IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 4.39 Software conception errors<br />

When programs and protocols are planned, conception errors may occur<br />

which affect security. From a historical point of view, these errors are entirely<br />

comprehensible. For instance, the developers of the protocols used in the<br />

Internet surely did not expect, at the end of the sixties, that these protocols<br />

would one day become the basis for a world-wide computer network that is<br />

extremely important commercially.<br />

Examples of conception errors include the open transmission of data in the<br />

Internet, making it possible to read and alter data (such as passwords) or send<br />

packets using the Internet address assigned to another computer. A special<br />

case of this is what is known as the FTP bounce attack which exploits the fact<br />

that the link used for data transmission with an FTP protocol can be<br />

established with any computer. In serious cases, it is even possible to<br />

overcome firewalls in this way using dynamic packet filters (see CERT<br />

advisory 97-27). <strong>The</strong>re are most certainly further errors in the Internet<br />

protocols which will be published in the future.<br />

Another example of a conception error is the so-called DNS spoofing (see also<br />

G 5.78 DNS spoofing). <strong>The</strong> Domain Name System is the central information<br />

service in the Internet, which makes it possible to transcribes the easilyremembered<br />

computer names such as www.amazon.com into the<br />

corresponding Internet address. DNS spoofing involves a perpetrator<br />

attempting to assign the wrong computer to a computer name so that users<br />

seeking information are misdirected.<br />

Another example of a conception error is that it is possible to send large<br />

numbers of advertising E-mails anonymously (mail spamming). This is often<br />

done by using other mail severs as so-called remailers, so that any<br />

counteraction from the recipient comes to nothing. <strong>The</strong>se attacks are<br />

obviously due to the lack of opportunities for authentication currently offered<br />

by the Internet.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!