types of attacks

  






Logical Threats - Types of Attacks Logical

Threats The communication protocols used lack (mostly) security or this has been implemented in the form of a "patch" after its creation.

  There are security holes in operating systems. 
 There are security holes in the applications.
  There are errors in the configurations of the systems. 
 Users lack information on the subject.

This list could continue to be extended as more elements of a Computer System are evaluated.

 The companies or organizations can not afford to report attacks to their systems, because the level of confidence of the clients (citizens) would decrease enormously.

The Administrators are increasingly aware of the security of their systems and fix the deficiencies detected by themselves. To this we must add the new security tools available in the market.

 The "advisories" (explanatory documents) on the new security holes detected and the way to solve them, launched by the CERT, have paid off. Access - Use - Authorization The identification of these words is very important since the use of some implies an inappropriate use of the others. Specifically "Access" and "Make Use" are not the same concept when studied from the point of view of a user and an intruder. For example: 

  When a user has authorized access, it implies that they have authorized the use of a resource.
   When an attacker has unauthorized access is making unauthorized use of the system.

   But, when an attacker makes unauthorized use of a system, this implies that the access was authorized (user simulation).

Then an Attack will be an attempt to access, or unauthorized use of a resource, whether satisfactory or not. An Incident involves a set of attacks that can be distinguished from another group by its characteristics (grade, similarity, techniques used, times, etc.).

John D. Howard (1) in his thesis studies the number of attacks that an incident can have. At the conclusion of this study and based on his experience in the laboratories of the CERT states that this amount varies between 10 and 1,000 and estimated that a reasonable number for studies is 100 attacks per incident.

Intrusion Detection At the end of 1996, Dan Farmer (creator of one of the most useful tools in the detection of intruders: SATAN) conducted a study on security analyzing 2,203 systems of sites on the Internet. The systems object of the study were Web Sites oriented to the commerce and with specific contents, besides a set of random computer systems with which to make comparisons.

The study was carried out using simple and non-intrusive techniques. Potential safety problems were divided into two groups: red (red) and yellow (yellow).

The problems of the red group are the most serious and assume that the system is open to a potential attacker, that is, has security problems known to be exploited. For example, a security problem for the red group is a computer that has the anonymous FTP service incorrectly configured. The security problems of the yellow group are less serious but also noteworthy. They imply that the detected problem does not immediately compromise the system but it can cause serious damage to it or that it is necessary to perform more intrusive tests to determine whether or not there is a red group problem.

 Table 7.1 summarizes the systems evaluated, the number of teams in each category and the percentages of vulnerability for each. Although the results are upper limits, they are still ... scandalous.



    Any teenager of 15 years (Script Kiddies), without great knowledge, but with a powerful and stable attack tool developed by the Gurus, is able to leave out of service any information server of any agency on the Internet, simply by following the instructions that accompany the tool.

The numbers that follow are not intended to alarm anyone or sow the seed of the future Hacker. Obviously the information can be used for less lawful purposes than for which it was thought, but this is something difficult to avoid

 It can be seen that only 0.70% (267) of the incidents were reported. Then, if in the year 2000 21,756 cases were reported, that is 3,064,225 incidents in that year. Note III: It can be observed that the reported incidents in 1997 with respect to the previous year are lower. This can be due to several causes:   

The companies or organizations can not afford to report attacks to their systems, because the level of confidence of the clients (citizens) would decrease enormously.   
        Administrators are increasingly aware of the security of their systems and fix the deficiencies detected by themselves. To this we must add the new security tools available in the market.

The "Advisories" (explanatory documents) on the new security holes detected and the way to solve them, launched by the CERT, have paid off.

Types of Attacks (read more)

Below are different types of attacks perpetrated, mainly, by Hackers. These attacks can be carried out on any type of network, operating system, using different protocols, etc. In the early days, the attacks involved little technical sophistication. The Insiders (operators, programmers, data entrys) used their permissions to alter files or registers. The Outsiders entered the network simply by finding out a valid password. Over the years, increasingly sophisticated forms of attack have developed to exploit "holes" in the design, configuration and operation of the systems.  

 Social engineering

     Reverse Social Engineering

   Trashing (Cartoneo)

   Monitoring Attacks 

  Authentication attacks 

  Denial of Service (DoS)
     Modification Attacks - Damage

Design, Implementation and Operation Errors

Many systems are exposed to security "holes" that are exploited to access files, obtain privileges or sabotage. These vulnerabilities occur for various reasons, and thousands of "invisible doors" are discovered (every day) in operating systems, software applications, network protocols, Internet browsers, email and all kinds of computer services available.

Open operating systems (such as Unix and Linux) have holes that are better known and controlled than those that exist in closed operating systems (such as Windows ©). The importance (and advantage) of open source lies in thousands of users analyze that code in search of possible bugs and help get solutions immediately.

We constantly find on the Internet notices of new discoveries of security problems (and Hacking tools that exploit them), so today it is also essential to have products that know these weaknesses, can diagnose them and update the affected program with the appropriate patch.

Implementation of Techniques Throughout my research I have collected different types of programs that are the application of the different techniques listed above. Most of them are easily found on the Internet in executable versions, and others are source code, generally in C, Java and Perl.


Each of the techniques explained (and more) can be used by an intruder in an attack. Then try to establish the order of use of them, but always stressing that an attack requires a lot of patience, imagination, accumulation of knowledge and experience (in most cases) by trial and error.

    Identification of the problem (victim): in this stage all the possible information of the victim is collected. The more information is accumulated, the more accurate and precise the attack will be, the easier it will be to eliminate the evidence and the more difficult it will be to trace it.
    Exploration of the chosen victim system: at this stage, information is collected on the victim's active systems, which are the most vulnerable and which are available. It is important to note that if the victim seems appropriate in the Identification stage, it does not mean that this is the case in this second stage.
    Enumeration: In this stage, active accounts and poorly protected shared resources will be identified. The difference with the previous stages is that here an active connection is established to the systems and the execution of directed consultations. These intrusions can (and should) be registered, by the system administrator, or at least detected and then blocked.
    Intrusion proper: at this stage the intruder knows perfectly the system and its weaknesses and begins to perform the tasks that led him to work, many times, for months.

Contrary to what is thought, systems are difficult to penetrate if they are well managed and configured. Occasionally the defects of the architecture of the systems provide easy access, but this can be, in most cases, remedied by applying the solutions found.

How to defend against these attacks?

Most of the attacks mentioned are based on design flaws inherent in the Internet (and its protocols) and operating systems used, so they are not "solvable" in a short period of time.

The immediate solution in each case is to stay informed about all types of attacks and the updates that are constantly being launched by software development companies, mainly operating systems.

The following are preventive measures. Measures that every network and administrator must know and deploy as soon as possible:

    Keep machines updated and physically safe
    Maintain personnel specialized in security issues (or outsource it).
    Although a machine does not contain valuable information, it must be borne in mind that it can be useful for an attacker, when it is used in a coordinated DoS or to hide its true address.
    Do not allow "broadcast" traffic from outside our network. In this way we avoid being used as "multipliers" during a Smurf attack.
    Filter Spoof IP traffic.
    Security audits and detection systems.
    Stay informed constantly about each of the vulnerabilities found and patches released. For this it is advisable to be subscribed to lists that provide this information service.
    Last, but perhaps most importantly, the user's ongoing training.