This chapter is from the book
This chapter is from the book
This chapter is from the book
Security Architecture Threats
Just as in most other chapters of this book, this one also reviews potential threats and vulnerabilities. Anytime a security professional makes the case for stronger security, there will be those that ask why such funds should be spent. It’s important to point out not only the benefits of good security, but also the potential risks of not implementing good practices and procedures. We live in a world of risk. As security professionals, we need to be aware of these threats to security and understand how the various protection mechanisms discussed throughout this chapter can be used to raise the level of security. Doing this can help build real defense in depth.
Buffer Overflow
Buffer overflows occur because of poor coding techniques. A buffer is a temporary storage area that has been coded to hold a certain amount of data. If additional data is fed to the buffer, it can spill over or overflow to adjacent buffers. This can corrupt those buffers and cause the application to crash or possibly allow an attacker to execute his own code that he has loaded onto the stack. Ideally, programs should be written to check that you cannot stuff 32 characters into a 24-character buffer; however, this type of error checking does not always occur. Error checking is really nothing more than making sure that buffers receive the type and amount of information required. Here is an example buffer overflow:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int abc()
{
char buffer[8];
strcpy(buffer, "AAAAAAAAAA";
return 0;
}
For example, in 2010, the Aurora exploit was developed to cause a buffer overflow against Windows XP systems running Internet Explorer. As a result of the attack, attackers could take control of the client system and execute commands remotely.
The point here is that the programmer’s work should always be checked for good security practices. Due diligence is required to prevent buffer flows. Continuous coder training is key here to keep abreast of ongoing threats and a changing landscape. All data being passed to a program should be checked to make sure that it matches the correct parameters. Defenses for buffer overflows include code reviews, using safe programming languages, and applying patches and updates in a timely manner.
Back Doors
Back doors are another potential threat to the security of systems and software. Back doors, which are also sometimes referred to as maintenance hooks, are used by programmers during development to allow easy access to a piece of software. Often these back doors are undocumented. A back door can be used when software is developed in sections and developers want a means of accessing certain parts of the program without having to run through all the code. If back doors are not removed before the release of the software, they can allow an attacker to bypass security mechanisms and access the program.
Asynchronous Attacks
Asynchronous attacks are a form of attack that typically targets timing. The objective is to exploit the delay between the time of check (TOC) and the time of use (TOU). These attacks are sometimes called race conditions because the attacker races to make a change to the object after it has been changed but before the system uses it.
As an example, if a program creates a date file to hold the amount a customer owes and the attacker can race to replace this value before the program reads it, he can successfully manipulate the program. In reality, it can be difficult to exploit a race condition because a hacker might have to attempt to exploit the race condition many times before succeeding.
Covert Channels
Covert channels are a means of moving information in a manner in which it was not intended. Covert channels are a favorite of attackers because they know that you cannot deny what you must permit. The term was originally used in TCSEC documentation to refer to ways of transferring information from a higher classification to a lower classification. Covert channel attacks can be broadly separated into two types:
- Covert timing channel attacks—Timing attacks are difficult to detect and function by altering a component or by modifying resource timing.
- Covert storage channel attacks—These attacks use one process to write data to a storage area and another process to read the data.
Here is an example of how covert channel attacks happen in real life. Your organization has decided to allow ping (Internet Control Message Protocol [ICMP]) traffic into and out of your network. Based on this knowledge, an attacker has planted the Loki program on your network. Loki uses the payload portion of the ping packet to move data into and out of your network. Therefore, the network administrator sees nothing but normal ping traffic and is not alerted, even though the attacker is busy stealing company secrets. Sadly, many programs can perform this type of attack.
Incremental Attacks
The goal of an incremental attack is to make a change slowly over time. By making such a small change over such a long period, an attacker hopes to remain undetected. Two primary incremental attacks include data diddling, which is possible if the attacker has access to the system and can make small incremental changes to data or files and a salami attack, which is similar to data diddling but involves making small changes to financial accounts or records.