INTRODUCTION VULNERABILITIES, THREATS AND ATTACK

CHAPTER 2

VULNERABILITIES
A vulnerability is an inherent weakness in the design, configuration, or implementation of a network or system that renders it susceptible to a threat. Most vulnerabilities can usually be traced back to one of three sources:
Poor design Poor implementation Poor management

Poor Design (Technology Weaknesses)

Hardware and software system that contain design flaws that can be exploited. Example: the sendmail flaws in early version of Unix.

Poor Implementation (Configuration Weaknesses)

System that are incorrectly configured, and therefore vulnerable to attack. Example: system that does not have restrictedaccess privileges on critical executable files, thereby allowing these files to be altered by unauthorized users.

Poor Management (Security Policy Weaknesses)

Inadequate procedures or insufficient checks and balances.

THREATS
A threat is anything that can disrupt the operation, functioning, integrity, or availability of a network or system. There are different categories of threats:
Natural threats (floods, earthquakes, or storms) Unintentional threats (result of accident or stupidity) Intentional threats (result of malicious indent)

THREATS
Unstructured threats Structured threats Internal threats
created by an inexperienced person who is trying to gain access to your network implemented by a technically skilled person who is trying to gain access to a network occurs when someone from inside your network creates a security threat to your network. occurs when someone outside your network creates a security threat to your network.

External threats

ATTACK
An attack is a specific technique used to exploit a vulnerability. There are two categories of attack: Passive attack
very difficult to detect because there is no overt activity that can be monitored or detected. Example: packet sniffing or traffic analysis.

Active attack
Employ more overt action on the network or system. Example: denial-of-service.

ATTACK
Reconnaissance attack Access attack Distributed Denial of service attack Malicious code attack

Reconnaissance Attack
Reconnaissance attacks are the first step in the process of intrusion and involve unauthorized discovery and mapping of systems, services, or vulnerabilities. These discovery and mapping techniques are commonly known as scanning and enumeration. Common tools, commands, and utilities that are used for scanning and enumeration include ping, Telnet, nslookup, finger, rpcinfo, File Explorer, srvinfo, and dumpacl. Other third-party public tools include Sniffer, SATAN, SAINT, NMAP, and netcat.

Access Attack
Access attack are an attempt to gain access to information that the attacker dont have authorization to have. Access attack in network
Snooping Eavesdropping Interception

Snooping
Snooping is looking through information files in the hopes of finding something interesting. If the files are on paper, an attacker may do this by opening a file drawer and searching through files. If the files are on a computer system, an attacker may attempt to open one file after another until information is found.

Eavesdropping
Eavesdropping is when someone listens in on a conversation that they are not a part of. To gain unauthorized access to information, an attacker must position himself at a location where information of interest is likely to pass by. The introduction of wireless networks has increased the opportunity to perform eavesdropping.

Interception
Unlike eavesdropping, interception is an active attack against the information. When an attacker intercepts information, he is inserting herself in the path of the information and capturing it before it reaches its destination. After examining the information, the attacker may allow the information to continue to its destination or not

Distributed Denial of Service

Distributed Denial of Service (DDoS) attack is a DoS attack that occurs from more than one source, and/or from more than one location, at the same time. Purpose of DDoS attack is exhaust the victim's resources
network bandwidth, computing power, or operating system data structures

Malicious Code Attack

Malicious code is an auto-executable application. It can take the form of Java Applets, ActiveX controls, plug-ins, pushed content, scripting languages, or a number of new programming languages designed to enhance Web pages and email.

WHERE MALICIOUS CODE HIDE?

Email Web content File downloads Legitimate sites Pushed contents

VIRUS vs WORMS vs TROJAN

Virus
Require human action.

Worms
Spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.

Trojan Horse
Appear to be useful software but will actually do damage once installed or run on your computer. Designed to be annoying and malicious (like changing your desktop, adding silly active desktop icons) or can cause serious damage (create a backdoor, deleting files) Do not reproduces by infecting other files

Spreading of computer virus, Replicate itself on your mostly by sharing infecting system, creating a huge files or sending e-mails with devastating effect. viruses as attachments in the e-mail.

It also passing the infection from one infected system to another (attach to executable file) Example: Brain virus

Do not need to infect other file in order to reproduce.

Example: Morris worm

Example: Beast

Others Attack
Logic Bombs Port Scanning Man-in-the-middle Traps Door Replay Attack Back Door Attack Spoofing Attack