网络安全-18：入侵者幻灯片.ppt

* * * * Knowing the standard attack methods is a key element in limiting your vulnerability. The basic aim is to gain access and/or increase privileges on some system. The basic attack methodology list is taken from McClure et al Hacking Exposed. A basic technique for gaining access is to acquire a user (preferably administrator) password, so the attacker can login and exercise all the access rights of the account owner. * Password guessing is a common attack. If an attacker has obtained a poorly protected password file, then can mount attack off-line, so target is unaware of its progress. Some O/S take less care than others with their password files. If have to actually attempt to login to check guesses, then system should detect an abnormal number of failed logins, and hence trigger appropriate countermeasures by admins/security. Likelihood of success depends very much on how well the passwords are chosen. Unfortunately, users often don’t choose well (see later). * There is also a range of ways of capturing a login/password pair, from the low-tech looking over the shoulder, to the use of Trojan Horse programs (eg. game program or nifty utility with a covert function as well as the overt behaviour), to sophisticated network monitoring tools, or extracting recorded info after a successful login - say from web history or cache, or last number dialed memory on phones etc. Need to educate users to be aware of whose around, to check they really are interacting with the computer system (trusted path), to beware of unknown source s/w, to use secure network connections (HTTPS, SSH, SSL), to flush browser/phone histories after use etc. * Inevitably, the best intrusion prevention system will fail. A system’s second line of defense is intrusion detection, which aims to detect intrusions so can: block access minimize damage if detected quickly; act as deterrent given chance of being caught; or can collect info on intruders to improve future security. Intrusion detection is ba