Chapter 2: Types of Attacks 21 MODIFICATION ATTACKS A modification attack is an attempt to modify information that an attacker is not autho - rized to modify. This attack can occur wherever the information resides. It may also be at - tempted against information in transit. This type of attack is an attack against the integrity of the information. Changes One type of modification attack is to change existing information, such as an attacker changing an existing employee’s salary. The information already existed in the organiza - tion but it is now incorrect. Change attacks can be targeted at sensitive information or public information. Figure 2-4. Interception using incorrect name resolution information Insertion Another type of modification attack is the insertion of information. When an insertion at - tack is made, information that did not previously exist is added. This attack may be mounted against historical information or information that is yet to be acted upon. For example, an attacker might choose to add a transaction in a banking system that moves funds from a customer’s account to his own. Deletion A deletion attack is the removal of existing information. This could be the removal of in - formation in a historical record or in a record that is yet to be acted upon. For example, an attacker could remove the record of a transaction from a bank statement (thus causing the funds that would have been taken from the account to remain). How Modification Attacks Are Accomplished As with access attacks, modification attacks can be performed against information in pa- per form or electronic form. Information on Paper Paper records can be difficult to modify without being detected. If documents are signed (such as contracts), care must be taken to re-create the signatures. If a large stapled or bound document is to be modified, the document must be reassembled so as to not show that it was modified. It is very difficult to insert or delete information from written transaction logs. Since the information in these logs is chronological, any attempt to add or remove entries would be noticed. In most cases, attempts to modify paper documents may best be accomplished by re - placing the entire document. Of course, this type of attack will require physical access to the documents. Electronic Information Modifying information in an electronic form is significantly easier than modifying informa - tion stored on paper. Assuming that the attacker has access to files, modifications can be made with little evidence. If the attacker does not have authorized access to the files, the at - tacker would first have to increase his access to the system or remove the permissions on the file. As with access attacks, the attacker could first execute an exploitation of a vulnerability on the computer system. Then, with the increased access, the file may be modified. Changes to database files or transaction queues must be performed carefully. In some cases, transactions are numbered sequentially and the removal or addition of an incorrect transaction number will trigger an alarm. In these cases, the attacker must make signifi - cant changes to the overall system to keep the changes from being detected. 22 Network Security: A Beginner’s Guide It is more difficult to successfully mount a modification attack of information in tran - sit. The best way to do this would be to first execute an interception attack against the traf - fic of interest and then change the information before passing it on to the destination. DENIAL-OF-SERVICE ATTACKS Denial-of-service (DoS) attacks are attacks that deny the use of resources to legitimate us - ers of the system, information, or capabilities. DoS attacks generally do not allow the at - tacker to access or modify information on the computer system or in the physical world. DoS attacks are nothing more than vandalism. Denial of Access to Information A DoS attack against information causes that information to be unavailable. This may be caused by the destruction of the information or by the changing of the information into an unusable form. This situation can also be caused if the information still exists but has been removed to an inaccessible location. Denial of Access to Applications Another type of DoS attack is to target the application that manipulates or displays infor- mation. This is normally an attack against a computer system running the application. If the application is not available, the organization cannot perform the tasks that are done by that application. Denial of Access to Systems A common type of DoS attack is to bring down computer systems. In this type of attack, the system along with all applications that run on the system and all the information that is stored on the system become unavailable. Denial of Access to Communications DoS attacks against communications have been performed for many years. This type of attack can range from cutting a wire, to jamming radio communications, to flooding net - works with excessive traffic. Here the target is the communications media itself. Normally, systems and information are left untouched but the lack of communications prevents access to the systems and information. How Denial-of-Service Attacks Are Accomplished DoS attacks are primarily attacks against computer systems and networks. This is not to say that there are no DoS attacks against information on paper, just that it is much easier to conduct a DoS attack in the electronic world. Chapter 2: Types of Attacks 23 Information on Paper Information that is physically stored on paper is subject to physical DoS attacks. To make the information unavailable, it must either be stolen or destroyed in place. Destruc - tion of the information can be accomplished intentionally or accidentally. For example, an attacker could shred paper records. If no other copies exist, the records are destroyed. Likewise, an attacker could set fire to a building that contains the paper records. This would destroy the records and deny the use of them to the organization. Accidental causes can have the same effect. For example, a fire might start due to faulty wiring or an employee might shred the wrong documents by mistake. In either case, the information is gone and thus is not available for the organization to use. Electronic Information There are many ways that information in electronic form can suffer a DoS attack. Infor - mation can be deleted in an attempt to deny access to that information. In order to be suc - cessful, this type of attack would also require that any backups of the information also be deleted. It is also possible to render information useless by changing the file. For example, an attacker could encrypt a file and then destroy the encryption key. In that way, no one could get access to the information in the file (unless a backup was available). Information in electronic form is susceptible to physical attacks as well. The computer system with the information could be stolen or destroyed. Short-term DoS attacks against the information can be made by simply turning off the system. Turning off the system will also cause a DoS against the system itself. Computer systems can also be crippled by DoS at- tacks aimed directly at the system. Several such attacks exist (either due to vulnerabilities in the operating systems or known protocol issues—see Chapter 13 for more details). Applications can be rendered unavailable through any number of known vulnerabili- ties. This type of vulnerability allows an attacker to send a predefined set of commands to the application that the application is not able to process properly. The application will likely crash when this occurs. Restarting the application restores service but the applica - tion is unavailable for the time it takes to restart. Perhaps the easiest way to render communications unusable is to cut the wire. This type of attack requires physical access to the network cables but as we have seen over time, backhoes make great DoS tools. Other DoS attacks against communications consist of send - ing extraordinarily large amounts of traffic against a site. This amount of traffic overwhelms the communications infrastructure and thus denies service to legitimate users. Not all DoS attacks against electronic information are intentional. Accidents play a large role in DoS incidents. For example, the backhoe that I mentioned in the last para - graph might cut a fiber-optic transmission line by accident while working on another job. Such cuts have caused widespread DoS incidents for telephone and Internet users. Like - wise, there have been incidents of developers testing new code that causes large systems to become unavailable. Clearly, most developers do not have the intent of rendering their systems unavailable. Even children can cause DoS incidents. A child on a data center tour will be fascinated by all the blinking lights. Some of these lights and lighted switches will 24 Network Security: A Beginner’s Guide be near eye level for a child. The temptation to press a switch and possibly shut down a system will be immense. REPUDIATION ATTACKS Repudiation is an attack against the accountability of the information. In other words, re - pudiation is an attempt to give false information or to deny that a real event or transaction should have occurred. Masquerading Masquerading is an attempt to act like or impersonate someone else or some other sys - tem. This attack can occur in personal communication, in transactions, or in sys - tem-to-system communications. Denying an Event Denying an event is simply disavowing that the action was taken as it was logged. For ex- ample, a person makes a purchase at a store with a credit card. When the bill arrives, the person tells the credit card company that he never made the purchase. How Repudiation Attacks Are Accomplished Repudiation attacks can be made against information in physical form or electronic form. The difficulty of the attack depends upon the precautions that are provided by the organization. Information on Paper An individual can masquerade by using someone else’s name on a document. If a signa - ture is required on the document, the attacker must forge the signature. It is much easier to masquerade when using a typed document rather than a handwritten document. An individual can deny an event or transaction by claiming that he or she did not ini - tiate it. Again, if signatures are used on contracts or credit card receipts, the individual must show that the signature is not his or her own. Of course, someone who is planning to perform this type of attack, might make the signature look wrong in the first place. Electronic Information Electronic information may be more susceptible to a repudiation attack than information in physical form. Electronic documents can be created and sent to others with little or no proof of the identity of the sender. For example, the “from” address of an e-mail can be changed at will by the sender. There is little or no checking done by the electronic mail system to verify the identity of the sender. Chapter 2: Types of Attacks 25 The same is true for information sent from computer systems. With few exceptions, any computer system can take on any IP address. Thus, it is possible for a computer sys - tem to masquerade as another system. NOTE: This is a very simplified example. One system can take on the IP address of another if it is on the same network segment. Taking on the IP address of another system across the Internet is not easy and does not provide a true connection. Denying an event in the electronic world is much easier than in the physical world. Documents are not signed with handwritten signatures and credit card receipts are not signed by the customer. Unless a document is signed with a digital signature, there is nothing to prove that the document was agreed to by an individual. Even with digital sig - natures, a person could say that the signature was somehow stolen or that the password protecting the key was guessed. Since there is very little proof to link the individual to the event, denying it is much easier. Credit card transactions are also easier to deny in the electronic world. There is no sig - nature on the receipt to match against the cardholder’s signature. There may be some proof if the goods were sent to the cardholder’s address. But what if the goods were sent somewhere else? What proof is there that the cardholder was actually the person who purchased the goods? 26 Network Security: A Beginner’s Guide CHAPTER 3 Information Security Services 27 Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. . incorrect. Change attacks can be targeted at sensitive information or public information. Figure 2 -4. Interception using incorrect name resolution information Insertion Another type of modification. tour will be fascinated by all the blinking lights. Some of these lights and lighted switches will 24 Network Security: A Beginner’s Guide be near eye level for a child. The temptation to press a