Classification of Computer Attacks
When we say "computer attack," we mean programs run by people to gain unauthorized control over a computer. These attacks take a variety of forms but generally fall in the following categories:
- Remote Penetration: Programs that go out on the Internet (or network) and gain unauthorized control of a computer.
- Local Penetration: Programs that gain unauthorized access to the computer on which they are run.
- Remote Denial of Service: Programs that go out on the Internet (or network) and shut down another computer or a service provided by that computer.
- Local Denial of Service: Programs that shut down the computer on which they are run.
- Network Scanners: Programs that map out a network to figure out which computers and services are available to be exploited
- Vulnerability Scanners: Programs that scour the Internet looking for computers vulnerable to a particular type of attack.
- Password Crackers: Programs that discover easy-to-guess passwords in encrypted password files. Computers can now guess passwords so quickly that many seemingly complex passwords can be guessed.
- Sniffers: Programs that listen to network traffic. Often these programs have features to automatically extract usernames, passwords, or credit card information.
Statistical Sampling of Publicly Available Computer Attacks In 1998, NIST categorized and analyzed 237 computer attacks that were published on the Internet out of an estimated 400 published attacks. This sample yielded the following statistics:
- Statistic: 29% of attacks can launch from Windows hosts Lesson: One does not need to understand Unix to be dangerous anymore. We are in an era of "point and click" attacks.
- Statistic: 20% of attacks are able to remotely penetrate network elements (e.g., routers, switches, hosts, printers, and firewalls) Lesson: Attacks that give remote users access to hosts are not rare.
- Statistic: 3% of the attacks enable Web sites to attack those who visited the site. Lesson: Surfing the Web is not a risk-free activity.
- Statistic: 4% of attacks scan the Internet for vulnerable hosts Lesson: Automated scanning attack tools, which find easily compromised hosts, abound. System administrators, with management concurrence or with professional assistance, should scan their own systems regularly before someone else does.
- Statistic: 5% of attacks are effective against routers and firewalls.
Lesson: The Internet infrastructure components themselves are vulnerable to attack. (To the computer industry's credit, most attacks were denial of service and scanning and only a few were penetration attacks.) The Most Popular Attacks on the Internet In March 1999, the most popular attacks (or vulnerable applications) found by NIST were Sendmail, ICQ, Smurf, Teardrop, IMAP, Back Orifice, Netbus, WinNuke, and Nmap.
These are discussed on the next page -->
No Comments for this page.
||Rating of 5 ( Votes)