COMPUTER AND NETWORK ATTACKS

Read and memorize the following words:

 

malicious attack –злонамеренная атака

unauthorized individual – неправомочный индивидуум

to gain access – получить доступ

ultimate goal – окончательная цель

without the appropriate authorization–без соответствующего разрешения

rough attempt –грубая попытка

software patch –«заплата» программного обеспечения

bug – ошибка, сбой в программе

to prevent further spreading of the virus –предотвратить дальнейшее распространение вируса

to be error prone – быть склонным к ошибке

temporary file – временный файл

to fill –заполнять

fake bank website – поддельный банковский сайт

to make any fraudulent transactions– cовершать любые мошеннические сделки.

 

Computer or network attacks are a rather broad definition but its main concept of a computer or network attack is a malicious attack directed against services the computer system or network providers. Examples of computer/network attacks are viruses, worms, DoS attacks, use of a system by an unauthorized individual, probing of a system to gather information, or a physical attack against computer hardware. The ultimate goal for an attacker is to gain access to a computer system or network without the appropriate authorization. To get a filling how many different kinds of attack techniques there are and the complexity of some attacks to exploit a computer system or network a rough attempt to categories some of the computer/network attacks are listed down below. Remark, this is NOT all kind of attacks that are possible to use to compromise a computer system/network. There are a finite number of more types of attack techniques that could be used for compromising a computer or network.

Social engineering:

An attacker use deception to gain access to a computer system trough social contacts or technologies. The attacker fools authorized/unauthorized user/users to gain information (passwords, file names, configurations, security policies, etcetera) who he/she dose not have the right to have. For example, a social engineer can call an individual on the telephone impersonating that he/she is from the IT-department and explains for the user that a virus has attack the Local Area Network (LAN) and that the user must install a software patch provided by the attacker to prevent further spreading of the virus. The user thinks he/she helps the "network administrator" but instead he/she provides the social engineer an attack opportunity. The provided software patch is a Trojan horse who the attacker can exploit.

Implementation bug:

Software is programmed usually by human beings who are error prone. Software can contain million lines of code which can contain bugs that an attacker can exploit to gain unauthorized access to a computer system. Some examples of software bugs are buffer overflows, race condition, format string errors, SQL injection, and mishandle of temporary files.

Abuse of feature:

Some legitimate actions can lead to system failures if they are put to the extreme. Examples include opening hundreds of telnet connections to a machine to fill its process table, or filling up a mail spool with junk e-mail.

System misconfiguration:

Many attacks are exploited through misconfiguration of systems and/or services. The network administrator forgets to shut down services that are not in use on a server such as Simple Network Management Protocol (SNMP), Network Virtual Terminal Protocol (Telnet), and File Transfer Protocol (FTP), etcetera. The default configuration of some systems includes a "guest" account that is not protected with a password. Access Control Lists (ACL) is in the security policies, but the router is not configured for it.

Masquerading:

In some cases, it is possible to fool a system into giving access by misrepresenting oneself. An example is sending a Transmission Control Protocol/Internet Protocol (TCP/IP) packet that has a forged source address (IP spoofing) that makes the packet appear to come from a trusted host. Another example of masquerading is an attacker can put up a fake bank website and entices user to that website. User types in his/her password, and the attacker in turn uses it to access the bank's real website. Done right, the user will never realize that he/she is not at the bank's website. Then the attacker can disconnect the user and make any fraudulent transactions he/she wants, or passes along the user's banking transactions while making his/her own transactions at the same time. This type of masquerading is called fishing and is getting more and more popular for attackers every day.

 

Questions:

What areexamples of computer/network attacks?

What is ultimate goal for an attacker?

What is Social engineering?

Give examples of software bugs.

What type of masquerading is called fishing and is getting more and more popular for attackers every day?