Back doors allow unauthorized access to a remote system thru an entrance in the system of which the user is typically not aware. It allows an attacker to bypass access controls and gain unauthorized access and possible even take remote control of a system. Once the back door in installed the attacker can steal or damage information or implement other tools for further escalation of the attack.
Back doors can be created and planted by an attacker, via a Trojan Horse for example, but are too often already built in the target system’s operating system or applications. Attackers often find ways to exploits existing bugs and holes in target system that allow them to gain unauthorized access. These holes are usually the cause of non-optimal programming but sometimes can be built in systems intentionally for various reasons ranging from allowing access for government agencies, financial gain, and other unethical or illegal reasons.
NetBUS , BackOrrifice , and Master’s Paradise are some of the most notorious utilities that create a back door on a target system. Once an attacker gains access to a target system running one of these tools, he could do almost anything on the remote target, from deleting files to listening to microphone input. Besides the back doors planted by attackers, an administrator or user can install an intentional back door on a system to be able to remotely administer it. VNC (Virtual Network Computing) is a common example; others are PC Anywhere, and Remote Desktop in Windows XP/2003. If you use any of these, make sure you use strong authentication and if possible, only use encrypted connections such as VPNs.
The best protection against back doors are the today’s popular anti-spy and adware utilities and keeping operating systems and applications up to date with patches and service packs, as new holes are discovered frequently. Many of the existing back door utilities use known TCP and UDP ports that should be blocked on a local or network firewall in addition to disabling unused services and protocols.
During a Man-in-the-middle attack, the attacker places himself between two communicating network devices in an attempt to intercept and possibly alter network traffic. To be able to do this, the attacker first needs to connect to the network by tapping into an existing line or jacket. Obviously wireless networks are particularly susceptible to Man-in-the-middle attacks as it is relatively easy to connect to a target network. Once the attacker is connected, he will try to fool both sides of the communication. For example, if Alice is communicating with Bob, and the attacker, Charlie, performs a successful MITM attack, Alice will think she is receiving information from Bob and/or vice versa, while it is actually coming via Charlie who is acting as a proxy for both sides and who may have altered the information. In reality ‘Bob’ is typically a server, which means Charlie would fool Alice into thinking that he is the server. Encrypting the communication between two network devices is not always sufficient to prevent Man-in-the-middle attacks. If the attacker intercepts the key used for the encryption process at the start of the communication, or previously, he can decrypt the information he receives from one side, read and/or alter it, and encrypt it again to pass it on as if nothing happened to it.
Several technologies are available that can reduce the risk of becoming a victim of a man-in-the-middle attack. The main goal is to set up strong mutual authentication and create a secure communication channel between two systems. Ideally this means implementing a Public Key Infrastructure (PKI) with digital signatures to authenticate both sides and establish a trust relationship through a central Certificate Authority (CA), and using a protocol such as SSL or IPSec to create a tunnel. To execute a man-in-the-middle attack, the attacker would need a valid certificate from a CA trusted by one of the victims. This is not impossible if the attacker can gain unauthorized access to the CA or successfully masquerade himself as the victim and request a legitimate certificate based on a false identity.
If the attacker is able to become the ‘Man-in-the-middle’, he can escalate the attack by hijacking the session. This allows an attacker to take over an established session between typically a client and a server. The attacker first needs to impersonate the legitimate client and then disconnect the legitimate client. Imagine an administrator using a Telnet session to remotely manage a server whose session is hijacked by a malicious individual. The attacker would not be required to provide any authentication information as the administrator was already logged on when the session was hijacked. Obviously this poses a serious threat.
The most common type of session hijacking is TCP/IP Hijacking. TCP uses sequence numbers to synchronize the session between two network nodes. The number increases with every packet and ensures they are processed in the correct order when received by the target node. To perform a successful TCP/IP hijacking attack and inject malicious data, the attacker must predict these sequence numbers and prevent the original client from sending packets that increase the sequence number.
The attacker can disconnect the client’s established and possibly already authenticated session to the server and attempt to take the client’s place by spoofing the legitimate client’s address. By sending forged ARP information to the server, containing the MAC address of the attacker’s system mapped to the IP address of the original client’s system, or by using ICMP Redirect message in an attempt to change the server’s local routing table, the attacker can reroute and receive the information from the server. Juggernaut and Hunt are two notorious tools that can assist an attacker in performing a TCP/IP hijacking attack.
Especially Telnet, FTP, DNS and other unencrypted protocols are susceptible to TCP/IP hijacking attacks. Implementing encrypted transport protocols such as SSH, SSL, and IPSec can reduce the risk to a great extent. Such encryption protocols use dynamically generated session keys to provide a secure communication channel, which are hard to discover or steal. Even if the attacker would be able to get hold of the session keys, additionally security measures such as digital signatures can provide strong protection against hijacking attacks.
A replay attack refers to an attacker capturing data from the network with a sniffer and retransmitting it for malicious purposes. For example, the attacker could capture authentication data of a user logging on to the network and reuse the data later to log on by using the same credentials and impersonate the user. In addition to usernames and passwords, the attacker will try to capture digital signatures and keys and other valuable information that can be ‘replayed’ on the network later.
CHAP provides a typical example of protection against replay attacks. As I mentioned in chapter 2. Authentication, CHAP does not transmit the actual password over the network, but instead a hash value based on the username/password combination and a random number. Because the random number is thrown into the algorithm’s equation, the resulting message digest (hash value) is random as well. Even if an attacker would intercept the client’s response to the server’s challenge, he won’t be able to ‘replay’ it because the server will expect a different response to another challenge to authenticate the same user.
Other authentication protocols and systems can provide more advanced, but similar protection against replay attacks. The random number can be a timestamp instead or dynamically generated session keys (IPSec), or a combination of these, to ensure that captured network traffic cannot be reused. As always, this doesn’t mean the possibility of a replay attack is entirely eliminated because random numbers and sequence numbers can be predicted or guessed.
A mathematical attack refers to breaking the encryption by intercepting large quantities of encrypted information and using mathematical and statistical analysis to find the common factor (i.e. the key) or a hole in the encryption algorithm (a backdoor). A known example is cracking WEP by using a publicly available utility such as aircrack. When sufficient packets are ‘sniffed’ from the network, it often takes only a matter of minutes to find the key. The more complex the crypto system that must be cracked and the larger the key, the more processing power is required as it is the computer that does most of the work in a mathematical attack. Mathematical attacks often involve weak keys and the birthday paradox described in the following two paragraphs.
Decrypting information without having a valid key is usually a difficult task that requires a lot processing power and time. Some algorithms however, contain weak keys amongst their possible keys (key space), that can provide a shortcut for an attacker to decrypt the information. Weak keys are not necessarily small keys. Whether a 2048-bit key is actually stronger than a 128-bit key depends also on the quality of the algorithm, the encryption type, and the complexity of the key. Even some of the most widely used and known encryption algorithms have a set of weak keys. DES for example, has several known weak keys that allow an attacker to decrypt the information simply by encrypting it again. RC4 uses a format of which a portion is easily predictable which makes the entire key weak. Similar to weak passwords such as 'abcde' and '12345', encryption algorithms that allow simple keys such as '000000111111' or ‘000000000000’ may be easily cracked, depending on the algorithm in use. What’s a weak key, or weak key format, for one algorithm, isn’t necessarily a weak key for another algorithm. However, the format of the key is not directly the problem; it’s the resulting encrypted output that makes the key weak and predictable and therefore easier to decipher.
Some key generating systems have built-in black lists with known weak keys so they can be excluded from usage. To protect against weak key attacks, only the best encryption algorithms with the least amount of weak keys should be used that. For most algorithms, weak keys are rare, very rare. However, what is considered a strong key today can be a weak key tomorrow.
The birthday attack owes its name to the principal that denotes that if you have 23 people in a room chances are more than even there are two persons with the same birthday. An attacker can use the same statistical approach to attack an encryption algorithm – hashing algorithms in particular. For example, the attacker captures hashed passwords from the network media and uses brute force to try out different text strings using the same hashing algorithm, hoping that he will end up with a matching pair of hash values, referred to as a collision. According to the birthday paradox, this will happen a lot sooner than one might expect.
In case of birthdays, there are only 366 different values. Fortunately, a hashing algorithm can produce a much larger number of different message digests, but still a limited number that is always less than the endless number of possible different messages. A birthday attack becomes even more feasible when the attacker is able to choose both messages. Imagine a scenario in which an attacker wants to attain digital signature on a piece of malicious software. The attacker could create a similar genuine piece of software in addition to the malicious software and create slightly different versions of both, until he ends up with a pair that would result in an identical message digest (hash value). The attacker would be able to receive a digital signature for the genuine software, making it trustworthy, and instead distribute the malicious software accompanied with the digital signature. When a user downloads the malicious software and computes the message digest to check if the software is genuine, it will match.
Obviously, the bit size of the resulting message digest plays a vital role in deterring a birthday attack. The larger the message digest, the more possibilities, hence the longer it takes an attacker to find two identical digests.
As mentioned in the Authentication TechNotes, password authentication is the most common, but also the weakest authentication method. When an attacker gets hold of a legitimate username and password, he will not need a lot of skills to ‘hack’ into the system. The following paragraphs describe some of the most common vulnerabilities of username and password authentication and the actions you can take to mitigate the risks.
Password guessing is probably the most common attack related to authentication. Whether the attacker manually tries different usernames and password at a console or thru a remote connection, or uses password guessing utilities to automate the process, it usually requires a little amount of skills.
Dictionary attacks – an attacker can connect a dictionary to a password guessing utility to automatically try actual words as passwords until it successfully logs on to the system.
Brute-force attacks – instead of using a dictionary with actual words, the attacker can use a password generator to try out every possible combination of characters until the valid password is discovered. A password generating utility is often combined with a dictionary, which is known as a hybrid password attack, to suggest passwords based on common password formats. For example, by combining actual English words or names with common strings as in “london123”, or “Joe007”.
Trojan Horses – can be used by an attacker to install a key logger or fake login interface that captures the user credentials while the user is typing them. The malicious utility will typically use IRC or email to send the captured results to the attacker.
Shoulder surfing – Another attack that presents a vulnerability to the use of passwords for authentication is shoulder surfing. This refers to a malicious individual, your trusty co-worker or a visiting client for example, looking over your shoulder to see what password you are typing on your keyboard so he can make a mental note of it and use it at later time to gain access and perform malicious deeds that will be blamed on you.
To reduce the risk of becoming a victim of one of the former attacks, every system should enforce a password policy, preferably coded into the authentication system in addition to being written on paper. Following are some of the common policy for password authentication systems.
Users must be required to use strong and complex passwords that include different type of characters and do not include actual words. A good example of a strong password is 8BsI$S#95i. But keep in mind that it needs to be possible for a human being to remember the password without feeling the need to write it down. The recommended minimum password length is 8 characters. Do not use dictionary or other easy guessable words such as names, 'matrix' or 'qwerty'. When a person or password checker tries to guess the password, it will typically start with common words. Additionally, a password should never be derived of the corresponding username.
As a password ages, chances of it getting disclosed will increase. When a password is discovered by an attacker but the user is unaware of it, it may be exploited for a long time without anyone but the attacker knowing that the system has been compromised. Therefore, a maximum password age must be set to enforce users to change their password on a regular basis. When a user must change the password, he should not be allowed to reuse a previous password, thus the authentication system needs to keep a password history for every user.
Another important policy setting every authentication system should support is a limiting the maximum number of login attempts. I.e. when someone tries to logon to the same user account and enters and incorrect passwords more than 3 times in a row, the account should be locked. The account should be locked for a certain amount of time, or until an administrator unlocks it. This obviously makes it much more difficult for an attacker to use dictionary and brute force attacks to guess the password.
A password should always be encrypted, whether it is stored on the local client, a remote authentication server, or transmitted over the network. A good authentication system does not send password over the network medium to prevent eavesdropping and replay attacks. Instead, it should use a challenge/response system.
Last but not least, users should be educated so they become aware of the threats and risks associated with password authentication. Passwords should be kept private and stored securely and should not be written down. It is also important to learn users to recognize a social engineering attack, in which an attacker tries to steal a password from a user by non-technical means.
Although most software manufacturers aim to create a perfectly working and 100% secure product, there is no such thing. Eventually somebody will find a way to exploit a feature for other purposes than for which it originally was designed. The term software exploitation refers to misuse of usually known bugs and holes in software. This can be anything from crashing an application by sending malformed input, to gaining unauthorized access to a web application by changing the information in an URL or cookie.
A notorious example is the web server folder traversal vulnerability in IIS 4.0 and 5.0. Due to a parsing bug, a specially crafted URL containing dot-dot-slash (../) directory traversal sequences allows an attacker to access files and folders anywhere on the logical drive that contains the website. IIS requests are processed under the security context of the IUSR_COMPUTERNAME account. Within the web folders, located at c:\inetpub\wwwroot\ by default, this account has limited privileges. However, it is also a member of the Everyone group. So the resultant set of privileges on all other directories on that logical drive is read and execute by default. Obviously it can have serious implications when the attacker is able to execute system programs and read information that is not part of the website.
The best remedy to reduce the risk of software exploitation is keeping software up to date by installing the necessary patches, updates, hot fixes and service packs, also known as hardening. However, there may not always be a fix available. Some exploits are possible through features inherit to the system and can be prevented only by not using that particular product or feature. And there are plenty of software developers that care more about money than security. Another means to defend against software exploitation are Intrusion Detection Systems. The better IDSs are able to detect and possibly stop an attack in which the attacker uses a known software exploit.