MODIFICATION ATTACKSA modification attack is an attempt to modify information that an attacker is not autho-rized to modify.. Changes One type of modification attack is to change existin
Trang 1MODIFICATION ATTACKS
A modification attack is an attempt to modify information that an attacker is not
autho-rized to modify This attack can occur wherever the information resides It may also be
at-tempted against information in transit This type of attack is an attack against the
integrity of the information
Changes
One type of modification attack is to change existing information, such as an attacker
changing an existing employee’s salary The information already existed in the
organiza-tion but it is now incorrect Change attacks can be targeted at sensitive informaorganiza-tion or
public information
Figure 2-4. Interception using incorrect name resolution information
Trang 2Another type of modification attack is the insertion of information When an insertion at-tack is made, information that did not previously exist is added This atat-tack may be mounted against historical information or information that is yet to be acted upon For example, an attacker might choose to add a transaction in a banking system that moves funds from a customer’s account to his own
Deletion
A deletion attack is the removal of existing information This could be the removal of in-formation in a historical record or in a record that is yet to be acted upon For example, an attacker could remove the record of a transaction from a bank statement (thus causing the funds that would have been taken from the account to remain)
How Modification Attacks Are Accomplished
As with access attacks, modification attacks can be performed against information in pa-per form or electronic form
Information on Paper
Paper records can be difficult to modify without being detected If documents are signed (such as contracts), care must be taken to re-create the signatures If a large stapled or bound document is to be modified, the document must be reassembled so as to not show that it was modified
It is very difficult to insert or delete information from written transaction logs Since the information in these logs is chronological, any attempt to add or remove entries would be noticed
In most cases, attempts to modify paper documents may best be accomplished by re-placing the entire document Of course, this type of attack will require physical access to the documents
Electronic Information
Modifying information in an electronic form is significantly easier than modifying informa-tion stored on paper Assuming that the attacker has access to files, modificainforma-tions can be made with little evidence If the attacker does not have authorized access to the files, the at-tacker would first have to increase his access to the system or remove the permissions on the file As with access attacks, the attacker could first execute an exploitation of a vulnerability
on the computer system Then, with the increased access, the file may be modified
Changes to database files or transaction queues must be performed carefully In some cases, transactions are numbered sequentially and the removal or addition of an incorrect transaction number will trigger an alarm In these cases, the attacker must make signifi-cant changes to the overall system to keep the changes from being detected
Trang 3It is more difficult to successfully mount a modification attack of information in
tran-sit The best way to do this would be to first execute an interception attack against the
traf-fic of interest and then change the information before passing it on to the destination
DENIAL-OF-SERVICE ATTACKS
Denial-of-service (DoS) attacks are attacks that deny the use of resources to legitimate
us-ers of the system, information, or capabilities DoS attacks generally do not allow the
at-tacker to access or modify information on the computer system or in the physical world
DoS attacks are nothing more than vandalism
Denial of Access to Information
A DoS attack against information causes that information to be unavailable This may be
caused by the destruction of the information or by the changing of the information into an
unusable form This situation can also be caused if the information still exists but has been
removed to an inaccessible location
Denial of Access to Applications
Another type of DoS attack is to target the application that manipulates or displays
infor-mation This is normally an attack against a computer system running the application If
the application is not available, the organization cannot perform the tasks that are done
by that application
Denial of Access to Systems
A common type of DoS attack is to bring down computer systems In this type of attack,
the system along with all applications that run on the system and all the information that
is stored on the system become unavailable
Denial of Access to Communications
DoS attacks against communications have been performed for many years This type of
attack can range from cutting a wire, to jamming radio communications, to flooding
net-works with excessive traffic Here the target is the communications media itself
Normally, systems and information are left untouched but the lack of communications
prevents access to the systems and information
How Denial-of-Service Attacks Are Accomplished
DoS attacks are primarily attacks against computer systems and networks This is not to
say that there are no DoS attacks against information on paper, just that it is much easier
to conduct a DoS attack in the electronic world
Trang 4Information on Paper
Information that is physically stored on paper is subject to physical DoS attacks To make the information unavailable, it must either be stolen or destroyed in place Destruc-tion of the informaDestruc-tion can be accomplished intenDestruc-tionally or accidentally For example,
an attacker could shred paper records If no other copies exist, the records are destroyed Likewise, an attacker could set fire to a building that contains the paper records This would destroy the records and deny the use of them to the organization
Accidental causes can have the same effect For example, a fire might start due to faulty wiring or an employee might shred the wrong documents by mistake In either case, the information is gone and thus is not available for the organization to use
Electronic Information
There are many ways that information in electronic form can suffer a DoS attack Infor-mation can be deleted in an attempt to deny access to that inforInfor-mation In order to be suc-cessful, this type of attack would also require that any backups of the information also be deleted It is also possible to render information useless by changing the file For example,
an attacker could encrypt a file and then destroy the encryption key In that way, no one could get access to the information in the file (unless a backup was available)
Information in electronic form is susceptible to physical attacks as well The computer system with the information could be stolen or destroyed Short-term DoS attacks against the information can be made by simply turning off the system Turning off the system will also cause a DoS against the system itself Computer systems can also be crippled by DoS at-tacks aimed directly at the system Several such atat-tacks exist (either due to vulnerabilities in the operating systems or known protocol issues—see Chapter 13 for more details)
Applications can be rendered unavailable through any number of known vulnerabili-ties This type of vulnerability allows an attacker to send a predefined set of commands to the application that the application is not able to process properly The application will likely crash when this occurs Restarting the application restores service but the applica-tion is unavailable for the time it takes to restart
Perhaps the easiest way to render communications unusable is to cut the wire This type
of attack requires physical access to the network cables but as we have seen over time, backhoes make great DoS tools Other DoS attacks against communications consist of send-ing extraordinarily large amounts of traffic against a site This amount of traffic overwhelms the communications infrastructure and thus denies service to legitimate users
Not all DoS attacks against electronic information are intentional Accidents play a large role in DoS incidents For example, the backhoe that I mentioned in the last para-graph might cut a fiber-optic transmission line by accident while working on another job Such cuts have caused widespread DoS incidents for telephone and Internet users Like-wise, there have been incidents of developers testing new code that causes large systems
to become unavailable Clearly, most developers do not have the intent of rendering their systems unavailable Even children can cause DoS incidents A child on a data center tour will be fascinated by all the blinking lights Some of these lights and lighted switches will
Trang 5be near eye level for a child The temptation to press a switch and possibly shut down a
system will be immense
REPUDIATION ATTACKS
Repudiation is an attack against the accountability of the information In other words,
re-pudiation is an attempt to give false information or to deny that a real event or transaction
should have occurred
Masquerading
Masquerading is an attempt to act like or impersonate someone else or some other
tem This attack can occur in personal communication, in transactions, or in
sys-tem-to-system communications
Denying an Event
Denying an event is simply disavowing that the action was taken as it was logged For
ex-ample, a person makes a purchase at a store with a credit card When the bill arrives, the
person tells the credit card company that he never made the purchase
How Repudiation Attacks Are Accomplished
Repudiation attacks can be made against information in physical form or electronic
form The difficulty of the attack depends upon the precautions that are provided by the
organization
Information on Paper
An individual can masquerade by using someone else’s name on a document If a
signa-ture is required on the document, the attacker must forge the signasigna-ture It is much easier
to masquerade when using a typed document rather than a handwritten document
An individual can deny an event or transaction by claiming that he or she did not
ini-tiate it Again, if signatures are used on contracts or credit card receipts, the individual
must show that the signature is not his or her own Of course, someone who is planning to
perform this type of attack, might make the signature look wrong in the first place
Electronic Information
Electronic information may be more susceptible to a repudiation attack than information
in physical form Electronic documents can be created and sent to others with little or no
proof of the identity of the sender For example, the “from” address of an e-mail can be
changed at will by the sender There is little or no checking done by the electronic mail
system to verify the identity of the sender
Trang 6The same is true for information sent from computer systems With few exceptions, any computer system can take on any IP address Thus, it is possible for a computer sys-tem to masquerade as another syssys-tem
NOTE: This is a very simplified example One system can take on the IP address of another if it is on
the same network segment Taking on the IP address of another system across the Internet is not easy and does not provide a true connection
Denying an event in the electronic world is much easier than in the physical world Documents are not signed with handwritten signatures and credit card receipts are not signed by the customer Unless a document is signed with a digital signature, there is nothing to prove that the document was agreed to by an individual Even with digital sig-natures, a person could say that the signature was somehow stolen or that the password protecting the key was guessed Since there is very little proof to link the individual to the event, denying it is much easier
Credit card transactions are also easier to deny in the electronic world There is no sig-nature on the receipt to match against the cardholder’s sigsig-nature There may be some proof if the goods were sent to the cardholder’s address But what if the goods were sent somewhere else? What proof is there that the cardholder was actually the person who purchased the goods?
Trang 7CHAPTER 3
Information Security Services
27
Copyright 2001 The McGraw-Hill Companies, Inc Click Here for Terms of Use