SECURITY THREATS

Some of the threats that stimulated the upsurge of interest in security include the following.

 Organized and internal attempts to obtain economic or market information from competitive organizations in the private sector.

 Organized and intentional attempts to obtain economic information from government agencies.  Inadvertent acquisition of economic or market information

 Inadvertent acquisition of information about individuals

 Intentional fraud through illegal access to computer repositories including acquisition of funding data, economic data, law enforcement data, and data about individuals.

 Government intrusion on the rights of individuals

 Invasion of individuals’ rights by the intelligence community.

Some hacking techniques are listed in table below. These are examples of specific threats that an organization needs to counter. The nature of the threat that concerns an organization will vary depending on the circumstances. The threats can be divided into the categories of passive and active communication security threats.

Some hacking Techniques. Stolen access Stolen resources Internet virus (aka worm) Email Impostures Email snooping Sniffing Spoofing Async attacks Trojan horses Back doors

Involves the use of another user’s ID or password without permission to gain access to the internet.

Search for processors to store stolen software and data bases

Virus designed to traverse through the network, passing through multiple processors and either sending information back to the originator or doing damage to the processors it passes though.

Sending email while falsifying the From field

Email passes through at least two nodes to be received; as the email passes through these nodes, and is stored transiently, it is susceptible to people tithe system access, unless secured.

If a hacker has gained access to a host, the hacker may set up sniffing programs to observe traffic storing information (IDs/passwords)that can be used to compromise other systems.

Assuming someone else’s identity, whether it be a l ogin ID, an IP address a server, or an e-commerce merchant.

While programs are idle in host memory, a hacker may have the opportunity to access the program’s data.

Viruses concealed within a software package injected into a host. May be destructive or perform some covert activity designed to send data back to the hacker.

Applications/system programmers may implement a secret password that allows the programmer easy access to a host or application on the host; these passwords may be infiltrated.

Passive threats. Passive threats involve monitoring the transmission data of an organization. The

goal of the attacker is to obtain information that is being transmitted. In general, this is not the easiest task to undertake. Two types of threats are involved here: release of message contents and traffic analysis.

The threat of release of message contents is clearly a concern. A telephone conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. One wants to prevent the attacker from learning the contents of these transmissions.

77

The second passive threat, traffic analysis, is more subtle and often is more applicable to military situations. Even though one may have away of masking the contents of messages, the attacker may still determine the location and identity of communicating hosts and can also observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication taking place.

Passive threats are difficult to detect because they do not involve alteration of the data. However it is feasible to prevent these attacks from being successful. The emphasis in dealing with passive threats is on prevention rather than detection. Although these threats can be directed at communication resources they are generally perpetrated at the host level.

Active Threats. Active threats involve some modification of the data stream or the creation of a

false stream. One can classify these threats into three categories: message-stream modification, denial of message of service, and masquerade.

Message-stream modification means that some portion of a legitimate message is altered or that messages are delayed, replayed, or reordered to produce an unauthorized effect. For example, a message meaning “Allow Emile to read confidential file accounts” is modified to “Allow Gabrielle to read confidential file accounts”.

The denial of service prevents or inhibits the normal use or management of communication facilities. This attack may have a specific target; for example, an attacker may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.

A masquerade takes place when an attacker pretends to be someone else. A masquerade attack usually includes one of the other two forms of active attack. Such an attack can take place, for example, by capturing and replaying an authentication sequence.

Active threats have the opposite characteristics of passive threats. Passive attacks are difficult to detect and there are measures available to prevent their success. On the other hand, it is difficult to ultimately prevent active attacks because this would require physical protections of all hosts and/or communications facilities all the time. Instead, the goad is to detect active attacks and recover from disruption or delays caused by the attack. Because the detection has a deterrent effect, this may also contribute to prevention.

Again, these threats are most successful when directed to what could b the weakest link in th overall system, namely, the host level.

9.4.1 BULLETIN BOARDS

These Internet services provide a clearing house for information and correspondence about a large variety of subjects. Many commercial organizations, especially technology houses, use them to provide

customer service. Bulletin boards have been notorious hangouts for hackers and other antisocial types. A lot of pirated and virus-laden software appears on bulletin boards.

9.4.2 Electronic mail

This store-and-forward mail service allows users to communicate throughout the network, requiring only a target address and a point of access. Currently, e-mail is one of the most commonly used services and is all some organizations use. E-mail poses fewer security problems than other forms of Internet communication but is subject to interception (at the communication gateway level), if it is unencrypted. However, an organization should be careful about what it sends and accepts. For example, unsolicited, executable code sent via e-mail could be a virus.

9.4.3 File transfer

Using FTP and HTTP, users can request and send a variety of bulk data including databases, files in all formats, documents, software, images, and voice. While useful and convenient, file transfer can be insecure both in terms of confidentiality and virus threats (leading then to further confidentiality breeches or denial of service). The network administrator must control how outsiders gain access to internal files and protect the files form misuse or unauthorized use. Normally, this requires a dedicated and isolated server. Granting direct access to internal on-line production data via FTP can be dangerous and is generally not recommended.

9.4.4 IP Spoofing

IP spoofing is a technique that can lead to root access on a system. It is the tool that intruders often use to take over open terminal and login connections after they get root access. Intruders create packets with spoofed or impersonated source IP addresses. The attacks involve forging the source address of packets(usually claiming that they come from inside the organization’s own network). Other types of IP attacks include user-in-the-middle attacks (the attacker is able to send you packets and intercept the packets you reply with) and source-routing attacks (attackers exploit the IP header’s source-routing option to dictate the route the packets should take). The deterrent is to properly configure packet-filtering firewalls. Because of IP spoofing, no address-based authentication is possible.

9.4.5 Password guessing

Most host administrators have improved their password controls, but group accounts still abound, and password-dictionary and password-cracking programs can easily crack at least 10 percent of the passwords users choose. The deterrent is enforcement of good passwords.

79

9.4.6 Password sniffing

CERT estimates that, in 1994, thousands of systems were the victims of password sniffers. On LANs, any internal machine on the network can see the traffic for every machine on that network. Sniffer programs exploit this characteristic, monitoring all IP traffic and capturing the first 128 bytes or so of every encrypted FTP or Telnet session. The deterrent is to utilize programs that provide on-time (nonreusable) passwords.

9.4.7 Telnet

Telnet enables users to log on to remote computers. Telnet does little to detect and protect against unauthorized access. Fortunately, Telnet is generally supported either by using an application gateway or by configuring a router to permit outgoing connection using something such as the established screening rules.

9.4.8 Viruses

Viruses do not necessarily give intruders access to a computer system, but may be a way to copy and forward information or otherwise create denial-of-service problems. A virus is a program that can infect other programs by modifying them to include a copy of itself. It is possible that any program that comes in contact with a virus will become infected with the virus. Similarly to how viruses attack humans, computer viruses can grow, replicate, travel, adapt and learn, attack and defend, camouflage themselves, and consume resources. The following lists various computer virus infractions.

Alter data in files

Change disk assignments Create bad sectors

Decrease fee space on disk

Destroy FAT (File Allocation Table) Erase specific programs

Format specific tracks or entire disk Hang the system

Overwrite disk directory

Suppress execution of RAM resident programs Write a volume label on the disk