Attack Vectors in Computer Security
Who Am I @WillGoard My first proper hacksoc talk I speak fluent greek Sell more pizzas have more fun
Why attack vectors? Didn t know what to do for my dissertation Started looking at a few ideas Lack of information available was annoying Kept finding network reported as an attack vector and wanted to know what it meant
Vulnerability In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Attack vector An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Attack surface The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.
Attack Patterns In computer science, attack patterns are a group of rigorous methods for finding bugs or errors in code related to computer security. Attack patterns are often used for testing purposes and are very important for ensuring that potential vulnerabilities are prevented Attack patterns define a series of repeatable steps that can be applied to simulate an attack against the security of a system
Initial research Information regarding attack vectors is very dated No general consensus on how they should be reported Current websites in use for vulnerability reporting aren t easy to use
CVE
CWE
CAPEC
NVD
Example NVD Entry
NVD Attack Vectors Network: The vulnerability is remotely exploitable by a machine that is not part of the target machines network Adjacent network: The vulnerability requires the attacker to have access to the broadcast or collision domain in order to exploit it. Local: The vulnerability is only exploitable locally meaning the attacker needs to have physical access to the target machine or a local account on the machine
NVD Attack Vectors Purely used to calculate CVSS score No actual information provided about the attack vector Depending on the attack vector the CVSS score changes drastically
Now to tell you what I actually did Attack vector mitigations Better definitions for attack vectors
Attack vector mitigations Examined vulnerabilities and then looked at their attack vectors Mitigated the attack vector then retested the vulnerability No longer possible to exploit the vulnerability
Things to take away Mitigating attack vectors can help improve security Vulnerabilities are still there so should only be a temporary fix Properly defining the attack vector can lead to a better understanding of the vulnerability
Attack vector definitions SQL Injection Phishing Cross-site scripting Malware attacks Buffer overflows Weak authentication Known vulnerabilities
SQL Injection Actually an attack vector Pretty well defined Would be useful to identify where the injection takes place
Phishing Also an attack vector More data could be included: Type of phishing attack Means of attack What entity was being impersonated
Cross-Site scripting Definition provided was more applicable to the vulnerability Could include information about where the scripts are injected
Malware attacks Type of attack not the attack vector How was the malware infection accomplished
Buffer Overflows Vulnerability not an attack vector When defining the attack vector include: Application where the vulnerability is present What type of overflow is caused
Weak Authentication Also not an attack vector How was the weak authentication exploited
Known Vulnerabilities
Summary Attack vectors are not well defined Being more specific can provide a lot of useful information Easier to fix issues if exact point of attack is known
How can attack vectors improve security More accurate trends monitored Provides information to tester about what areas to focus on when testing Developers will know how certain features can impact security Training courses can be better targeted
Questions?