Information Technology Reference
In-Depth Information
incidental victim. For example, anti-virus software is a standard IA mechanism
that provides a safeguard against viruses traversing the Internet. Also, a firewall is
a standard IA mechanism that provides safeguards against network-probing tools
that require minimal knowledge to operate. A key data point here is that the sophis-
tication of the attacks is increasing while the knowledge level of the attackers is not.
This is due to the increasing availability of sophisticated attack tools that require
little advanced technical knowledge; i.e., a point-and-click hacker toolkit.
13.5.2
Adversary Methods
An attack method is a systematic procedure employed by an attacker against infor-
mation or information technology. Attack methods include computer system pen-
etration and programmatic attacks of malicious code, mobile code, and denial of
service. Programmatic attacks may be automated where they are set to initiate an
attack without manual intervention. Programmatic attacks may also be interac-
tive where intent and intelligence guide the systemic assaults. Interactive attacks
provide opportunity to modify tactics on the fly as defenses are encountered or
breached. Surveillance tools provide the ability for wiretapping, wireless tapping,
and eavesdropping on live or transmitted communications.
13.5.2.1
Computer System Penetration
A security breach may result in information disclosure, resource theft, data cor-
ruption, forgery, denial of service, or rendering the resource unusable. There are
two general methods for computer system penetration:
nontechnical
and
technical
.
Nontechnical methods include social engineering, which is manipulating a person
to gain access to the desired resources. Corporate espionage is another nontechnical
penetration method. Corporate espionage may recruit existing employees or insert
spies as new hires. Technical methods include wiretapping, data leaking, network
sniffing, wireless signal interception, electrical pulse detection (e.g., fluctuations on
an electrical line or video display updates), Trojans, and much more.
IA defense mechanisms are likewise nontechnical and technical; nontechnical
includes preparation measures like security policies and employee awareness train-
ing. Technical includes defense-in-depth as appropriate to the technical infrastruc-
ture, for example:
n
−
Perimeter network boundary
Boundary between public (e.g., Internet) and public servers (e.g., Web,
e-mail)
External boundary
Boundary between internal network (e.g., internal users) and unsecured
external network (e.g., Internet)
n
−
