Some Example Network Attacks:

Some Example Network Attacks:

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

Because a network depends on the operating systems within the nodes in the network and the communications media between nodes, all of the attacks against operating systems and cryptosystems may be applied to networks. These attacks were, in many cases, enumerated in previous chapters, and will not be recapitulated here. In addition to those attacks, we describe here some of the more interesting threats to networks as they are implemented today.

Many current networks are designed as 'one big happy family' in which access to one machine implies access to most or all other machines. This essentially extends the protection problem of each system to that of the entire network, and in effect makes the entire network into a single operating system with distributed control. Since each system depends on the protection of all others, and protection of even a single system is a very difficult problem, these types of networks are extremely vulnerable.

Most current networks don't have access controls for information transmitted over the network, and therefore an attacker may be able to illicitly transmit, observe, and/or modify network information and therefore attain unlimited access. Where access controls are present, they tend to depend on unprotected identification and authentication information that can be easily observed.

Gateways are, in general, capable of communicating between networks of different characteristics, and therefore present a special threat in that they have the capability to bridge the gap between two independent networks and bring all of the insecurities of each to the other.

The virus attack is based on introducing a 'diseased' program into an environment. The diseased program (P) uses the privileges of any user using it (U) to grant the creator of the virus (C) all access rights of U, and to spread its disease to all of U's executable programs. Once U is 'infected', any other user using any of U's programs becomes infected, and so forth. In a network environment where many computers are able to communicate programs and data to each other, infection can spread to the transitive closure of information flow. A small study of ARPAnet, Ethernet, Kermit, and DECnet indicated that if a single computer on such a network is infected with a virus, the rest of the network may be easily compromised in a matter of days. This attack, which grants an unauthorized attacker all rights on all computers connected through networks, seems as dangerous as any non physical attack can be.