User Tools

Site Tools


en:threats:network:access:start
 
 

Access attacks

Access attack is a catch-all phrase that includes many forms of unauthorised access of computer resources. An access attack could be an external individual adversary, or a group that uses various methods to gain entry to a network and then steals information or destroys resources. An access attack could also be an insider getting into areas they are not authorised for.

A decade ago, common attacks against access control were dictionary attacks, brute force attacks and spoofing (login) screens. To defend from these type of attacks, people were harassed by security policies to use long and complex passwords that needed changing every so often and users were locked out after so many logon attempts. Defence from spoofed logon screens was considered almost unavoidable if the fake logon screen had already been installed on a computer, which meant focus shifted to securing vulnerable endpoints, such that fake logon screens could not be employed. The number of end-points has exploded, and with main focus on new features that sell, so have their vulnerabilities.

In the contemporary context of network attacks, the first objective of an adversary is to gain initial access, for example by finding the encrypted password files on the server and decrypting them, brute forcing passwords or dictionary attacks, by phishing or pharming, or by credential stuffing. Several other less time-consuming methods also exist that allow for additional reconnaissance to scout out resources, IP addresses, and perhaps even a network discovery (mapping) program or a sniffer-type packet-capturing utility, to escalate privileges on hosts.

Mitigations

Password attacks

  • Use long and complex passwords which include 8-15 characters with a combination of different character types (lowercase letters, uppercase letters, special characters, and numbers) will help (makes brute-force and dictionary attacks time-consuming and less attractive).
  • Implement hashtag algorithms with enough bits to make collision discovery infeasible (birthday attacks).

Sniffing

  • Sniffers can not analyse encrypted data
  • Intrusion detection systems can alert administrators to know when a sniffer is capturing data.

Phishing forms

  • Social engineering awareness training
  • Analysing inbound emails for known malicious links/email attachments and picking up on indicators for both known malware and zero-day threats.

 
 
en/threats/network/access/start.txt · Last modified: 2019/11/21 13:10 by Digital Dot