Security pages‎ > ‎

Confidentiality Attacks and Countermeasures

Access control is implemented to protect the integrity and confidentiality components of the CIA Triad. Like most other types of attacks, access control attacks can be divided into passive and active attacks.

Passive attacks do not affect the target and the target is unaware of the attacks. Examples of a passive attack are:

  • Sniffing to record captured frames
  • Eavesdropping
  • Emanations detection
  • Wiretapping

Active attacks do affect the target and the target is aware of the attack. Examples of active attacks are:

  • Hacking into a network
  • Phishing
  • Spoofing
  • Social engineering
  • Hijacking (intercepting and altering communications)

Attacks on integrity attempt to change the information within the system so that it is no longer accurate or reliable. Examples of two types of attacks on integrity are listed in the following table:

Attack Description
Data diddling A data diddling attack involves an attacker changing the information in a database. In a data diddling attack:
  • The attacker gains access to the database.
  • The attacker modifies data in the database.
  • Future database transactions use the inaccurate information.
Salami attack A salami attack is collecting small amounts of data in order to build something of greater value and involves an attacker changing the information in a database. The attacker steals a little bit at a time over a long period of time from a large number of transactions. In a salami attack, the attacker:
  • Gains access to the database.
  • Modifies a calculation to round down.
  • Sends the remainder to the attacker's account.

Countermeasures for all integrity attacks are:

  • Disable all services that are not explicitly required.
  • Install security patches for applications as soon as they are available.
  • Audit logs and audit log review to identify unauthorized activity especially in databases.
  • Install anti-virus and anti-spyware.
  • Scan for malware code.
  • For developer-installed backdoors, disable them, change the defaults, or block access.
  • For malicious, user-installed backdoors, use access control management and controlled software deployment.
  • For device backdoors, maintain physical access control.
  • Implement strict coding standards to eliminate the potential for weaknesses.

The following table identifies automated access control attacks that affect confidentiality.

Attack Description
Hacking of a network Hacking of a network attacks allow an attacker to exploit system vulnerabilities, elevate privilege, and introduce new vulnerabilities that allow the attacker greater access to systems and data on the network. Three types of hackers are:
  • A white-hat hacker explores other people's computer system with no ill-intent. Sometimes white-hat hackers notify the system owner of vulnerabilities and/or notify software vendors of security holes in programs.
  • A prankster hacker uses access into the system to conduct pranks, but intends no long-term harm or loss.
  • A malicious hacker or cracker hacks into a system with the intent to cause loss or harm.
Man-in-the-middle A man-in-the-middle attack involves an attacker intercepting a transmission. The attacker captures data and then has three options for handling the transmission:
  • Keep the transmission without forwarding it to the original recipient.
  • Send the original transmission on the original recipient.
  • Change the data and send it to the original recipient.
Session hijacking In session hijacking, the attacker impersonates the destination device or session. Users might authenticate to the attacker system, or the attacker might intercept a current session and impersonate the original destination computer.

Implement time stamps, packet sequencing, anti-IP spoofing, and continuous or mutual authentication as countermeasures.

DNS poisoning DNS poisoning is a process in which an attacker alters records in a DNS database so that a legitimate Web URLs point to a fraudulent Web site. In a DNS poisoning attack:
  • The attacker gains access to a DNS database.
  • The attacker replaces a valid URL with the URL of a fraudulent Web site.
  • In attempting to access the valid Web site, the target is directed to the fraudulent site.
  • The fraudulent Web site requests the target to provide sensitive information.
Implement Domain Name System Security (DNSSec) as a countermeasure if it is available. DNSSec is a new security policy that uses digital signatures on all DNS information flow including zone transfers, registrations, and resolutions.

The following table lists various attacks that are targeted at gathering information, either from employees, systems, or other mechanisms.

Attack Description
Disclosure Disclosure is the release of sensitive data to an unauthorized source. Disclosure can be an accidental leak of information by an employee or it can be unauthorized and malicious in nature. Examples of unauthorized disclosure include:
  • Keystroke monitoring which involves capturing the keystrokes of an authorized user for analysis. Keystrokes can be monitored using a software application or using a hardware device.
  • Lost or stolen devices.
  • Eavesdropping on a dialogue.
  • Data not destroyed on reused objects such as a hard drive or optical disks.
  • Attacks categorized as social engineering.
Conduct user awareness training to so that employees understand the importance of confidentiality and recognize social engineering and other types of physical attacks. Ensure that the organization's administrative policy emphasizes the confidentiality of sensitive data throughout all levels and functions of the organization.
Inference and traffic analysis Inference and traffic analysis involves drawing conclusions from a single piece of data. In this type of attack:
  • The attacker analyzes data and reaches conclusions that are very different from the information originally presented.
  • The information can be obtained by legal or illegal means.

Countermeasures include:

  • Polyinstantiation which means having a different version of the truth to account for the information.
  • Traffic padding which involves releasing information or performing tasks that appear to be significant but are not. It is intended to mislead potential attackers.
Aggregation attack An aggregation attack involves drawing conclusions from several pieces of information. In an aggregation attack:
  • None of the pieces of information analyzed independently reveal significant information.
  • As the attacker aggregates the information, the attacker may be able to reach conclusions that are otherwise unavailable.
  • The information can be obtained by legal or illegal means.

The countermeasures are the same as inference and traffic analysis.

Targeted data mining Targeted data mining is the process of retrieving sensitive information from a database. In a targeted data mining attack:
  • The attacker gains access to a database.
  • The attacker searches the database, locating and capturing targeted sensitive information.