|
What do these threats have in common?
|
| bet | 3/9 | | Sana | 12.08.2023 | | Hajmi | 58.92 Kb. | | #78423 |
Bog'liq The-Threats-To-Our-ProductsWhat do these threats have in common?
Ability to change the identity associated with an object.
Subversion of secure logon mechanism.
Successful use of false credentials.
Examples
A malicious impersonator (man-in-the-middle) spoofs IP (Internet Provider) packets to hijack a connection to the server. The vulnerability here is that the communication protocol does not incorporate confidentiality and integrity.
Authentication protocols that use passwords without encrypting them disclose credential information to an eavesdropper, who can then use this information to impersonate the user. The vulnerability here is the credential information not being properly encrypted.
The "Trojan horse" attack is the classic spoof. For example, on a browser, a Web page might manage to construct an exact visual duplicate of the system log on and trick users into typing their name and password, not suspecting they were actually giving the information to a Web site.
Replay where an eavesdropper can replay a client/server exchange to the server, such as a debit transaction on a bank account. The vulnerability here is missing sequence detection.
Forging e-mail. The vulnerability in this case is lack of confidentiality and integrity in email messages.
DNS poisoning. The vulnerability here is ability to do untrusted updates to the DNS database.
What products are susceptible? All types of software products may be subject to these threats.
Tampering with data
What's the threat? Modifying system or user data with or without detection. An unauthorized change to stored or in-transit information, formatting of a hard disk, a malicious intruder introducing an undetectable network packet in a communication, and making an undetectable change to a sensitive file are all tampering threats.
|
| |
