1.2 Information Security Threats and Attack Vectors

Motives, Goals, and Objectives of Information Security Attacks

  • Attacks = Motive (Goal) + Method + Vulnerability

    Windows XP和Flash即是常見的Vulnerabilities

  • A motive originates out of the notion that the target system stores or processes something valuable and this leads to threat of an attack on the system.
  • Attackers try various tools and attack techniques to exploit vulnerabilities in a computer system or security policy and controls to achieve their motives.

    目標存在或執行有價值的東西,攻擊者利用exploit vulnerabilities來攻擊以達成他們的動機或目的

  • Motives Behind Information Security Attacks:
    • Disrupting business continuity
    • Information theft
    • Manipulating data
    • Creating fear and chaos by disrupting critical infrastructures
    • Propagating religious or political beliefs
    • Achieving state's military objectives
    • Damaging reputation of the target
    • Taking revenge

Top Information Security Attack Vectors

  • Cloud Computing Threats:
    • Cloud computing is an on-demand delivery of IT capabilities where sensitive data of organization's and clients is stored.
    • Flaw in one client's application cloud allow attackers to access other client's data.
  • Advanced Persistent Threats: APT is an attack that focus on stealing information from the victim machine without the user being aware of it.

    持續性的:低調、緩慢、無時間概念

  • Viruses and Worms: Viruses and worms are the most prevalent networking threat that are capable of infecting a network within seconds.

    virus會經由夾帶在其它程式來自我複製。worm是惡意程式,它是經由網路來散播、複製與執行。

  • Mobile Threats: Focus of attackers has shifted to mobile devices due to the increased adoption of mobile devices for business and personal purposes and comparatively lesser security controls.
  • Botnet: A botnet is a huge network of the compromised systems used by an intruder to perform various network attacks.

    Botnet是網路上大量被入侵的電腦,會被攻擊者來利用發動DDoS攻擊

  • Insider Attack: It is an attack performed on a corporate network or on a single computer by an entrusted person (insider) who has authorized access to the network.

Information Security Threat Categories

  • Network Threats:

    • Information gathering
    • Sniffing and eavesdropping
    • Spoofing
    • Session hijacking and Man-in-the-Middle attack
    • DNS and ARP Poisoning
    • Password-based attacks
    • Denial-of-Service attack
    • Compromised-key attack
    • Firewall and IDS attacks

    從電腦與電腦間的通訊端進行的攻擊所造成的威脅

  • Host Threats:

    • Malware attacks
    • Footprinting
    • Password attacks
    • Denial-of-Service attacks
    • Arbitrary code execution
    • Unauthorized access
    • Privilege escalation
    • Backdoor attacks
    • Physical security threats

    針對有價值的特定主機進行攻擊所造成的威脅

  • Application Threats:

    • Improper data/Input validation
    • Authentication and Authorization attacks
    • Security misconfiguration
    • Information disclosure
    • Broken session management
    • Buffer overflow attacks
    • Cryptography attacks
    • SQL injection
    • Improper error handling and exception management

    應用程式的漏洞使得攻擊者能夠利用所造成的威脅

Types of Attacks on a System

  • Operating System Attacks:

    • Attackers search for vulnerabilities in an operating system's design, installation or configuration and exploit them to gain access to a system.
    • OS Vulnerabilities: Buffer overflow vulnerabilities, bugs in operating system, unpatched operating system, etc.

    攻擊者找尋作業系統或OS Level的漏洞來存取系統權限,例如Buffer overflow、作業系統的bug、未更新作業系統、特定的網路協定漏洞、攻擊系統權限、破壞file-system、破解密碼和加密機制。

  • Misconfiguration: Attacks Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.

    錯誤配置設定造成攻擊者能夠未授權取得系統權限。

    修改系統預設值,移除或關閉不必要的服務。

  • Application-Level Attacks:

    • Attackers exploit the vulnerabilities in applications running on organizations' information system to gain unauthorized access and steal or manipulate data.
    • Application Level Attacks: Buffer overflow, cross-site scripting, SQL injection, man-in-the-middle, session hijacking, denial-of-service, etc.

    利用應用程式的漏洞取得未授權存取權限並竊取或修改資料。

    攻擊方式有Buffer overflow, Sensitive information disclosure, XSS, session hijacking, man-in-the-middle, denial-of-service attacks, SQL injection attacks, Phishing, Parameter/form tampering, Directory traversal attacks.

    將session ID放在cookie裡而不是URL可防止session hijacking

    Denial-of-Service是對目標電腦/網路做大量的存取資源,使得合法使用者無法使用。可使用finally做例外處理。

  • Shrink-Wrap Code Attacks: Attackers exploit default configuration and settings of the off-the-shelf libraries and code.

    軟體開發者使用的free libraries若存在漏洞,造成所有開發者的軟體都有漏洞,因此使用時必須要修改並調整程式碼內容,使得沒有exploit可正常利用。

Information Warfare

  • The term information warfare or InfoWar referes to the use of information and communication technologies (ICT) to take competitive advantages over an opponent.
  • Defensive Information Warfare: It refers to all strategies and actions to defend against attacks on ICT assets.
    • Prevention
    • Deterrence
    • Alerts
    • Detection
    • Emergency Preparedness
    • Response
  • Offensive Information Warfare: It refers to information warfare that involves attacks against ICT assets of an opponent.
    • Web Application Attacks
    • Web Server Attacks
    • Malware Attacks
    • MITM Attacks
    • System Hacking

資訊戰武器像是有viruses, worms, Trojan horses, logic bombs, trap doors, nano machines nad microbes, electronic jamming和penetration exploits and tools.

資訊戰可分為:Command and control warefare (C2 warfare), Intelligence-based warfare, Electronic warfare, Psychological warfare, Hacker warfare, Economic warfare, Cyberwarfare.

results matching ""

    No results matching ""