Classification of remote attacks on distributed computing systems
The main goal of any classification is to offer such classification features, using which one can most accurately describe
classified events or objects. Due to the fact that none of the famous author of scientific study, no distinction was made between local and remote information impact on the aircraft, the use of already well-known generalized classifications to describe remote effects are not the most precise to reveal their nature and describe the mechanisms and modalities for their implementation . This is due to the fact that this class of effects is characterized by highly specific features for distributed computing systems. Therefore, for a more accurate description of remote attacks and proposed the following classification.
Thus, remote attacks can be classified according to:
1. By the nature of the impact
Passive exposure to distributed computing system called the impact that has no direct effect on system performance, but may interfere with its security policy. It is the lack of direct influence on the work of the distributed CS leads to the fact that passive remote impact is almost impossible to detect.
An example of a typical passive remote impact in PBC is listening to the channel in the network.
Under the active influence on distributed Sun will understand the impact of having a direct impact on the operation of the system (changing the configuration of PBC, malfunction, etc.) and violated the accepted standard in its security policy. Virtually all types of remote attacks are active influences. This is due to the fact that the very nature of the damaging effects of the active principle contained.
An obvious feature of the active intervention compared with the passive is in principle possible to detect it (naturally, with greater or lesser degree of difficulty), as a result of its implementation in the system there are certain changes. In contrast, active, and passive exposure leaves no traces (from the fact that the attacker will scan the alien message in the system, at the same time will not change anything).
2. Impact on target
violation of privacy or system resources
violation of the integrity of information
malfunction (accessibility) of the system
This classification criterion is a direct projection of the three main types of threats - the disclosure, integrity, and denial of service.
The main goal of almost any attack - to gain unauthorized access to information. There are two principal opportunities for access to information: the interception and distortion. The interception of information means getting access to it, but the impossibility of its modification.
Consequently, the interception of information leads to a violation of her privacy.
An example of the interception of information can serve as a channel to listen online. In this case there is unauthorized access to information without the possibility of distortion.
It is also clear that a breach of confidentiality is a passive effect. Possibility of distortion of information means a complete control over the information flow between system objects, or the possibility of sending messages on behalf of another object.
Thus, it is obvious that the distortion of information leads to a violation of its integrity. This informative destructive effect is a prime example of active influence. An example of remote attack, which aims to breach the integrity of information can serve as a typical remote attacks
(MA) False object viz. Fundamentally different to attack a violation of the health system. In this case, is not expected to receive an attacker unauthorized access to information. Its main objective - to ensure that the operating system on the victim site is out of service for all
other objects in the system to access resources attacked object would be impossible.
An example of remote attack, which aims to malfunction of the system, can serve as a typical V & A denial of service.
3. By the condition of the start of the exposure
Remote effects, as well as any other, could begin to be carried out only under certain conditions. In the distributed CS, there are three types of conditions the start of the remote attack:
Attack on request from the Victim object
In this case the attacker expects to be passed from a potential target of attack a certain type of request, which will be the condition for the start of the
exposure. Examples of such requests in the Novell NetWare operating systems can serve as a SAP-query (the attack described in ), and the network Internet - DNS-and ARP-requests.
Remote attacks on the facilities of the Internet, on demand of the system under attack. It is important to note that this type of remote attacks more characteristic of the distributed Sun
Attack on the date expected developments on the victim site
In this case, the attacker performs constant surveillance of the operating system and the remote target of attack for a specific event occurs in this system begins to impact. As in the previous case, the initiator of the attack began performs himself attacked object. An example of such an event may be an interrupt a user session with a server running Novell NetWare, without issuing the command LOGOUT.
In this case, the launching of an attack certainly in relation to the target of attack, the attack is carried out immediately, and without regard to the state system and the attacked object. Therefore, in this case the attacker initiates the start of the attack. An example of this type of attack.
4. By the presence of feedback from the attacked target feedback loop (unidirectional) attack
Remote attack is carried out in the presence of feedback from the attacked object, characterized by the fact that some of the requests referred to the Victim object, an attacker is required to get an answer, and, consequently, between the attacker and the target of the attack there was an inverse relationship, which allows an attacker to respond adequately to all changes occurring on the victim site. Such remote attacks are most common distributed Sun
In contrast to the attacks with feedback remote attacks without feedback is not required to respond to any changes on the victim site. Attacks of this type usually are transferred to the Victim single object queries, the answers to which the attacker does not need. Such a UA can be called a one-way remote attack.
An example of unidirectional attack is a typical UA denial of service attacks as well as examined.
5. According to the location of the subject of attack relative to the attacked object intrasegment intersegment
Consider some definitions:
The subject of attack (or source of the attack) - is attacking the program or the operator directly engaged exposure.
Host (host) - a network computer.
Router (router) - a device that provides routing, packet exchange in the global network.
Subnet (subnetwork) (in the terminology of Internet) - the set of hosts that are part of a global network for which the router is selected the same subnet.
Subnet - a logical grouping of hosts router.
Hosts within a subnet can communicate with each other directly, bypassing the router.
Segment of the network - the physical association of hosts.
For example, a segment of the network form a set of hosts connected to the server via shared bus scheme. In such a scheme to connect each host has an opportunity to expose the analysis of any package in its segment. In terms of remote attack is extremely important, both in relation to each other are the subject and the object of attack, that is, in one or in different segments they are. In the case of intersegment attack, as the name implies, the subject and the object of attack are in the same segment.
When intersegment attack, subject and object of attack are in different segments. This classification criterion to judge the degree of so-called remote attack.
It will be shown that in practice inter-segment attack is much more difficult to implement than the intersegment. It is important to note that Intersegment remote attack is much more dangerous than the intersegment.
This is due to the fact that in the case of inter-segment the object of attack e ╕ directly attacker may be located thousands of kilometers apart, which may significantly impede measures to repel an attack.
6. The level of the reference model ISO / OSI, which carried out the impact
International Organization for Standardization (ISO) adopted the ISO 7498, describing the open systems interconnection (OSI).
Distributed Sun are also open systems. Any network protocol, as well as any network program, you can with some degree of accuracy in the projected seven-layer reference model OSI.
Such multilevel projection will be described in terms of the OSI model features incorporated in the network protocol or program. Remote attack is also a network program. In this regard, it seems logical to consider remote attacks on distributed computer systems, projecting them on the reference model ISO / OSI.