Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
unless, of course, the firewall has established a reverse proxy that is equipped to handle this type<br />
of threat. Attackers can similarly control what is happen<strong>in</strong>g on devices with<strong>in</strong> the firewall by<br />
communicat<strong>in</strong>g with the cracked device via HTTP (port 80), a protocol that is rarely blocked by<br />
any firewall.<br />
Routers have similar vulnerabilities to end-systems except that they are more likely than endsystems<br />
to be identified by traceroute and they usually have substantially fewer resident<br />
application daemons for the attacker to potentially exploit.<br />
Attackers often attack routers through SNMP. There are many security problems with SNMP<br />
(see section 4.6). These systems are particularly vulnerable if older versions of SNMP (i.e.,<br />
SNMPv1 or SNMPv2) are be<strong>in</strong>g used or if the default SNMP community names have not been<br />
altered or removed from the network device previous to deployment (e.g., “public,” “write,”<br />
“user” are common default SNMP account names on routers, usually without any associated<br />
password protections). Similar vulnerabilities exist for the default accounts and ma<strong>in</strong>tenance<br />
accounts that come on most network<strong>in</strong>g devices. In all other respects, the threats and exploits<br />
affect<strong>in</strong>g network devices such as routers are the same as those affect<strong>in</strong>g computers, except that<br />
the network devices traditionally have substantially fewer applications, and therefore less<br />
vulnerability for attackers to exploit.<br />
A.3 AVAILABILITY ATTACKS.<br />
These attacks do not seek to take over devices or network systems, but rather seek to make the<br />
network systems support<strong>in</strong>g devices become <strong>in</strong>effectual.<br />
A number of controls have been proposed to thwart specific classes of availability attacks. Some<br />
of these controls have been demonstrated <strong>in</strong> laboratory environments. However, other than<br />
secur<strong>in</strong>g the data communications protocols themselves (see section 4.5), few if any of these<br />
mechanisms have yet been demonstrated to be effective with<strong>in</strong> actual operational network<br />
deployments. Thus, effective defenses aga<strong>in</strong>st many classes of availability attacks are not yet<br />
available with<strong>in</strong> today’s best current practices.<br />
A-13