The path to growth of cissp (17th): Review Access Control (2)

Source: Internet
Author: User
In the previous article "review access control" in the cissp development path series specially planned by 51cto Security channel, j0ker introduced the basic concepts of access control and the basic principles of three access control types (physical, logical, and management. We know that information security and every security-related technology aim to protect the confidentiality, integrity, and availability of information assets (CIA) from any or all damages, as well as access control. Therefore, j0ker intends to introduce the C-I-A protection scope of access control CBK and some common threats related to access control.

In the previous article "review access control" in the cissp development path series specially planned by 51cto Security channel, j0ker introduced the basic concepts of access control and the basic principles of three access control types (physical, logical, and management. We know that information security and every security-related technology aim to protect the confidentiality, integrity, and availability of information assets (CIA) from any or all damages, as well as access control. Therefore, j0ker intends to introduce the C-I-A protection scope of access control CBK and some common threats related to access control.

I. Threat Classification

Access control is usually deployed in information facilities to protect the information processing environment-systems (including hardware, operating systems, and applications), network platforms, and connections (intranet, exclusive, and Internet. In addition, access control also applies to physical environments, such as building entrances, computer centers, and specific personal workstations. To gain a deeper understanding of access control, you must first understand the various threats that affect system resources. These threats can be classified:

Confidentiality threat: An entity, including an individual, program, or computer, obtains access to sensitive information. Confidentiality threats are one of the main types of threats to access control.

Integrity threat: an Entity accesses and affects system resources without authorization. Another form of integrity threat is the entity's unauthorized addition or modification of system resources. Integrity threats are also one of the main types of threats to access control.

Availability threat: an asset in the system is destroyed to make it unavailable or useless.

Ii. List of common threats

It is far from enough to understand the types of threats at the level of C-I-A. The threats we encounter in our daily work are often more specific and more technical. The following j0ker will list specific threat examples to help you gain a deeper understanding of the threats involved in access control. Of course, IT technologies and threats are both developing rapidly, j0ker cannot provide a very complete list of threats. The examples below are more to help you understand common threats and their content, measure the test taker's knowledge about the types of threats that affect the system. In addition, j0ker is listed according to the English word order of these threats, rather than their importance or frequency of occurrence.

Buffer overflow: Buffer Overflow is the oldest and most common problem in software because the input obtained by a program exceeds the buffer capacity, causes program exceptions and changes the running path. Buffer overflow usually causes malicious code insertion and execution or the program to gain administrator privileges. Buffer overflow is a threat that undermines confidentiality and availability.

Convert channel: a hidden data transmission path that violates the Organization's security policies. This channel usually occurs when two or more users share information. Hidden channels include time channels and storage channels ). Hidden channels are threats to damage confidentiality.

Data remanence: Data residue refers to the data that can be read on the disk after the disk storage device is demagnetized or the data is overwritten. The residual data may be read intentionally or unintentionally and leaked. Data residue is a threat that undermines confidentiality.

Dumpster diving: a garbage collection method is an attack that allows an attacker to search for a waste bin in an organization and obtain valuable information such as the user name and password. Garbage collection is a threat that undermines confidentiality.

Eavesdropping: an attacker uses software (such as a sniffer) to listen to a network or a device to listen on the data transmitted in a telecom network. Listening is a threat that undermines confidentiality.

Emanations: attackers use special devices to obtain and restore electromagnetic radiation from the target hardware devices and signals from various wireless networks. Electromagnetic listening is a threat that undermines confidentiality.

Hacker: hackers generally obtain unauthorized system access through technical means. There are various types of hackers, such as white hat hackers (legal vulnerability researchers) black-Hat hackers (hackers who show off their technical staff through attacks) and malicious hackers (malicous hacker, attackers who may cause harm or loss, malicious hackers.

Impersonation: attackers disguise themselves as an authorized user to gain unauthorized access. Identity forgery is a threat that undermines confidentiality.

Internal intruder: internal personnel in an organization use external intruders to perform unauthorized access to sensitive information in the Organization. There are usually two types: Authorized users try to access unauthorized information or resources; authorized users try to access devices that are not authorized physically. Internal intruders are threats that undermine confidentiality.

Loss of processing capability: refers to the suspension of information processing by the system due to intentional or unexpected damages. The loss of processing capability is a threat that damages availability.

Malicious Code: indicates the code that can access the system or obtain the highest system permission in violation of security policies. Malicious Code threats will also be detailed in the following article.

Man-in-the-middle attack (man in the middle): an attacker intercepts and redirects Data Communication in the network to obtain sensitive information in data communication. Man-in-the-middle attacks are threats that undermine confidentiality.

Mobile Code: it refers to the executable content uploaded from a server to a client over the network and executed on the client. Java and VB script are good examples.

Object reuse: refers to the information that an object (user, program, etc.) can access the previous object to access the disk, memory, temporary files, and other information, unauthorized access to sensitive information. Target reuse is a threat that undermines confidentiality.

Password Cracker: A software or program used to obtain the encrypted password in a password file. If an unauthorized user can access the password file, attackers may crack the password kept in the password file to gain access to sensitive information.

Physical access: physical access to information processing facilities, such as network devices, hosts, and ancillary facilities. Physical access control will be detailed in the physical security CBK.

REPLAY: an attacker captures packets in the network and sends them to the target host again for unauthorized access. Replay attacks are threats that undermine confidentiality and integrity.

Spoofing: an attacker can obtain the access permission of a server that only verifies the Client IP address through IP spoofing. IP spoofing is a threat that undermines confidentiality.

Social Engineering: unauthorized users obtain access to sensitive information by deceiving authorized users.

Spying: an activity in which attackers obtain sensitive information through high-tech means such as eavesdropping and video recording. Espionage is a threat that undermines confidentiality.

Targeted Data Mining: searches for readable information of a database and infers sensitive information based on the readable information. Targeted Data Mining is a threat that undermines confidentiality.

Trapdoor: A function left by a system developer in a system program to access system resources without verification. Backdoors are threats that undermine confidentiality.

Tunneling: a technology that skips the functions provided by the system and directly accesses the underlying device. Tunnel Technology skips the access control function of the system while using the underlying access method. Tunneling is a threat that undermines confidentiality.

The above lists only common threats to confidentiality and integrity. Denial-of-Service threats against threat availability and malicious code that cannot clearly distinguish threat types, in the following content, j0ker will continue to introduce it. In the cissp examination, we often examine the concepts and classifications of the above threats, and sometimes the defense methods of a specific threat.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.