Circumvention and attack methods
How do people circumvent access control restrictions?
- Obtain physical access to the system or network
- Obtain privilege by exploiting bugs in programs that have
privileged access
- Obtain privilege by obtaining privileged account access
- Snoop on data passing through the network to obtain account
information or data whose access is restricted in other ways
How do people circumvent or fake authentication?
- Get the secret used for authentication (a password or
cryptographic key)
- Brute-force guessing (easier as computer power increases), such
as password cracking or "dictionary attacks"
- "Over-the-shoulder" reading of a password typed at a keyboard,
or reading the sticky notes on someone's desk
- Social engineering: exploit naive user's trust of someone
perceived to be in authority, or their ignorance of security
implications, to obtain their password
- For biometric authentication, obtain the biometric item used to
authenticate (obtain a fingerprint cast or DNA sample, or in the
most gruesome extreme cut off or pull out the appropriate body part)
Next ->
Steve VanDevender
Last modified: Wed Jul 9 14:39:13 PDT 2003