This action might not be possible to undo. Are you sure you want to continue?
There are three identified classes of intruders: Masquerader: An individual who is not authorized to use the computerand who penetrates a system's access controls to exploit a legitimate user's account Misfeasor: A legitimate user who accesses data, programs, or resourcesfor which such access is not authorized, or who is authorized for such access but misuses his or her privileges. Clandestine user: An individual who seizes supervisory control of thesystem and uses this control to avoid auditing and access controls or to suppress audit collection The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine user can be either an outsider or an insider
Intruder attacks range from the benign to the serious. At the benign end of the scale, there are many people who simply wish to explore internets and see what is out there. At the serious end are individuals who are attempting to read privileged data, perform unauthorized modifications to data, or disrupt the system.
Intusion Detection The intruder can be identified and ejected from the system. An effective intrusion detection can prevent intrusions. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility. Characteristics ² Monitors the whole system or a part of it ² done before, during or after intrusion ² stealth or openly advertised ² alarms an administrator if suspicious activity is detected ² some systems perform automated resonses
The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system. Generally, this requires the intruder to acquire information that should have been protected. In some cases, this information is in the form of a user password. With knowledge of some other user's password, an intruder can log in to a system and exercise all the privileges accorded to the legitimate user. Typically, a system must maintain a file that associates a password with each authorized user. If such a file is stored with no protection, then it is an easy matter to gain access to it and learn passwords. The password file can be protected in one of two ways:
it is a tedious and easily countered means of attack.) Password Selection Strategies . 6. The password serves to authenticate the ID of the individual logging on to the system. When the user presents a password. (For example. y The ID determines the privileges accorded to the user. but in the background it also contained code to copy the password file. Try words in the system's online dictionary or a list of likely passwords. Social Security numbers. The first six methods are various ways of guessing a password. If one or both of these countermeasures are in place. 5. and room numbers. Exhaustively try all short passwords. Use a Trojan horse to bypass restrictions on access. Tap the line between a remote user and the host system. some effort is needed for a potential intruder to learn passwords. y The ID is used in what is referred to as discretionary access control. such as their full names. reports the following techniques for learning passwords: 1. (An example A low-privilege user produced a game program and invited the system operator to use it in his or her spare time. by listing the IDs of the other users. the system usually performs a one-way transformation (not reversible) in which the password is used to generate a key for the one-way function and in which a fixed-length output is produced. Many administrators do not bother to change these defaults. the system transforms that password and compares it with the stored value. a user may grant permission to them to read files owned by that user. and books in their office that are related to hobbies. into the user's file. 7. the Trojan horse. Password Management Password Protection The front line of protecting a system against intruders is the password system. Here. the names of their spouse and children. 2. Virtually all multi-user systems require that a user provide not only a name or identifier (ID) but also a password. Try default passwords used with standard accounts that are shipped with the system. If an intruder has to verify the guess by attempting to log in. which was unencrypted but access protected. 4. Try users' phone numbers. 3. The ID provides security in the following ways: y The ID determines whether the user is authorized to gain access to a system.) The eighth attack listed. Collect information about users. Try all legitimate license plate numbers for this state. it was able to gain access to the password file. Because the game was running under the operator's high-privilege mode.One-way communication or encryption of message: in this technique or way the system stores only the value of a function based on the user's password. line tapping. Access control: Access to the password file is limited to one or a very few accounts. is a matter of physical security. can be particularly difficult to counter. The seventh method of attack listed earlier. 8. The program did indeed play a game. On the basis of a survey of the literature and interviews with a number of password crackers. pictures in their office.
and those that are independent. then. password cracking is effectively impossible. But it would be almost as impossible for most users to remember their passwords. if users are assigned passwords consisting of eight randomly selected printable characters. There is good practice if we follow the password selection strategies while creating the user names and passwords. and backdoors are examples. Worms and zombie . At the other extreme. The former are essentially fragments of programs that cannot exist independently of some actual application program.Chapter IV Intruders Viruses and Related Threats Page 5 / 9 Malicious software can be divided into two categories: those that need a host program. logic bombs. is to eliminate guessable passwords while allowing the user to select a password that is memorable.Many users choose a password that is too short or too easy to guess. Fortunately. The latter are self-contained programs that can be scheduled and run by the operating system. utility. the size of the universe is still too large to permit practical cracking. Viruses. or system program. even if we limit the password universe to strings of characters that are reasonably memorable. Our goal. (SRSS) . Four basic techniques are in use: y User education y Computer-generated passwords y Reactive password checking y Proactive password checking Users can be told the importance of using hard-to-guess passwords and can be provided with guidelines for selecting strong passwords.
but it may also be quietly deleting the user's files. predating viruses and worms. The former are programs or fragments of programs that are activated by a trigger.Chapter IV Intruders Viruses and Related Threats Page 6 / 9 wish to gain special privileges or to avoid all the necessary setup and authentication. backdoors.programs are examples. or a particular user running the application. Examples are logic bombs. The backdoor is code that recognizes some special sequence of input or is triggered by being run from a certain user ID or by an unlikely sequence of events. To debug the program. program or command procedure containing hidden code that. such as a system login program. Examples of conditions that can be used as triggers for a logic bomb are the presence or absence of certain files. the developer may (SRSS) . Backdoor A backdoor.g. when executed. may produce one or more copies of itself to be activated later on the same system or some other system. Programmers have used backdoors legitimately for many years to debug and test programs. a particular day of the week or date. it is a secret entry point into a program that allows someone that is aware of the backdoor to gain access without going through the usual security access procedures. or a long setup. This Trojan horse can never be discovered by reading the source code of the login program. Backdoors become threats when unscrupulous programmers use them to gain unauthorized access. Once triggered. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. This usually is done when the programmer is developing an application that has an authentication procedure. We can also differentiate between those software threats that do not replicate and those that do. Viruses and worms are examples. cause a machine halt. a calculator program). and zombie programs. An example of a Trojan horse program that would be difficult to detect is a compiler that has been modified to insert additional code into certain programs as they are compiled. a bomb may alter or delete data or entire files. or apparently useful. when invoked. The backdoor was the basic idea for the vulnerability portrayed in the movie War Games. The code creates a backdoor in the login program that permits the author to log on to the system using a special password. is the logic bomb. Trojan Horses A Trojan horse is a useful. requiring the user to enter many different values to run the application. The latter consist of either a program fragment or an independent program that. also known as a trapdoor.. Another common motivation for the Trojan horse is data destruction. performs some unwanted or harmful function. or do some other damage. . The program appears to be performing a useful function (e. The logic bomb is code embedded in some legitimate program that is set to "explode" when certain conditions are met. Logic Bomb One of the oldest types of program threat.
The zombie is planted on hundreds of computers belonging to unsuspecting third parties. The typical virus becomes embedded in a program on a computer. Thus. the ability to access applications and system services on other computers provides a perfect culture for the spread of a virus. In a network environment. Zombies are used in denial-of-service attacks. the modification includes a copy of the virus program. Then. a fresh copy of the virus passes into the new program. .Zombie A zombie is a program that secretly takes over another Internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the zombie's creator. typically against targeted Web sites. The Nature of Viruses A virus is a piece of software that can "infect" other programs by modifying them. and then used to overwhelm the target Web site by launching an overwhelming onslaught of Internet traffic. the infection can be spread from computer to computer by unsuspecting users who either swap disks or send programs to one another over a network. whenever the infected computer comes into contact with an uninfected piece of software. which can then go on to infect other programs.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.