Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-64748-6
11121314151617181920
Book IV
Chapter 1
Network Security
Terminology
459
Identifying Types of Attacks
Man-in-the-middle
A man-in-the-middle attack involves the hacker intercepting the data in
transit, potentially modifying the data, and then forwarding the information
on to the intended recipient. Note that the intended recipient receives the
information, but the hacker sees the information as well.
Man-in-the-middle attacks are popular with wireless networks at coffee
shops today. The hacker poisons the ARP cache of the wireless clients so
that they forward all the traffic to the hacker’s system first, who then forwards
the information onto the Internet. The clients are still surfing the Internet,
but what they do not realize is that they are passing through the hacker’s
laptop first. (And the hacker is typically capturing all the traffic with a
packet sniffer in hopes of capturing user passwords.)
To protect against man-in-the-middle attacks, you need to restrict access to
the network and implement encryption and authentication services on the
network.
Session hijacking
A session hijack is similar to a man-in-the-middle attack, but instead of the
hacker intercepting the data, altering it, and sending it to whomever it was
destined, the hacker simply hijacks the conversation by disconnecting one
of the participants off the network (usually via a denial of service attack) and
then impersonates that person within the conversation. The other party has
no idea that he or she is communicating with someone other than the original
person.
To protect against session hijacking attacks, you need to restrict access to
the network and implement encryption and authentication services on the
network.
Buffer overflow
A very popular type of attack today is a buffer overflow attack, which involves
the hacker sending more data to a piece of software than the software
expects. The information sent to an application is typically stored in an
area of memory known as a buffer. When more data than expected is sent to
the application, the information is stored in memory beyond the allocated
buffer. It has been found that if a hacker can store information beyond the
allocated buffer, he can run his own code that typically results in a remote
command shell with administrative access. The reason why administrative
access is gained is because the code executes in the context of the user
account associated with the software that was hacked — normally an
administrative account!
22_647486-bk04ch01.indd 45922_647486-bk04ch01.indd 459 10/15/10 11:27 PM10/15/10 11:27 PM