Previous Table of Contents Next


Browsing

Browsing is going through the network to look at available, public, accidentally, and erroneously available data in search of something of value. Specifically, in an attack sense, this search method looks for special data that will reduce the cost of an attack against other nodes. For example, many systems implement or provide directory services. These directory services return the names of enrolled users, i.e., user identifiers. The information returned by these public services is used by the attacker to identify targets and thereby reduce the cost of attack. Attackers also use browsing to identify and download attack programs.

Exhaustion

When confronted with good security and when all other attacks fail, an attacker can always fall back on trying all possible combinations of data (e.g., user identifiers and passwords) until he or she finds one that gets through. Traditional systems resisted such attacks by disconnecting disorderly devices (i.e., devices that failed to successfully logon). Because the Internet is a broadcast network, there is no connection to break. A system must look at every packet addressed to it and make a determination as to what to do with it. It is possible to spread the attack over time or across addresses so as to disguise the attack as errors or noise.

Denial of Service

Denial of service attacks are those that cause failures by overloading or consuming all available resources. On the Internet, this class of attack includes “spamming” or overloading a target with unwanted traffic. Although the target is not damaged in any permanent way, it may be unable to provide critical services to those intended to use it.

DEFENDING AGAINST ATTACKS ON THE INTERNET

A vast number of options exist that the implementers, operators, and users of the net can do to limit these vulnerabilities and the attacks against them. However, in considering them, keep in mind that these vulnerabilities are fundamental to the nature of the Internet. The only way to eliminate all of the risk is to either eliminate the Internet or alter it so fundamentally that it will lose its identity. Clearly, neither of these options are viable. Rather, the defenses should be balanced against the vulnerabilities so as to preserve essential trust. Discussions of some broad categories of defense mechanisms follow in the subsequent section.

Isolation and Compartmentation

Of course, the most obvious defense against network attacks is simply not to attach, to connect, or to participate in a network. Not only is this defense effective, it is also demonstrable to the satisfaction of third parties. However, the value of the security obtained rarely compensates for the lost value of connecting or participating in a network. Moreover, it has often been said that sensitive defense systems are safe because they are not connected to public networks.

Because the value of connecting to a network is high and because the cost of that connection is low, isolation is difficult to maintain. Even a very small system or a single desk-top workstation can form a connection between networks.

Policies

In the presence of known connections, people can provide protection. They can recognize attacks and take timely and appropriate action. However, for this to be effective, it must be planned and pervasive. If management wishes to rely on individuals’, in advance, it must tell them what action to take. A policy is an expression of management’s intention. It should contain a recapitulation of the user behavior that management relies on. It should also clearly delineate the responsibilities of employees and managers. Finally, it should specifically address the responsibility to report anomalies.

Bastions

Bastions are “projecting” fortifications. They are strong systems that can be seen from the outside (i.e., the public network), but which are designed to resist attack (e.g., by recognizing only a very limited repertoire of application specific commands). Bastions normally hide the generality and flexibility of their operating systems from the network. A full-function gateway system that can be seen from the public network is called a bastion host. Such a gateway must be able to protect itself from its traffic. Finally, because most protective mechanisms can be bypassed or circumvented, all applications and services that can be seen from the network should be able to resist their traffic.

Filters

Filters are processes that pass some traffic while rejecting some other traffic. The intent is to pass safe traffic and to resist attack traffic. Filters may operate on headers or content. Many filters operate on the basis of the origin address in the header. They pass traffic that appears to have originated on recognized or trusted systems. They may also operate on a combination of origin, protocol, and destination. For example, they may pass mail traffic from unknown origins to the mail port on the post office machine and reject outside traffic addressed to the Telnet port on the same machine. Filters are important. For further information see the subsequent section.

Wrappers

Wrappers are proxy programs or processes. They can be viewed as traffic filtering programs. They are designed to protect the target from unintended traffic, known attacks, or to compensate for known weaknesses. They often assume the name of the process that they are intended to protect (i.e., common functions or known targets). For example, suppose that a privileged program is known to have a flaw or an escape mechanism that can be exploited by a packet or a message. A wrapper can be given the name of that program, placed ahead of it in the search order, and used to protect against messages of the dangerous form. After eliminating all messages of the dangerous form, the remainder are passed to the “wrapped” program as normal.

Using a wrapper is a preferable alternative and it presents a lower risk to cure a vulnerability than patching or replacing the vulnerable program. They have been employed to great advantage in Unix systems in which it is often easier to use the wrapper than to find out whether the particular version of Unix or one of its subsystems that is being used has a particular problem. The most famous wrappers are a collection known as COPS. These are used to protect Unix systems from a set of known attacks and vulnerabilities.


Previous Table of Contents Next

Copyright © CRC Press LLC