Introduction to attacks
Any computer connected to a computing network is potentially vulnerable to an attack.
An "attack" is the exploitation of a flaw in a computing system (operating system, software program or user system) for purposes that are not known by the system operator and that are generally harmful.
Attacks are always taking place on the internet, at a rate of several attacks per minute on each connected machine. These attacks are mostly launched automatically from infected machines (by viruses, Trojan horses, worms, etc.) without their owner's knowledge. In rarer cases, they are launched by computer hackers.
In order to block these attacks, it is important to be familiar with the main types of attacks so as to set up preventive measures.
Attacks may be launched for various reasons:
- to obtain access to the system;
- to steal information, such as industrial secrets or intellectual property;
- to gather personal information about a user;
- to retrieve bank account information;
- to get information about the organization (the user's company, etc.);
- to disrupt the proper functioning of a service;
- to use the user's system as a "bounce" for an attack;
- to use the resources of the user's system, particularly when the network on which it is located has a high bandwidth.
Types of attacks
Computer systems use a variety of a components, ranging from electricity to power the machines to the software program executed via the operating system and that uses the network.
Attacks may occur at each link of this chain, as long as there is an exploitable vulnerability. The outline below briefly reviews the various levels that present a security risk:
Risks may be categorized as follows:
- Physical access: this is a case where the attacker has access to the premises, and maybe even to the machines:
- Power outage
- Manual shutdown of the computer
- Opening of the computer's case and theft of the hard drive
- Monitoring of network traffic
- Communication interception:
- Session hijacking
- Identity spoofing
- Re-routing or alteration of messages
- Denials of service: these are attacks aiming to disrupt the proper functioning of a service. Denials of service are usually broken down as follows:
- Exploitation of TCP/IP protocol weaknesses
- Exploitation of server software vulnerabilities
- Port scanning
- Elevation of privilege: this type of attack involves exploiting a vulnerability in an application by sending a specific request, not planned by its designer, generating abnormal behavior that sometimes leads to system access with application rights. Buffer overflow attacks use this principle.
- Malicious attacks (viruses, worms and Trojan horses)
- Social engineering: In the majority of cases the weakest link is the user himself! It is often the user who, out of ignorance or by dupery, will open a flaw in the system by giving information (password for example) to the hacker or by opening an attachment. In this case, no protective devices can protect the user against spoofing - only common sense, reason and some basic information about the various practices used can help avoiding making mistakes!
- Trapdoors: these are backdoors hidden in a software program giving future access to its designer.
For all this, programming errors contained in programs are usually corrected fairly quickly by their designer as soon as the vulnerability is published. It is therefore up to administrators (or well-informed personal users) to keep informed about updates to the programs they use in order to limit risks of attacks.
Morever, there are a certain number of devices (firewalls, intrusion detection systems, antiviruses) that make it possible to add an additional security level.
An computer system's security is generally called "asymmetric" insofar as the hacker has to find only one vulnerability to compromise the system, while it is in the administrator's best interest to correct all of its flaws.
When launching an attack, the hacker is always conscious of the risk of getting caught, which is why hackers generally privilege bounce attacks (as opposed to direct attacks), which involve attacking a machine via another machine so as to hide traces that could lead back to the said hacker (such as his/her IP address) and with the goal of using the machine's resources as a bounce.
This shows the value of protecting your network or personal computer - you may end up as the "accomplice" to an attack and if the victim files a complaint, the first person questioned will be the owner of the machine that was used as a bounce.
With the development of wireless networks, this type of scenario could become more and more common since wireless networks are not very secure and hackers located nearby can use them to launch attacks!