server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs.
“Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that our machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web
pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.
Executing Commands Illicitly It's obviously undesirable for an unknown and untrusted person to be able to execute commands on our server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs.
On the other hand, an attacker might wish to make configuration changes to a host (perhaps changing its IP address, putting a start-up script in place to cause the machine to shut down every time it is started or something similar). In this case, the attacker will need to gain administrator privileges on the host.
Confidentiality Breaches
We need to examine the threat model: what is it that we are trying to protect against? There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. In these cases, it's possible that compromise of a normal user's account on the machine can be
enough to cause damage. While many of the perpetrators of these sorts of break-ins are merely thrill seekers interested in nothing more than to see a shell prompt for your computer on their screen, there are those who are more malicious, as we'll consider next.
Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are two major categories.
Data Diddling: The data diddler is likely the worst sort, since the fact of a break-in might not be immediately obvious. Perhaps he is toying with the numbers in your spreadsheets, or changing the dates in your projections and plans. Maybe he's changing the account numbers for the auto-deposit of certain paychecks. In any case, rare is the case when you'll come in to work one day, and simply know that something is wrong. An accounting procedure might turn up a discrepancy in the books three or four months after the fact. Trying to track the problem down will certainly be difficult, and once that problem is discovered, how can any of your numbers from that time period be trusted? How far back do you have to go before you think that your data is safe?
Data Destruction: Some of those perpetrate attacks are simply twisted jerks who like to delete things. In these cases, the impact on your computing capability -- and consequently your business -- can be nothing less than if a fire or other disaster caused your computing equipment to be completely
destroyed.
Sources of Threats
Having identified various types of threats, it is now desired to know the sources of threats. An attacker may gain access to our equipment using any connection that leads to the outside world which may include Internet connections, dial-up modems, and even physical access. In order to be able to adequately address security, all possible avenues of entry must be identified and evaluated. The security of that entry point must be consistent with your stated policy on acceptable risk levels.
Having identified various types of threats, it is now desired to know the sources of threats. An attacker may gain access to our equipment using any connection that leads to the outside world which may include Internet connections, dial-up modems, and even physical access. In order to be able to adequately address security, all possible avenues of entry must be identified and evaluated. The security of that entry point must be consistent with your stated policy on acceptable risk levels.
About the precaution measures I'll be writing in next blog.
No comments:
Post a Comment