Access control is implemented to protect the integrity and
confidentiality components of the CIA Triad. Like most other types of attacks,
access control attacks can be divided into passive and active attacks.
Passive attacks do not affect the target and the target is unaware of
the attacks. Examples of a passive attack are:
- Sniffing to record captured frames
- Emanations detection
Active attacks do affect the target and the target is aware of the
attack. Examples of active attacks are:
- Hacking into a network
- Social engineering
- Hijacking (intercepting and altering communications)
Attacks on integrity attempt to change the information within the system so
that it is no longer accurate or reliable. Examples of two types of attacks on
integrity are listed in the following table:
||A data diddling attack involves an attacker changing the information
in a database. In a data diddling attack:
- The attacker gains access to the database.
- The attacker modifies data in the database.
- Future database transactions use the inaccurate information.
||A salami attack is collecting small amounts of data in order to build
something of greater value and involves an attacker changing the information in
a database. The attacker steals a little bit at a time over a long period of
time from a large number of transactions. In a salami attack, the attacker:
- Gains access to the database.
- Modifies a calculation to round down.
- Sends the remainder to the attacker's account.
Countermeasures for all integrity attacks are:
- Disable all services that are not explicitly required.
- Install security patches for applications as soon as they are available.
- Audit logs and audit log review to identify unauthorized activity especially
- Install anti-virus and anti-spyware.
- Scan for malware code.
- For developer-installed backdoors, disable them, change the defaults, or
- For malicious, user-installed backdoors, use access control management and
controlled software deployment.
- For device backdoors, maintain physical access control.
- Implement strict coding standards to eliminate the potential for weaknesses.
The following table identifies automated access control attacks that affect
|Hacking of a network
||Hacking of a network attacks allow an attacker to exploit system
vulnerabilities, elevate privilege, and introduce new vulnerabilities that allow
the attacker greater access to systems and data on the network. Three types of
- A white-hat hacker explores other people's computer system with no
ill-intent. Sometimes white-hat hackers notify the system owner of
vulnerabilities and/or notify software vendors of security holes in programs.
- A prankster hacker uses access into the system to conduct pranks, but
intends no long-term harm or loss.
- A malicious hacker or cracker hacks into a system with the
intent to cause loss or harm.
||A man-in-the-middle attack involves an attacker intercepting a
transmission. The attacker captures data and then has three options for handling
- Keep the transmission without forwarding it to the original recipient.
- Send the original transmission on the original recipient.
- Change the data and send it to the original recipient.
||In session hijacking, the attacker impersonates the destination device or
session. Users might authenticate to the attacker system, or the attacker might
intercept a current session and impersonate the original destination computer.
Implement time stamps, packet sequencing, anti-IP spoofing, and continuous or
mutual authentication as countermeasures.
||DNS poisoning is a process in which an attacker alters records in a
DNS database so that a legitimate Web URLs point to a fraudulent Web site. In a
DNS poisoning attack:
Implement Domain Name System Security (DNSSec) as a
countermeasure if it is available. DNSSec is a new security policy that uses
digital signatures on all DNS information flow including zone transfers,
registrations, and resolutions.
- The attacker gains access to a DNS database.
- The attacker replaces a valid URL with the URL of a fraudulent Web site.
- In attempting to access the valid Web site, the target is directed to the
- The fraudulent Web site requests the target to provide sensitive
The following table lists various attacks that are targeted at gathering
information, either from employees, systems, or other mechanisms.
||Disclosure is the release of sensitive data to an unauthorized
source. Disclosure can be an accidental leak of information by an employee or it
can be unauthorized and malicious in nature. Examples of unauthorized disclosure
Conduct user awareness
training to so that employees understand the importance of confidentiality and
recognize social engineering and other types of physical attacks. Ensure that
the organization's administrative policy emphasizes the confidentiality of
sensitive data throughout all levels and functions of the
- Keystroke monitoring which involves capturing the keystrokes of an
authorized user for analysis. Keystrokes can be monitored using a software
application or using a hardware device.
- Lost or stolen devices.
- Eavesdropping on a dialogue.
- Data not destroyed on reused objects such as a hard drive or optical disks.
- Attacks categorized as social engineering.
|Inference and traffic analysis
||Inference and traffic analysis involves drawing conclusions
from a single piece of data. In this type of attack:
- The attacker analyzes data and reaches conclusions that are very different
from the information originally presented.
- The information can be obtained by legal or illegal means.
- Polyinstantiation which means having a different version of the truth
to account for the information.
- Traffic padding which involves releasing information or performing
tasks that appear to be significant but are not. It is intended to mislead
||An aggregation attack involves drawing conclusions from several
pieces of information. In an aggregation attack:
- None of the pieces of information analyzed independently reveal significant
- As the attacker aggregates the information, the attacker may be able to
reach conclusions that are otherwise unavailable.
- The information can be obtained by legal or illegal means.
The countermeasures are the same as inference and traffic
|Targeted data mining
||Targeted data mining is the process of retrieving sensitive
information from a database. In a targeted data mining attack:
- The attacker gains access to a database.
- The attacker searches the database, locating and capturing targeted