One of the two most publicized threats to security is the intruder (the other is viruses), often referred to as a hacker or cracker. Significant issue for networked systems is unwanted access either via network or local.
Classification of Intruders
- Masquerader : An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account. The masquerader is likely to be an outsider.
- Misfeasor : A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges :the misfeasor generally is an insider.
- Clandestine user : An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. User can be either an outsider or an insider.
Intruders : Intrusion Techniques
The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system. Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a back door into the system. Typically, a system must maintain a file that associates a password with each authorized user. If such a file is stored with no protection, then it is an easy matter to gain access to it and learn passwords. The password file can be protected in one of two ways:
- One-way function : The system stores only the value of a function based on the user’s password. When the user presents a password, the system transforms that password and compares it with the stored value.
- Access control : Access to the password file is limited to one or a very few accounts.
On the basis of a survey of the literature and interviews with a number of password crackers, [ALVA90] reports the following techniques for learning passwords:
- Try default passwords used with standard accounts that are shipped with the system. Many administrators do not bother to change these defaults.
- Exhaustively try all short passwords (those of one to three characters).
- Try words in the system’s online dictionary or a list of likely passwords. Examples of the latter are readily available on hacker bulletin boards.
- Collect information about users, such as their full names, the names of their spouse and children, pictures in their office, and books in their office that are related to hobbies.
- Try users’ phone numbers, Social Security numbers, and room numbers.
- Try all legitimate license plate numbers for this state.
- Use a Trojan horse to bypass restrictions on access.
Intrusion Detection
Inevitably will have security failures, So need also to detect intrusions so can
Block if detected quickly
Act as deterrent
Collect info to improve security
Assume intruder will behave differently to a legitimate user, But will have imperfect distinction between.