Week 9 - STRIDE: Denial of Service
When thinking of denial of service (DoS) attack, we probably think of a
scenario where a computer overloads a target machine by sending so many
requests. That immediately leads us to another scenario where one source
controls more than one computers to send messages to a single target.
That scenario is called a distributed
denial of service (DDoS) attack. In 2017, SecurityWeek.com reported a
case that hackers gained control over thousands of IP security cameras (Kovacs). Those cameras became zombie devices and were
controlled by the hackers to engage DDoS attack. These scenarios are just two of the many ways
to do a DoS attack. The purpose of
DoS is to make the data unavailable to the authorized users. DoS can
target data, information, storage, software, computing process, communication, protocol,
and many others.
Data normally goes through three stages during operation. It starts from user input, transition into memory, and get saved in disk space. When retrieved, data goes from storage to memory, and then to the requester. An attacker can target any of the three stages to steal or prevent the data to reach the user.
Data and files in storage become unavailable when damaged or deleted. There are several causes to data damage which includes disk damage, sabotage, tampering, and malware. When the disk is continuously used beyond its life span, parts of the disk becomes unusable. If data is saved to the unusable space, it will be corrupted. Data can be destructed or corrupted (intentionally or unintentionally) by human intervention. Malware is another cause of data disruption. After infecting the system, malware can delete, modify, or spread to other areas.
Before being sent over the transmission line to the user, data get loaded into memory and processed. It might be difficult to damage or corrupt the data by human intervention. However, it is possible to do so when the system is infected with malware. There are different ways to cause data to become unavailable in the processing stage. The first is to corrupt the data before it is sent out. The second is to stop the data from being processed or slow it down by consuming the CPU power or memory. The third is to halt the system. Without physical access to the system, malware or remote access are the two alternative options.
The third stage is the transmission stage, which is also the most vulnerable of the three. The malicious party does not need to get in the system to use a DoS attack. What to be done is overload the transmission line or the processing unit with lots and lots of requests that would cause the system to stop responding to legitimate requests. For the first scenario that I mentioned earlier, the attacker can use one computer to continuously send thousands and thousands of requests to the target. That would make the target system so busy that it cannot process any other requests. There are countermeasures put in at the protocol level to handle such attack. The protocol can be controlled such that it limits the number of requests from the same source within a defined time. That countermeasure gave birth to the DDoS. Instead of sending thousands of requests from one source, DDoS uses multiple systems, each sends a lesser number of messages. Controlling DDoS becomes more difficult.
Data normally goes through three stages during operation. It starts from user input, transition into memory, and get saved in disk space. When retrieved, data goes from storage to memory, and then to the requester. An attacker can target any of the three stages to steal or prevent the data to reach the user.
Data and files in storage become unavailable when damaged or deleted. There are several causes to data damage which includes disk damage, sabotage, tampering, and malware. When the disk is continuously used beyond its life span, parts of the disk becomes unusable. If data is saved to the unusable space, it will be corrupted. Data can be destructed or corrupted (intentionally or unintentionally) by human intervention. Malware is another cause of data disruption. After infecting the system, malware can delete, modify, or spread to other areas.
Before being sent over the transmission line to the user, data get loaded into memory and processed. It might be difficult to damage or corrupt the data by human intervention. However, it is possible to do so when the system is infected with malware. There are different ways to cause data to become unavailable in the processing stage. The first is to corrupt the data before it is sent out. The second is to stop the data from being processed or slow it down by consuming the CPU power or memory. The third is to halt the system. Without physical access to the system, malware or remote access are the two alternative options.
The third stage is the transmission stage, which is also the most vulnerable of the three. The malicious party does not need to get in the system to use a DoS attack. What to be done is overload the transmission line or the processing unit with lots and lots of requests that would cause the system to stop responding to legitimate requests. For the first scenario that I mentioned earlier, the attacker can use one computer to continuously send thousands and thousands of requests to the target. That would make the target system so busy that it cannot process any other requests. There are countermeasures put in at the protocol level to handle such attack. The protocol can be controlled such that it limits the number of requests from the same source within a defined time. That countermeasure gave birth to the DDoS. Instead of sending thousands of requests from one source, DDoS uses multiple systems, each sends a lesser number of messages. Controlling DDoS becomes more difficult.
Kovacs E. (June 9, 2017). Thousands of IP Cameras Hijacked
by Persirai,
Other IoT Botnets. Retrieved from
http://www.securityweek.com/thousands-ip-cameras-hijacked-persirai-other-iot-botnets.
Comments
Post a Comment