Access attacks, as the name implies, are a form of network attack and involve the unauthorized use of a target machine or machines.The means by which an intruder gains access to infras- tructure are typically specific to the exploitable vulnerabilities present in operating systems, application software, or physical protection mechanisms. Often these vulnerabilities are discovered by hackers during previous reconnaissance attacks.
Access attacks can be manual or automated and may be composed of unstructured or structured threats. Generally, access attacks can be categorized into three forms of unauthorized activity, as follows:
- Data Retrieval
- System access
- Privilege escalation
The sophistication of access attacks has increased as hackers have become more proficient with tools and more knowledgeable about vulnerabilities. Often, these forms of attack are combined to enlarge the scope and severity of an assault.
The first form of access is unauthorized data retrieval in which information is read, copied or moved on a system. Data retrieval access attacks are common from internal threats and are largely the result of poorly configured file and direc- tory permissions. For instance, world readable Windows file shares or Unix NFS directories are relatively simple ways unauthorized users can gain access to poten- tially sensitive data such as accounting or human resources information. In this example, use of proper mounting or access permissions and even encryption could prevent such access.
System access occurs when an intruder has operating system level or actual login access to a device. Such unauthorized access could be achieved through weak or non-existent passwords or through known exploits against operating system vulnerabilities. Many secondary attacks could result from unauthorized system access. For example, compromised machines could be used to target other machines on the network. Or, once a hacker obtains system access, he or she could attempt privilege escalation.
Attaining higher privileges on a system allows hackers to perform far more dan- gerous actions. Once an intruder has system access as previously described, they often seek super user or root privileges to install Trojan code or create backdoors for future covert access. Privilege escalation is often acquired via operating system or application vulnerabilities such as buffer overflow attacks. Once a system has been compromised in this manner, it is completely at the control of an attacker.
Published on Mon 01 December 2014 by Anthony Smith in Security with tag(s): access attacks