Explain what are inside attacks and also explain intrusion?

Inside attacks: among most difficult to detect and prevent

  1. employees have access & systems knowledge
  2. may be motivated by revenge / entitlement
    • when employment terminated
    • taking customer data when move to competitor
  3. IDS / IPS may help but also need:
    • least privilege, monitor logs, strong authentication, termination process to block access & mirror data

Insider Behavior Example: create network accounts for themselves and their friends

    1. access accounts and applications they wouldn’t normally use for their daily jobs
    2. e-mail former and prospective employers
    3. conduct furtive instant-messaging chats
    4. visit web sites that cater to disgruntled employees, such as f’dcompany.com
    5. perform large downloads and file copying
    6. access the network during off hours.

Intrusion Techniques: aim to gain access and/or increase privileges on a system

  1. often use system / software vulnerabilities
  2. key goal often is to acquire passwords
    • so then exercise access rights of owner
  3. basic attack methodology
    • target acquisition and information gathering
    • initial access
    • privilege escalation

Password Guessing: one of the most common attacks

  1. attacker knows a login (from email/web page etc)
  2. then attempts to guess password for it
    • defaults, short passwords, common word searches
    • user info (variations on names, birthday, phone, common words/interests)
    • exhaustively searching all possible passwords
  3. check by login or against stolen password file
  4. success depends on password chosen by user
  5. surveys show many users choose poorly

Password Capture: Another attack involves password capture

    • watching over shoulder as password is entered
    • using a trojan horse program to collect
    • monitoring an insecure network login
      • eg. telnet, FTP, web, email
    • extracting recorded info after successful login (web history/cache, last number dialed etc)
  1. using valid login/password can impersonate user
  2. users need to be educated to use suitable precautions/countermeasures

Leave a Reply

Your email address will not be published. Required fields are marked *