CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [40]
■ What happens to sensitive information that’s printed? Is it shredded or just tossed in the wastebasket? Who collects the trash—a contracted service provider or the city?
■ Crucial data, such as backup sets, are stored off-site. Where are they stored? Would it be easier to break in and get that data than to break into the network? How many people know where the backup sets are?
These are a few of the questions you must ask as an administrator in order to keep your data safe. Your answers can help you determine whether you need to make the workplace more secure. Throughout this book, I’ll introduce topics for you to think about and apply to your own environment.
Recognizing Modification and Repudiation Attacks
Modification attacks involve the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. These attacks can be hard to detect. They’re similar to access attacks in that the attacker must first get to the data on the servers, but they differ from that point on. The motivation for this type of attack may be to plant information, change grades in a class, fraudulently alter credit card records, or something similar. Website defacements are a common form of modification attack; they involve someone changing web pages in a malicious manner.
A variation of a modification attack is a repudiation attack. Repudiation attacks make data or information appear to be invalid or misleading (which can be even worse). For example, someone might access your e-mail server and send inflammatory information to others under the guise of one of your top managers. This information might prove embarrassing to your company and possibly do irreparable harm. Repudiation attacks are fairly easy to accomplish because most e-mail systems don’t check outbound mail for validity. Repudiation attacks, like modification attacks, usually begin as access attacks.
The opposite of repudiation is nonrepudiation. When you purchase something from an online vendor, the vendor often asks for information—such as the PIN on your credit card, not just the credit card number—to prove that you are who you say you are. By proving your identity, the company has nonrepudiated evidence that the sale is valid.
A common type of repudiation attack involves a customer who claims that they never received a service for which they were billed. In this situation, the burden of proof that the information used to generate the invoice is accurate is on the company. If an external attacker has modified the data, verifying the information may be difficult.
Identifying Denial-of-Service and Distributed Denial-of-Service Attacks
Denial-of-service (DoS) attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers. DoS attacks are common on the Internet, where they have hit large companies such as Amazon, Microsoft, and AT&T. These attacks are often widely publicized in the media. Most simple DoS attacks occur from a single system, and a specific server or organization is the target.
There isn’t a single type of DoS attack, but a variety of similar methods that have the same purpose. It’s easiest to think of a DoS attack by imagining that your servers are so busy responding to false requests that they don’t have time to service legitimate requests. Not only can the servers be physically busy, but the same result can occur if the attack consumes all the available bandwidth.
Several types of attacks can occur in this category. These attacks can deny access to information, applications, systems, or communications. A DoS attack on an application may bring down a website while the communications and systems continue to operate. A DoS attack on a