Skip to main content


Showing posts from December 15, 2013

3.2.4 Replay

Replay In a replay attack, an attacker captures network traffic and then replays (or retransmits) the captured traffic at a later time, in order to gain unauthorized access to a system. This type of attack may succeed in spite of encryption because even though the messages may be encrypted, and the attacker may not know what the actual keys and passwords are, the retransmission of valid logon messages may be sufficient to gain access to the network. This is the reason most certificates contain unique session identifiers and time stamps. Packet sequencing, time stamps, digital signatures and session tokens (or hash) are countermeasures used against replay attacks: Packet sequencing ensures that any packet received that is not in the proper order is dropped. Time stamps ensure that any packet received outside a specified time window is dropped. A session token is a one-time token or hash used to computationally transform a message such that it cannot be duplicated wi

3.2.3 DoS

DoS A denial-of-service (DoS) attack is one where an attacker attempts to prevent legitimate users from accessing information or services. By targeting the computer and its network connection, an attacker may be able to prevent normal access to email, web sites, online accounts (banking, etc.), or other services that run on the affected systems. In a denial-of-service attack, a resource such as a web server is flooded with false requests, overwhelming the system and preventing legitimate requests from being serviced. Ultimately the system will crash. The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you enter a URL for a particular web site into your browser for example, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it cannot proc

3.2.2 DDoS

DDoS In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. The attack is "distributed" in that the attacker can marshal multiple computers, to launch the denial-of-service attack. A distributed denial of service attack (DDoS) is a type of DoS attack where multiple systems combine their efforts to target and attack one or multiple victim systems. The attacking systems are typically victims themselves – having been previously infected with malware that enables a malicious user to control and conscribe them into an attack. The advantage to an attacker of using a distributed denial-of-service attack over a non-distributed denial-of-service attack is that multiple systems can generate greater load on the victim system(s) than in a DoS attack. Additionally it is more difficult to block attacks from multiple attacking systems than one system. Four common categories of attacks have been defined: TCP Connec

3.1.9 Botnets

Botnets What is a botnet? The word botnet is a portmanteau of robot and network. A “bot” is a type of malicious software (malware) residing on a computer and it allows an attacker to take control and direct the actions of the infected computer. These bot-infected computers are also referred to as victim computers or “zombies”. A “botnet” is an assembly of multiple bot-infected computers that can be conscribed to undertake a specific mission. Botnets can consist anywhere from a few hundred to millions of infected computers. In 2010, the creator of the Mariposa botnet which reportedly consisted of over 12 million computers was arrested. The purpose of a botnet is to undertake activities that could take advantage of the ability to marshal large-scale computing resources and apply it to a particular task. Botnets have typically been used to send out spam email messages, spread viruses, steal sensitive information including license keys and financial data on individ

3.1.8 Logic Bomb

Logic bomb A logic bomb is a form of malicious code that is unauthorized and unknown to the legitimate user. It remains dormant until a triggering event occurs. When triggered it performs some undesirable act. The triggering event may be a positive trigger or a negative trigger. An example of a positive trigger can be the lapse of a period of time, the modification of a file or system configuration, or an application-specific event such as the removal of an entry in the company’s salary database. A negative trigger can be a failure to respond to a prompt. Logic bombs are considered viruses. Sometimes logic bombs are referred to as slag code or time bomb. A logic bomb will carry out any number of malicious activities including: deleting data, reformatting drives, modification of system configurations, weakening system security, etc. Deploying a logic bomb can be considered more an act of precision bombing than indiscriminate bombing. The target of a logic bomb attack

3.2.1 Man-in-the-middle

Man-in-the-middle A man-in-the-middle or MITM attack takes place when an attacker intercepts traffic and then tricks the parties on both ends into believing they are communicating directly with each other. In the man-in-the-middle attack, the attacker interjects itself into the conversation between two parties and acting like a proxy it receives and transmits information from party A to party B and vice versa. This is a fairly sophisticated attack and in general, it involves placing malicious software or malware between the source and the destination. The software intercepts data from the source and then passes it on to the destination. Once intercepted, the data can either be monitored, logged and/or modified. A successful man-in-the-middle attack depends on the ability to: compromise the routing and name server system in the network in order to position the malware between two communicating parties coerce the two parties to see the attacker

3.1.7 Backdoors

Backdoors "With Sardaukar, you must scan them, scope them - both reflex and hard ray - cut off every scrap of body hair. And when you're through, be certain you haven't discovered everything." – Dune, Frank Herbert. What is a Backdoor Program? A backdoor is an undocumented means of access to a computer system that bypasses normal authentication and security mechanisms. A backdoor might be installed deliberately by the software developer or system administrator or it might be installed surreptitiously by an attacker as part of an exploit. “ A backdoor violation occurs when software creates a security vulnerability that allows malware or hackers to gain unauthorized access to a system .” Deliberately enabled backdoors include: Application vendors that enable access that bypasses normal security mechanisms to make it easy to support or troubleshoot their applications. System administrators that install unpublished root or administrative accounts

3.1.5 Trojans

Trojans “ Whatever it is, I’m afraid of Greeks even those bearing gifts. ” † From classic literature such as Virgil's Aeneid, Book II and Homer's Odyssey, we get the tale of Greek soldiers hiding in a large wooden horse (Trojan Horse) in order to gain access to the city of Troy. Once they had access, they surreptitiously opened the gates of the city and let in an invading Greek force. A Trojan or Trojan horse in computing is a type of malicious software that is disguised as something useful, legitimate or interesting. Since Trojans cannot replicate on their own, they are designed to trick the user into installing and running it on their computer. “A Trojan horse is a malicious software program that hides inside other programs. It enters a computer hidden inside a legitimate program, such as a screen saver. It then puts code into the operating system, which enables a hacker to access the infected computer. Trojan horses do not usually spread by themselves; the

3.1.3 Worms

Worms A computer worm is a type of malicious software (malware) that is self-contained, self-replicating and self-propagating. Unlike a virus which is a piece of software code that attaches itself to another program, a worm is a standalone software program. The primary purpose of a worm is to make copies of itself and to look for other host computers to infect. When a worm is introduced onto a host computer, it sets about doing just that – replicating or making copies of itself and seeking out communication channels it can use to target other hosts. Worms target vulnerabilities in application, operating system and network protocols. In addition to its primary purpose – propagation, a worm can carry a “payload”, which in this case is a software code written to carry out specific malicious activities such as altering or deleting data, establishing backdoors or other remote control tools. Even without the “payload”, worms are considered malware because they consume sys