Misconfigurations
Although exploits feature heavily in security related news, far moresuccessful attacks are conducted by abusing common
misconfigurations in network services. Network services should
always be configured with a “deny access by default” policy. The
opposite is often the case, which results in a number of services being
vulnerable to malicious attack.
Access controls on network services often lead to further privilege
escalation and eventual compromise of the system. This was illustrated
by the recent successful attack on the Apache web site. The attackers
exploited a poorly configured ftp server, which allowed write access to
the web site. This in turn allowed them to run a script, via the web and
gain remote root access to the system.
By default, certain products, such as Checkpoint's Firewall-1, are
installed with settings that open them up to security vulnerabilities and
have to be specifically reconfigured to ensure their secure operation.
Abuse of Trust
Early networking protocols did not place a lot of emphasis onencryption and authentication, as they were used in relatively small
networks. As these networks and systems formed part of the Internet, it
became possible to exploit weaknesses in these protocols.
An example is the use of a source IP address as the means of
establishing a trust relationship between two systems. Common attacks
exploit this weakness by spoofing the address of the trusted host and
thereby gain access to the trusting system and its resources. Typical
examples are NFS and the “r” utilities (rsh, rlogin).
No comments:
Post a Comment