Previous Table of Contents Next


Every node on the Internet has a system manager or privileged user. This user is not subject to any controls intended to ensure that users and their systems are orderly and well-behaved. In single user systems, the only user is a peer of the privileged user in the multi-user system. That user is assumed to have the same motivation, training, and supervision as the manager of a multi-user system. The vast number of such users ensures that at least some of them will be disorderly and unreliable. Because they are all peers and because the systems are peer connected, it makes little difference which of them are trustworthy.

The Internet is so large and complex that no one, not the designers, not the implementers, not the operators, and not the users, fully apprehends it, much less comprehends it. Everyone are the blind men. Nonetheless, its immense scope and size make it unlikely that it will ever be perfect. Attackers look on it as a “target rich” environment. Although most nodes on the network are implemented, configured, and operated so as to resist attack, the great number of them ensures that there will always be some that are vulnerable to attack.

Finally, two of the vulnerabilities on the Internet, insecure links and insecure nodes, are fundamental. In other words, they are inherent to the Internet, nature, use, intent, or at least its history. Contrary to popular belief, they are not the result of errors, flaws, or failures on the part of the designers, implementers, or operators of the network. Rather, these insecure links and nodes are the result of attempts to have the greatest chance of getting a message from point A to point Bin the least amount of time. They are never going to go away; it is not simply a matter of time. Indeed, at least for the next five years, they are likely to get worse. That is, vulnerabilities will be increase faster than the ability to fix them. Moreover, the number of insecure links and nodes in the network are both growing at a much faster rate than the number of secure ones. This vulnerability is certain and extremely resistant to change.

ATTACKS ON THE INTERNET

The conditions for a successful attack include necessary access, special knowledge, work, and time. Because of its nature, all of these things are somewhat more available on the Internet than on other networks. Because the Internet is open, almost anyone can gain access. Most of the special knowledge in the world is recorded, encapsulated, and available on the Internet, mostly for the taking; although. Every now and then permission is required. Even much of the necessary work to launch a successful attack has been encapsulated in computer programs. Thus, they can be perpetrated by those who lack skill and special knowledge and who are not prepared to do the work themselves.

Eavesdropping

As packets move through the net, they can be observed by privileged users of the nodes or by using special equipment to listen in on the links. These attacks are easily automated.

Packet and Password Grabbers

A packet grabber is an automated eavesdropping attack, a program that copies packets as they move through an intermediate node (i.e., a node between the origin and destination). A password grabber is a special case of a packet grabber that identifies and stores for later use user IDs and passwords as they pass through an intermediate node. Because, at least as a general rule, unprivileged processes cannot look at traffic in transit, password grabbers must be installed by privileged users. However, recent experience suggests that they are often placed in penetrated systems. Writing password grabbers requires special knowledge and work. However, now, so many copies of those programs exist that the attack can be used even by those without the knowledge and not prepared to do the work. The Internet has so may password grabbers that passwords in the clear are not sufficiently reliable for commercial or other sensitive applications, and the problem moves from the category of an attack to that of a pervasive problem.

Address Spoofing

The origin address on the IP packet is not reliable. The sending system can set this address to any value that it wishes. Nonetheless, by convention and for convenience, many systems rely on this address to determine where a packet came from and to decide how to treat it. Packets carrying the origin address of recognized systems may be treated as though they had originated on a trusted system. Again, with sufficient work and knowledge, it is possible to write a program to exploit this trust. Toolkits for building this kind of attack have been written and distributed within the hacker community.

Trojan Horses

A Trojan Horse attack is in one in which a hostile entity, for example, armed warriors, is concealed inside a benign or trusted one, for example a gift horse, to get it through a protective barrier or perimeter, in the original case, the walls of the city of Troy. In computer science, it usually refers to a malicious program included in another program or even in data. Although most systems are vulnerable to this kind of attack to some degree or another, and it has always been a concern, until the proliferation of desktop computers and viruses, it was not a problem.

As previously discussed, both node-to-node connectivity and trust and open file systems make the Internet particularly vulnerable. Trojan Horses can and do travel over any of the popular protocols and in any of the popular object types. For example, they can travel in files over FTP, as documents over MIME, or in arbitrary objects called by HTML scripts fetched from WWW servers by browsers. Although some browsers and interpreters (e.g., HotJava) are designed to resist such attacks, most are not. Even in situations in which the browser or interpreter is resistant, it is always possible to dupe some users in a large population.

Trojan Horses are easily executed because they have attractive names or descriptions or the names of frequently used programs. They may require a minimum of user cooperation. For example, the PRANK (virus) was implemented as an MS Word macro and could spread in any Word document. Simply asking Word to open an infected document would contaminate that copy of Word and any document that it subsequently opened. If an infected document were attached to an E-mail message, an act as simple as double clicking the icon for the document would be sufficient to execute the macro. Because such a macro can contain and call an arbitrary program, there is no limit to the sophistication of the program or the contamination it can cause.

Trojan Horse attacks are of special concern on the Internet because they compromise trust of end-point nodes, of the net, and of applications on the net.


Previous Table of Contents Next

Copyright © CRC Press LLC