Identifying Threats and Vulnerabilities in Home Internet Connection

Abstract

Without safety efforts and controls set up, your information may be subjected to an attack. A few attacks are latent, which means data is observed; others are dynamic, which means the data is modified with plan to degenerate or devastate the information or the system itself.

Your systems and information are helpless against any of the accompanying kinds of attacks on the off chance that you don’t have a security design set up.

You can assemble Threats into classifications to enable you to figure these sorts of pointed inquiries. One model you may discover valuable is STRIDE, gotten from an acronym for the accompanying six risk classes.

STRIDE

Spoofing identity. An example of identity spoofing is illegally accessing and then using another user’s authentication information, such as username and password. Tampering with data. Data tampering involves the malicious modification of data. Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet.

Repudiation.

Repudiation threats are associated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Nonrepudiation refers to the ability of a system to counter repudiation threats. For example, a user who purchases an item might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that the user did receive the package. Information disclosure. Information disclosure threats involve the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers.

Denial of service

Denial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. You must protect against certain types of DoS threats simply to improve system availability and reliability.

Elevation of privilege

In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed.

Common Types of Network Attacks

Eavesdropping

In general, most system communications happen in an unsecured or “cleartext” format, which permits an attacker who has accessed information ways in your system to “listen in” or interpret (read) the movement. At the point when an attacker is eavesdropping on your communication, it is alluded to as sniffing or snooping. The capacity of an eavesdropper to monitor the system is for the most part the greatest security issue that executives look in an undertaking. Without solid encryption benefits that depend on cryptography, your information can be perused by others as it navigates the system.

Data Modification

After an attacker has perused your information, the following legitimate step is to change it. An attacker can modify the information in the packet without the knowledge of the sender or receiver. Regardless of whether you don’t require confidentiality for all communications, you don’t want any of your messages to be altered in travel. For example, if you are trading buy orders, you don’t need the things, sums, or charging data to be adjusted.

Identity Spoofing (IP Address Spoofing)

Most networks and operating systems utilize the IP address of a PC to distinguish a substantial element. In specific cases, it is feasible for an IP address to be falsely assumed—identity spoofing. An attacker may likewise utilize exceptional programs to develop IP packets that seem to begin from legitimate locations inside the corporate intranet.

After gaining access to the system with a substantial IP address, the assailant can adjust, reroute, or erase your information. The attacker can likewise direct different kinds of attacks, as described in the following sections.

Password-Based Attacks

A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password.

Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.

When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.

After gaining access to your network with a valid account, an attacker can do any of the following:

Obtain lists of valid user and computer names and network information. Modify server and network configurations, including access controls and routing tables. Modify, reroute, or delete your data.

Denial-of-Service Attack

Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.

After gaining access to your network, the attacker can do any of the following:

Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion. Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services. Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Block traffic, which results in a loss of access to network resources by authorized users.

Man-in-the-Middle Attack

As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.

Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information. This attack is capable of the same damage as an application-layer attack, described later in this section.

Compromised-Key Attack

A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.

An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack with the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.

Sniffer Attack

A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted, and the attacker does not have access to the key.

Using a sniffer, an attacker can do any of the following:

Analyze your network and gain information to eventually cause your network to crash or to become corrupted. Read your communications.

Application-Layer Attack

An application-layer attack targets application server by deliberately causing a fault in a server’s operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:

Read, add, delete, or modify your data or operating system. Introduce a virus program that uses your computers and software applications to copy viruses throughout your network. Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network. Abnormally terminate your data applications or operating systems. Disable other security controls to enable future attacks.

The least complex approach to apply the STRIDE model to your Home Internet connection is to consider how each of the dangers in the model influences Internet connection. Basically, you look at each part Connection and decide if any dangers that fall into the S, T, R, I, D, or E classifications above exist for that component or process. Most parts will have various threats, and it is vital that you record every one of them.

Following are some sample threats to an Internet Connection.

Threat #1 A malicious user views or tampers with personal profile data en route from the Web server to the client or from the client to the Web server. (Tampering with data/Information disclosure)

Threat #2 A malicious user views or tampers with personal profile data en route from the Web server to the COM component or from the component to the Web server. (Tampering with data/Information disclosure)

Threat #3 A malicious user accesses or tampers with the profile data directly in the database. (Tampering with data/Information disclosure)

Threat #4 A malicious user views the Lightweight Directory Access Protocol (LDAP) authentication packets and learns how to reply to them so that he can act “on behalf of” the user. (Spoofing identity/Information disclosure/Elevation of privilege [if the authentication data used is that of an administrator])

Threat #5 A malicious user defaces the Web server by changing one or more Web pages. (Tampering with data)

Threat #6 An attacker denies access to the profile database server computer by flooding it with TCP/IP packets. (DoS)

Threat #7 An attacker deletes or modifies the audit logs. (Tampering with data/Repudiation)

Threat #8 An attacker places his own Web server on the network after killing the real Web server with a distributed DoS attack. (Spoofing identity; in addition, a particularly malicious user could instigate all threat categories by stealing passwords or other authentication data, deleting data, and so on.)