Friday, February 29, 2008

Intrusion Techniques

These are the primary ways an attacker can get into a system:

Physical Intrusion - If an attacker has physical access to a machine (i.e. they can use the keyboard or take apart the system), they will be able to get in. Techniques range from special privileges the console has, to the ability to physically take apart the system and remove the disk drive (and read/write it on another machine).

System Intrusion - This type of hacking assumes the attacker already has a low-privilege user account on the system. If the system doesn't have the latest security patches, there is a good chance the attacker will be able to use a known exploit in order to gain additional administrative privileges.

Remote Intrusion - This type of hacking involves an attacker who attempts to penetrate a system remotely across the network. The attacker begins with no special privileges. There are several forms of this type of hacking. Note that Network Intrusion Detection Systems are primarily concerned with Remote Intrusion.

Posted by at No comments:

Attacker Profiles

There are two words to describe the attacker: hacker and attacker. A hacker is a generic term for a person who likes getting into things. The benign hacker is the person who likes to get into his/her own computer and understand how it works. The malicious hacker is the person who likes getting into other people's systems. The benign hackers wish that the media would stop bad-mouthing all hackers and use the term 'attacker' instead. Unfortunately, this is not likely to happen. In any event, the word used to denote anybody trying to get into your system in this paper is 'attacker'.
Attackers can be classified into two categories.
Outsiders
These are attackers from outside your network attempting to attack you external presence (deface web servers, forward spam through e-mail servers, etc.). They may also attempt to go around the firewall to attack machines on the internal network. Outside attackers may come from the Internet, dial-up lines, physical break-ins, or from partner (vendor, customer, reseller, etc.) network that is linked to your corporate network.
Insiders
These are attackers that have legitimate reasons to use/access your internal network. These include users who misuse privileges or who impersonate higher privileged users. A frequently quoted statistic cites that insiders commit 80% of security breaches.
Posted by at No comments:
Subscribe to: Posts (Atom)
 
Custom Search
=================================================================================