Posted by :
ss
Saturday, January 23
Hello Readers !!
When the people think about getting asses to system, they only think direct assessing , but there are two more areas:
Elevation of privileges
Denial of services.
All these things are useful to the attacker depending on the type of attack he wants to launch. There are also cases where they can be used in conjunction with each other.
Let take an example
Someone might be able to get into a user’s account to gain access to the system, but he does not have root access, so he might not copy a sensitive file. But at this condition , the attacker would have to try same another method i.e run an elevation of privileges attack to increase his security level so that he can access the appropriate files.
It is important to understand that an attacker can exploit a system to use it
as a launching pad for attacks against other networks. This is why system
break-ins are not always noticed, because attackers are not out to do
direct harm or steal information.In these cases, a company’s valuable
resources are being used and, technically, that company is hacking into
other companies.
The following are some ways that an attacker can gain access to a system:
• Operating system attacks
• Application-level attacks
• Scripts and sample program attacks
• Misconfiguration attacks
Think about this : if it is authorized or not & someone
is using Company A’s computers to break into Company B, when Company
B investigates, it will point back to Company A. This is called a downstream liability problem. This can have huge legal implications for a company if it is not careful—especially if the attackers want to have some fun and carefully pick the two companies so that Company A and B are major competitors. If you are the head of security for Company A, you better hope that your resume is updated.
We will discuss each attacks in the next session of Our blogs