Many approaches exist for an attacker to gain access to the system. One common requirement for all such approaches is that the attacker finds and exploits a system’s weakness or vulnerability.
Operating System Attacks
Today’s Operating Systems (OS) are loaded with features and are increasingly complex. While users take advantage of these features, they are prone to more vulnerabilities, thus enticing attackers. Operating systems run many services such as graphical user Interfaces (GUIs) that support applications and system tools and enable Internet access.
Extensive tweaking is required to lock them down. Attackers constantly look for OS vulnerabilities that allow them to exploit and gain access to a target system or network. To stop attackers from compromising the network, the system or network administrators must keep abreast of various new exploits and methods adopted by attackers, and monitor the networks regularly.
Some OS vulnerabilities include:
- Buffer overflow vulnerabilities
- Bugs in the operating system
- An unpatched operating system
Attacks performed at the OS level include:
- Exploiting specific network protocol implementations
- Attacking built-in authentication systems
- Breaking file-system security
- Cracking passwords and encryption mechanisms
Security misconfiguration or poorly configured security controls might allow attackers to gain unauthorized access to the system, compromise files, or perform other unintended actions.
Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result In illegal access or possible system takeover. Administrators should change the default configuration of the devices before deploying them in the production network.
To optimize the configuration of the machine, remove any unneeded services or software. Automated scanners detect missing patches, misconfigurations, use of default accounts, unnecessary services, and so on.
Software developers are often under intense pressure to meet deadlines, which can mean they do not have sufficient time to completely test their products before shipping them, leaving undiscovered security holes. This is particularly troublesome in newer software applications that come with a large number of features and functionalities, making them more and more complex.
An increase in complexity means more opportunities for vulnerabilities. Attackers find and exploit these vulnerabilities in the applications using different tools and techniques to gain unauthorized access and steal or manipulate data.
Security is not always a high priority for software developers, and they handle it as an “add-on” component after release. This means that not all instances of the software will have the same level of security. Error checking in these applications can be very poor (or even nonexistent), which leads to:
- Buffer overflow attacks
- Denial-of-service attacks
- Sensitive information disclosure
- SQL injection attacks
- Cross-site scripting
- Session hijacking
- Parameter/form tampering
Shrink-Wrap Code Attacks
Software developers often use free libraries and code licensed from other sources in their programs to reduce development time and cost.
This means that large portions of many pieces of software will be the same, and if an attacker discovers vulnerabilities in that code, many pieces of software are at risk.
Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
The problem is that software developers leave the libraries and code unchanged. They need to customize and fine-tune every part of their code in order to make it not only more secure but different enough so that the same exploit will not work.
These are not all of the attacks that can be perform some other attacks can perform on the system in order to gain access.