Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
they predate today’s security awareness and therefore their security provisions are<br />
demonstrably <strong>in</strong>adequate and vulnerable.<br />
• Attacks us<strong>in</strong>g the r- services: rsh, rcp, rexec, and rlog<strong>in</strong>. These services were historically<br />
very popular on Unix systems. Like the ARPA services, these services are designed for<br />
trusted environments only. Unlike ARPA services, they often lack security provisions<br />
altogether.<br />
• Remote attacks by RPC services. These types of attacks either leverage buffer overflow<br />
problems with<strong>in</strong> the RPC implementations itself or else leverage security weaknesses<br />
associated with the Sun Microsystems ONC protocol family services (e.g., Sun RPC,<br />
NFS, Network <strong>in</strong>formation systems).<br />
• NFS, mountd, and portmap attacks.<br />
• Leverag<strong>in</strong>g X-w<strong>in</strong>dows <strong>in</strong>securities.<br />
A.2.13<br />
SOCIAL ENGINEERING.<br />
These attacks <strong>in</strong>volve an attacker trick<strong>in</strong>g a network manager to <strong>in</strong>appropriately reveal sensitive<br />
<strong>in</strong>formation, such as account-password <strong>in</strong>formation. As Ed Skoudis observed:<br />
“The most frustrat<strong>in</strong>g aspect of social eng<strong>in</strong>eer<strong>in</strong>g attacks for security<br />
professionals is that such attacks are nearly always successful. By pretend<strong>in</strong>g to<br />
be another employee, a customer, or supplier, the attacker attempts to manipulate<br />
the target person to divulge some of the organization’s secrets. Social<br />
eng<strong>in</strong>eer<strong>in</strong>g is deception, pure and simple” [A-2].<br />
One of the first steps an attacker often takes after compromis<strong>in</strong>g a device is to elim<strong>in</strong>ate any<br />
record of his actions from the cracked device’s audit logs and take steps to ensure that none of<br />
his future clandest<strong>in</strong>e actions will be similarly recorded on the audit logs. In standard computer<br />
systems, the former is usually fairly straightforward and consists of modify<strong>in</strong>g, corrupt<strong>in</strong>g, or<br />
delet<strong>in</strong>g the audit files themselves.<br />
The attacker usually <strong>in</strong>serts Trojan horses <strong>in</strong> key system utilities as a mechanism to hide his or<br />
her activities from the audit logs. He also will establish backdoors and logic bombs for<br />
cont<strong>in</strong>ued control of the device after he “logs off.”<br />
A Trojan, which is short for Trojan horse, is a program that purports to perform an authorized<br />
task, but actually carries on other activities beh<strong>in</strong>d the scenes. Many attackers replace common<br />
OS commands on the cracked OS with Trojans of their own design. For example, ps, netstat,<br />
ifconfig, killall, ls, ssh, who, f<strong>in</strong>d, du, df, sync, reboot, halt, and shutdown are commonly<br />
replaced by attackers of Unix OSs by a Trojan version conta<strong>in</strong>ed with<strong>in</strong> the attacker’s rootkit. A<br />
rootkit is a collection of tools an attacker downloads to a victim computer after ga<strong>in</strong><strong>in</strong>g <strong>in</strong>itial<br />
access. In addition to system b<strong>in</strong>aries, rootkits for Unix systems usually also conta<strong>in</strong> network<br />
A-11