• Choose a category
• All
• Classic-Fiction

Goals Attackers Try to Achieve

Security consists of four basic elements:

■ Confidentiality

■ Authenticity

■ Integrity

■ Availability

A hacker's goal is to exploit vulnerabilities in a system or network to find a weakness in one or more of the four elements of security. In performing a DoS attack, a hacker attacks the availability elements of systems and networks. Although a DoS attack can take many forms, the main purpose is to use up system resources or bandwidth. A flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to legitimate users of the system. Although the media focuses on the target of DoS attacks, in reality such attacks have many victims-the final target and the systems the intruder controls.

Another name for a cracker is a malicious hacker.

Information theft, such as stealing passwords or other data as it travels in cleartext across trusted networks, is a confidentiality attack, because it allows someone other than the intended recipient to gain access to the data. This theft isn't limited to data on network servers. Laptops, disks, and backup tapes are all at risk. These company-owned devices are loaded with confidential information and can give a hacker information about the security measures in place at an organization.

Bit-flipping attacks are considered integrity attacks because the data may have been tampered with in transit or at rest on computer systems; therefore system administrators are unable to verify the data is as it the sender intended it. A bit-flipping attack is an attack on a cryptographic cipher: The attacker changes the ciphertext in such as a way as to result in a predictable change of the plaintext, although the attacker doesn't learn the plaintext itself. This type of attack isn't directly against the cipher but against a message or series of messages. In the extreme, this can become a DoS attack against all messages on a particular channel using that cipher. The attack is especially dangerous when the attacker knows the format of the message. When a bit-flipping attack is applied to digital signatures, the attacker may be able to change a promissory note stating "I owe you $10.00" into one stating "I owe you $10,000."

MAC address spoofing is an authentication attacks because it allows an unauthorized device to connect to the network when MAC filtering is in place, such as on a wireless network. By spoofing the MAC address of a legitimate wireless station, an intruder can take on that station's identity and use the network.

Security, Functionality, and Ease of Use Triangle

As a security professional, it's difficult to strike a balance between adding security barriers to prevent an attack and allowing the system to remain functional for users. The security, functionality, and ease of use triangle is a representation of the balance between security and functionality and the system's ease of use for users (see Figure 1.3). In general, as security increases, the system's functionality and ease of use decrease for users.

FIGURE 1.3 Security, functionality, and ease of use triangle

In an ideal world, security professionals would like to have the highest level of security on all systems; however, sometimes this isn't possible. Too many security barriers make it difficult for users to use the system and impede the system's functionality. Suppose that in order to gain entry to your office at work, you had to first pass through a guard checkpoint at the entrance to the parking lot to verify your license plate number, then show a badge as you entered the building, then use a passcode to gain entry to the elevator, and finally use a key to unlock your office door. You might feel the security checks were too stringent! Any one of those checks could cause you to be detained and consequently miss an important meetingfor example, if your car was in the repair shop and you had a rental car, or you forgot your key or badge to access the building, elevator, or office door.

Defining