1.2 Information Security Threats and Attack Vectors
Motives, Goals, and Objectives of Information Security Attacks
- Attacks = Motive (Goal) + Method + Vulnerability
Windows XP和Flash即是常見的Vulnerabilities
- A motive originates out of the notion that the target system stores or processes something valuable and this leads to threat of an attack on the system.
- Attackers try various tools and attack techniques to exploit vulnerabilities in a computer system or security policy and controls to achieve their motives.
目標存在或執行有價值的東西,攻擊者利用exploit vulnerabilities來攻擊以達成他們的動機或目的
- Motives Behind Information Security Attacks:
- Disrupting business continuity
- Information theft
- Manipulating data
- Creating fear and chaos by disrupting critical infrastructures
- Propagating religious or political beliefs
- Achieving state's military objectives
- Damaging reputation of the target
- Taking revenge
Top Information Security Attack Vectors
- Cloud Computing Threats:
- Cloud computing is an on-demand delivery of IT capabilities where sensitive data of organization's and clients is stored.
- Flaw in one client's application cloud allow attackers to access other client's data.
- Advanced Persistent Threats: APT is an attack that focus on stealing information from the victim machine without the user being aware of it.
持續性的:低調、緩慢、無時間概念
- Viruses and Worms: Viruses and worms are the most prevalent networking threat that are capable of infecting a network within seconds.
virus會經由夾帶在其它程式來自我複製。worm是惡意程式,它是經由網路來散播、複製與執行。
- Mobile Threats: Focus of attackers has shifted to mobile devices due to the increased adoption of mobile devices for business and personal purposes and comparatively lesser security controls.
- Botnet: A botnet is a huge network of the compromised systems used by an intruder to perform various network attacks.
Botnet是網路上大量被入侵的電腦,會被攻擊者來利用發動DDoS攻擊
- Insider Attack: It is an attack performed on a corporate network or on a single computer by an entrusted person (insider) who has authorized access to the network.
Information Security Threat Categories
Network Threats:
- Information gathering
- Sniffing and eavesdropping
- Spoofing
- Session hijacking and Man-in-the-Middle attack
- DNS and ARP Poisoning
- Password-based attacks
- Denial-of-Service attack
- Compromised-key attack
- Firewall and IDS attacks
從電腦與電腦間的通訊端進行的攻擊所造成的威脅
Host Threats:
- Malware attacks
- Footprinting
- Password attacks
- Denial-of-Service attacks
- Arbitrary code execution
- Unauthorized access
- Privilege escalation
- Backdoor attacks
- Physical security threats
針對有價值的特定主機進行攻擊所造成的威脅
Application Threats:
- Improper data/Input validation
- Authentication and Authorization attacks
- Security misconfiguration
- Information disclosure
- Broken session management
- Buffer overflow attacks
- Cryptography attacks
- SQL injection
- Improper error handling and exception management
應用程式的漏洞使得攻擊者能夠利用所造成的威脅
Types of Attacks on a System
Operating System Attacks:
- Attackers search for vulnerabilities in an operating system's design, installation or configuration and exploit them to gain access to a system.
- OS Vulnerabilities: Buffer overflow vulnerabilities, bugs in operating system, unpatched operating system, etc.
攻擊者找尋作業系統或OS Level的漏洞來存取系統權限,例如Buffer overflow、作業系統的bug、未更新作業系統、特定的網路協定漏洞、攻擊系統權限、破壞file-system、破解密碼和加密機制。
Misconfiguration: Attacks Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.
錯誤配置設定造成攻擊者能夠未授權取得系統權限。
修改系統預設值,移除或關閉不必要的服務。
Application-Level Attacks:
- Attackers exploit the vulnerabilities in applications running on organizations' information system to gain unauthorized access and steal or manipulate data.
- Application Level Attacks: Buffer overflow, cross-site scripting, SQL injection, man-in-the-middle, session hijacking, denial-of-service, etc.
利用應用程式的漏洞取得未授權存取權限並竊取或修改資料。
攻擊方式有Buffer overflow, Sensitive information disclosure, XSS, session hijacking, man-in-the-middle, denial-of-service attacks, SQL injection attacks, Phishing, Parameter/form tampering, Directory traversal attacks.
將session ID放在cookie裡而不是URL可防止session hijacking
Denial-of-Service是對目標電腦/網路做大量的存取資源,使得合法使用者無法使用。可使用
finally
做例外處理。Shrink-Wrap Code Attacks: Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
軟體開發者使用的free libraries若存在漏洞,造成所有開發者的軟體都有漏洞,因此使用時必須要修改並調整程式碼內容,使得沒有exploit可正常利用。
Information Warfare
- The term information warfare or InfoWar referes to the use of information and communication technologies (ICT) to take competitive advantages over an opponent.
- Defensive Information Warfare: It refers to all strategies and actions to defend against attacks on ICT assets.
- Prevention
- Deterrence
- Alerts
- Detection
- Emergency Preparedness
- Response
- Offensive Information Warfare: It refers to information warfare that involves attacks against ICT assets of an opponent.
- Web Application Attacks
- Web Server Attacks
- Malware Attacks
- MITM Attacks
- System Hacking
資訊戰武器像是有viruses, worms, Trojan horses, logic bombs, trap doors, nano machines nad microbes, electronic jamming和penetration exploits and tools.
資訊戰可分為:Command and control warefare (C2 warfare), Intelligence-based warfare, Electronic warfare, Psychological warfare, Hacker warfare, Economic warfare, Cyberwarfare.