Attacks on computer systems

In our century of total computerization and domination of IT systems, it will not be superfluous to pay attention to the second side of the coin, namely, the actions of intruders in hacking computer systems. Therefore, consider the typical attacks on computer systems.

Therefore, consider the typical attacks on computer systems

File system scan. An attacker attempts to browse the file system and read, copy, or delete files. If access to the file is closed, scanning continues until at least one administrator error is detected. Such an attack is carried out using a special program in automatic mode.

Theft of key information. The password can be overlooked by the movement of the hands on the keyboard or removed by a video camera. Some programs of entry into the computer system of a remote server allow a password to be entered on the command line, where the password is displayed on the screen, and sometimes batch files are used for input to simplify entry.

Garbage collection. Information deleted by the user is not physically deleted, but is only marked for deletion and placed in the garbage collector. If you access this program, you can also get access to the files to be deleted.

Abuse of authority. Using errors in the system software and / or security policies, the user is trying to obtain credentials that exceed those allocated to him. This impact can also be the result of logging in under the name of another user or replacing a dynamic library that is responsible for performing user authentication functions.

Software bookmarks. These are programs that perform at least one of the following actions: the introduction of arbitrary distortions in the codes of programs that are in memory; the transfer of pieces of information from one area of operational or external memory to another; distortion of information output by other programs to external devices or communication channels.

Greedy program. Programs that intentionally capture a significant portion of computer system resources, with the result that other programs run much slower or do not work at all. Often the launch of such a program leads to the collapse of the OS.

Denial of Service (DoS) attacks. DoS attacks are the most common in computer networks and come down to disabling the object, rather than getting unauthorized access. They are classified by impact. For example, network bandwidth overload - automatic generation, perhaps from several nodes, of large network traffic, which completely takes up the capabilities of a given node; processor overload - sending computing tasks or requests whose processing exceeds the computational capabilities of the node processor; Occupation of possible ports - when connecting to the service ports of the node, it occupies all the allowed number of connections to this port. Such attacks can be detected and eliminated by the administrator by issuing a ban on receiving packets from this source. In order to deprive an administrator of a node of this possibility, an attack comes from a multitude of nodes on which a virus is pre-deployed, which is activated at a certain time.

Attacks disguise. Disguise is the generic name for a large class of network attacks in which an attacker impersonates another user. If substantial rights are obtained by processes initiated by trusted hosts, it is sufficient to specify the trusted address of the sender, and it will be skipped.

Attacks on routing. To achieve the victim node in such attacks, a change in the packet delivery route is applied. Each path can have its own access rights, the node can respond differently to packets received in different ways. Therefore, the attacker's interest extends not only to the node itself, but also to intermediate points — routers.

Network listening (sniffing). There are intersegment and intrasegment sniffing. In the first case, the eavesdropping device should be located at the entrance or exit of the interacting nodes or at one of the transit nodes. To protect against eavesdropping, encryption is mainly used. To organize listening, it is necessary, with the help of a sniffer program, to switch the Ethernet card mode to “illegible mode”, when the card accepts not only packets with its network address, but also all packets passing through the network. To combat sniffers, a sniffer detector is used. The principle of its operation is to form a packet with an incorrect network address, which should be ignored by all network nodes. That computer system that will accept such a package should be checked for the presence of a sniffer.

Tools