Common Flaws in the Security Architecture
Just as in other chapters of this book, this one starts by reviewing potential threats and vulnerabilities. The purpose of placing these sections at the beginning of each chapter is to drive home the point that we live in a world of risk. As security professionals, we need to be aware of these threats to security and understand how the various protection mechanisms discussed throughout the chapter can be used to raise the level of security. Doing this can help build real defense in depth.
Buffer Overflow
Buffer overflows occur because of poor coding techniques. A buffer is a temporary storage area that has been coded to hold a certain amount of data. If additional data is fed to the buffer, it can spill over or overflow to adjacent buffers. This can corrupt these buffers and cause the application to crash or possibly allow an attacker to execute his own code that he has loaded onto the stack.
As an example, Eeye Digital Security discovered a vulnerability with Microsoft's ISAPI filter extension used for Web-based printing back in 2001. The vulnerability occurred when a buffer of approximately 420 bytes was sent to the HTTP host for a .printer ISAPI request. As a result, attackers could take control of the web server remotely and make themselves administrator.
The point here is that the programmer's work should always be checked for good security practices. Due diligence is required to prevent buffer flows.
All data that is being passed to a program should be checked to make sure that it matches the correct parameters.
Back Doors
Back doors are another potential threat to the security of systems and software. Back doors, which are also sometimes referred to as maintenance hooks, are used by programmers during development to allow easy access to a piece of software. A back door can be used when software is developed in sections and developers want a means of accessing certain parts of the program without having to run through all the code. If back doors are not removed before the release of the software, they can allow an attacker to bypass security mechanisms and hack the program.
Asynchronous Attacks
Asynchronous attacks are a form of attack that typically targets timing. The objective is to exploit the delay between the time of check (TOC) and the time of use (TOU). These attacks are sometimes called race conditions because the attacker races to make a change to the object after it has been changed but before the system uses it.
As an example, if a program creates a date file to hold the amount a customer owes and the attacker can race to replace this value before the program reads it, he can successfully manipulate the program. In reality, it can be difficult to exploit a race condition because a hacker might have to attempt to exploit the race condition many times before succeeding.
Covert Channels
A covert channels is a means of moving information in a manner in which it was not intended. Covert channels are a favorite of attackers because they know that you cannot deny what you must permit. The term was originally used in TCSEC documentation to refer to ways of transferring information from a higher classification to a lower classification. Covert channel attacks can be broadly separated into two types:
- Covert timing channel attacks Timing attacks are difficult to detect and function by altering a component or by modifying resource timing.
- Covert storage channel attacks These attacks use one process to write data to a storage area and another process to read the data.
Here is an example of how covert channel attacks happen in real life. Your organization has decided to allow ping traffic into and out of your network. Based on this knowledge, an attacker has planted the Loki program on your network. Loki uses the payload portion of the ping packet to move data into and out of your network. Therefore, the network administrator sees nothing but normal ping traffic and is not alerted, all while the attacker is busy stealing company secrets. Sadly, many programs can perform this type of attack.
The CISSP exam expects you to understand the two types of covert channel attacks. |
Incremental Attacks
The goal of an incremental attack is to make a change slowly over time. By making such a small change over such a long period of time, an attacker hopes to remain undetected. Two primary incremental attacks include data diddling, which is possible if the attacker has access to the system and can make small incremental changes to data or files, and a salami attack, which is similar to data diddling but involves making small changes to financial accounts or records.
The attacks discussed are items that you can expect to see on the exam. |