Generally, there is a higher risk that an attacker will attempt to cause issues from within an organization than from outside it.
An attacker from the outside a system can enter through remote access entry points, firewalls and even web servers. This can be a physical break in, carry out social engineering attacks, and exploits via a partner communication paths. Insiders have legitimate reasons for using the systems and resources; however, misuse does occur and could launch an actual attack.
The danger of insiders is that they have already been given a wide range of access that a hacker would have to work to obtain; they probably have intimate knowledge of the environment; and, generally, they are trusted.
In the previous section, we discussed the different types of access control mechanisms. These served to keep outsiders out and restrict the insiders’ abilities to a minimum and audit their actions. Here we will look at some specific attacks commonly carried out in environments today by insiders or outsiders.
Dictionary Attacks
This type of program receives lists (dictionaries) of commonly used words or combinations of characters, and then compares these values to capture passwords. A program hashes these words and then compares the message with the system password file that stores passwords in a one-way hash format.
If a match is found, the program has uncovered a password. The dictionaries come with the password-cracking programs, and extra dictionaries can be found on several sites on the Internet.
Brute Force Attacks
Brute force is defined as multiple possible combinations until the correct one is identified. In a brute force password attack, the software tool sees the first letter and continues through the alphabet until that single value is uncovered. After, then the tool moves on to the second value. This continues until the access is created.
Spoofing at Logon
This program presents the user a fake log on screen, that tricks the user into attempting to log on. The user is asked for credentials such as a username and password, which are stored by the attacker to access at a later time. The user does not know this is not his usual logon screen because they look exactly the same. A fake error messages may appear, indicating that the user mistyped his credentials.
Phishing and Pharming
This is a type of social engineering designed to obtain personal information, credentials, credit card number, and financial data. The attackers lure, or fish, for sensitive data through various different methods.
0 comments:
Post a Comment