Network Attacks
Network Attacks
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Problem:
In a computer network, it is usually very easy to lie about who
or where you are. for example, most networks use a node identification
number to determine whether another node has access rights to
information. By simply changing the node number in the configuration
phase, it is usually possible to forge an identity. Once a forged
machine identity is given, it is usually very simple to forge a Uid.
The way current peer networks are designed, once a remote machine is
identified, a peer across the network may get equivalent access in a
peer machine.
Prevention:
This sort of attack can be prevented by taking a very
conservative attitude towards networks. For example, you can prohibit
most network services, or control network services very tightly.
Requiring more authentication than modern networks require by default
also helps a lot.
Detection:
By using the Ps facility, you can detect the presence of processes
and how they are connected. Automated programs can be used to look for
patterns that tend to indicate excessive network behavior, and system log
files can be analyzed to detect external entries. If you have a very
restricted environment, this works well, but in many environments, the
usage patterns are not predictable enough to differentiate attacks from
legitimate access.
Cure:
The cure is a high degree of isolation from external systems.
Problem:
Any system connected to a network can potentially exploit packets
sent across the network. Any time a remote login is performed, a Uid
and password are sent over the network. In non-encrypted networks,
these packets can be observed, and access to the remote node can thus be
attained. The same is true for sensitive information. In fact, it is
quite simple for any node in a network to modify packets passing through
it (in a token ring architecture), or introduce packets into a sequence
of packets used to communicate between two other nodes. Finally, it is
very easy to deny services in most networks, either by creating a
network virus that consumes all of the network resources, or by logically
or physically overloading the network.
Prevention:
The best prevention against low level attacks of this sort is a
sound encryption and authentication standard in the network, and a set
of well designed network protocols. Unfortunately, most modern
networks have known problems in these areas, and a systems administrator
cannot easily change this.
Detection:
Some network attacks are easily detected, but as a rule, there
is no systematic way to tell that these attacks are taking place. One
technique that is used fairly widely is a program that tracks load
parameters and detects changes as an indicator of problems.
Cure:
In some cases, the only cure to these problems is a complete
shutdown and restart of the entire network. In other cases, even this
may not eliminate the problem.
Problem:
In peer networks, there are some rather complex protection
related problems that make network wide control very important. For
example, two well controlled nodes in a peer network may combine to
create an opening. If one node ($P$) uses physical access controls to
prevent system entry, and the other node ($L$) uses logical controls to
prevent entry, a maintenance person adjusting a printer on $L$ may
introduce a virus that enters $P$ over the network, and spreads back
to the $L$ via the peer equivalence of a user in both $L$ and $P$.
Prevention:
This sort of problem can only be prevented by prudent network
design and implementation, with a uniform network protection method and
an analytical basis for believing it will work properly.
Detection:
There is no systematic detection method.
Cure:
The cure is usually starting from scratch and designing the
network controls properly.
Problem:
File-servers are commonly used to share information between
computers in networks. Any protection problem in the server therefore
has the potential of causing network wide protection problems. For
example, a virus on a file-server will usually spread throughout the
network very quickly. A file-server failure might cause widespread denial
of access, or even make many of the systems in the network inoperable.
In essence, file-servers make all of the nodes in a network act as part
of a single larger timesharing system. This means that any problem in
one system is a problem in all of the systems.
Prevention:
The best way to assure that file-servers are not exploited is to
concentrate protection efforts there. This is simply a matter of spending
more on defense for systems with higher exposures.
Problem:
If file-servers help to spread problems in a local network,
gateways extend these problems to a still larger group of systems. The
protection advantage of gateways over file-servers, is that they usually
limit the interaction between their subscribers, whereas a file-server
acts to integrate the clients. The disadvantage is that anything that
can pass the gateway can potentially affect on a much larger set of
systems. For example, the `Internet Worm' of 1988 spread through
gateways, and thus affected about 60,000 systems. Another example was
the attack described in `The Coocoo's Egg', where an attacker used
legitimate access paths and guessed passwords to leap from machine to
machine across global networks.
Prevention:
Just as in the case of a file-server, the increased exposure of a
gateway should lead to increased expenditure on protection.