2 cissp ® Official Study Guide Eighth Edition


Maintenance Hooks and Privileged Programs



Download 19,3 Mb.
Pdf ko'rish
bet368/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   364   365   366   367   368   369   370   371   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Maintenance Hooks and Privileged Programs
Maintenance hooks
are entry points into a system that are known only by the developer of 
the system. Such entry points are also called 
back doors
. Although the existence of main-
tenance hooks is a clear violation of security policy, they still pop up in many systems. The 
original purpose of back doors was to provide guaranteed access to the system for main-
tenance reasons or if regular access was inadvertently disabled. The problem is that this 
type of access bypasses all security controls and provides free access to anyone who knows 
that the back doors exist. It is imperative that you explicitly prohibit such entry points and 
monitor your audit logs to uncover any activity that may indicate unauthorized administra-
tor access.
Another common system vulnerability is the practice of executing a program whose 
security level is elevated during execution. Such programs must be carefully written and 
tested so they do not allow any exit and/or entry points that would leave a subject with a 
higher security rating. Ensure that all programs that operate at a high security level are 
accessible only to appropriate users and that they are hardened against misuse. A good 
example of this is root-owned world-writable executable scripts in the Unix/Linux OS 
environment. This major security flaw is overlooked all too often. Anyone can modify the 
script, and it will execute under root context allowing users to be created, resulting in back-
door access.
Incremental Attacks
Some forms of attack occur in slow, gradual increments rather than through obvious or 
recognizable attempts to compromise system security or integrity. Two such forms of attack 
are data diddling and the salami attack.
Data diddling
occurs when an attacker gains access to a system and makes small, ran-
dom, or incremental changes to data during storage, processing, input, output, or transac-
tion rather than obviously altering file contents or damaging or deleting entire files. Such 

388
Chapter 9 

Security Vulnerabilities, Threats, and Countermeasures
changes can be diffi cult to detect unless fi les and data are protected by encryption or unless 
some kind of integrity check (such as a checksum or message digest) is routinely performed 
and applied each time a fi le is read or written. Encrypted fi le systems, fi le-level encryption 
techniques, or some form of fi le monitoring (which includes integrity checks like those per-
formed by applications such as Tripwire and other fi le integrity monitoring [FIM] tools) 
usually offer adequate guarantees that no data diddling is under way. Data diddling is 
often considered an attack performed more often by insiders rather than outsiders (in other 
words, external intruders). It should be obvious that since data diddling is an attack that 
alters data, it is considered an active attack. 
The
salami attack
is more mythical by all published reports. The name of the attack 
refers to a systematic whittling at assets in accounts or other records with fi nancial 
value, where very small amounts are deducted from balances regularly and routinely. 
Metaphorically, the attack may be explained as stealing a very thin slice from a salami each 
time it’s put on the slicing machine when it’s being accessed by a paying customer. In real-
ity, though no documented examples of such an attack are available, most security experts 
concede that salami attacks are possible, especially when organizational insiders could be 
involved. Only by proper separation of duties and proper control over code can organiza-
tions completely prevent or eliminate such an attack. Setting fi nancial transaction monitors 
to track very small transfers of funds or other items of value should help to detect such 
activity; regular employee notifi cation of the practice should help to discourage attempts at 
such attacks. 
If you want an entertaining method of learning about the salami attack or 
the salami technique, view the movies
Office Space
,
Sneakers
, and
Super-
man III
. You can also read the article from
Wired
about an attack of this 
nature from 2008:
https://www.wired.com/2008/05/man-allegedly-b/
 .

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   364   365   366   367   368   369   370   371   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish