User Authentication: Know who you're letting in

TYPES OF BREAK-INS

Break-ins can be classified based on where in the process the break occurs. In the brute force method the attacker has no special access to the network. In recreation or forgery, the attacker does not have special access to the network, but is able to recreate the authentication information from independent sources. When the data is taken directly from the client it is known as capture and when attackers takes the information as it flows between the user the and website, it is known as interception. When the server has been compromised a total break-in occurs.

Brute Force: The attacker goes through a high volume of authentication attempts in the hope that a few will succeed. The attacker needs no special access to the network and communicates directly with the server.

Recreation or Forgery: In this method, the attacker is trying to gain access by intelligently arriving at the login inputs. Like with brute force, the attacker needs no special access to the network and communicates directly with the server. He recreates the authentication information from independent sources. Login names based on email addresses or phone numbers can be easily recreated by querying publicly available phonebooks, alumni directories or member lists. There are 2 types of forgeries – selective forgery, where particular user can be selected and general forgery where the attacker can gain entry into the system, but cannot choose which user’s account he’s able to break into.

Capture:  The attacker captures the authentication requirements from the client. Eavesdropping and keystroke monitoring (key logging) are some ways in which the verification information can be captured. Some Trojans capture information submitted to certain web sites. Phishing, pharming and spoofing are techniques where the user is unwittingly made to supply the attacker with the login information. The attacker needs to intrude into the cardholder’s environment, either by sending an email into his account, installing malicious software on his computer or leading him to a fake website. In all of these, attacker takes the information directly from the user and replays it to the server.

Interception: Here the attacker stands between the client and server. He can see and modify the traffic between the user and the website. Network monitoring (sniffing) or man-in-the-middle can lead to interception. With man-in-the-middle attacks, a computer acts as an interface between the client and the server that handles authentication. The computer in the middle accepts the client's password as if it were the server and logs in to the server using the client's identity. Server access is granted to the "man in the middle". In interception, like with capture, the attacker replays the stolen information to the server.

Total Break: A total break occurs when the authentication process can be bypassed to gain access to the data or system. Sequential ID numbers and urls that can easily be recreated often lead to total break-ins. A total break also occurs if the secret key used to create authenticators is compromised. This allows the attacker to construct valid authenticators for any user at any time. In a total break, the attacker does not interact with the user, but interacts directly with the server.

<previous
next>