Raising Security Awareness, One Security Term at a Time
The Identifier Systems Security Stability and Resiliency Team (IS-SSR) is committed to raising security awareness among ICANN community members. Team members post regularly to the ICANN blog in a series we call Raising Security Awareness, One Security Term at a Time. To help you find these among the many posts at ICANN blog.
What Is a DNS Covert Channel? (8 December 2016)
In the first part of our covert channel series, I explained that a covert channel is an evasion or attack technique used to transfer information in a secretive and typically unauthorized or illicit manner. I also explained how one could create a covert channel using the Internet Protocol (IP) or the Internet Control Message Protocol (ICMP).In this part, I will explain why the Domain Name System (DNS) is also an attractive protocol for covert channels, and illustrate how the DNS could be used to create a covert download channel. More…
What Is an Internet Covert Channel? (29 August 2016)
A covert channel is an evasion or attack technique that is used to transfer information in a secretive, unauthorized or illicit manner. A covert channel can be used to extract information from or implant information into an organization. An Internet covert channel is the digital equivalent of a briefcase with a secret compartment that a spy might use to slip sensitive documents past security guards into or out of a secure facility. An attacker can use Internet covert channels to transmit sensitive documents unobserved – in this case, bypassing network security measures rather than bypassing security guards. More…
Metadata Collection And Controversy (27 June 2016)
In What Are Metadata?, I explained that metadata are data that describe or provide information about other data such as social media discussions, email exchanges or online transactions. Now that we have a common appreciation for what metadata are, let's consider how activities that involve metadata collection on a large scale can be sources of controversy. More…
Part I: What Are Metadata? (11 May 2016)
The concept of metadata is both simple and complicated. We readily understand what dataare: they are the information that we communicate, process or consume in our ever-growing digitized society. But what are metadata? More…
What is Privilege Escalation? (18 February 2016)
What is Privilege Escalation?Parties engaged in cyber attacks are motivated to defeat authorization policies to gain access to sensitive business data, to defraud a merchant of goods or to steal money. These attackers often look for vulnerabilities that they can exploit to gain control over a computer system or application. Through such initial exploit paths, an attacker obtains access privileges. Next, the attacker will probe the system she's compromised to gain more privileges than what she initially gained. When an attacker expands her initial unauthorized access in this manner, we call the her efforts a privilege escalation attack. More…
Access Controls, User Permissions and Privileges (19 January 2016)
In my last post, What is Authorization and Access Control, I explained that we use authentication to verify identity – to prove you are who you claim to be – and also to enable an authorization policy, to define what your identity is allowed to "see and do". We then implement these authorization policies using security measures to grant or deny access to resources we want to control or protect.
The measures we use to implement authorization policies are called user access controls, user permissions or user privileges. More…
What is Authorization and Access Control? (02 December 2015)
You are probably familiar with the concept of authentication, the way that security systems challenge you to prove you are the customer, user, or employee whom you claim to be, using a password, token, or other form of credential. You may be less familiar with the concept of authorization, and the related term, access control.
Authentication verifies your identity and authentication enables authorization. An authorization policy dictates what your identity is allowed to do. More…
What is a Man in the Middle Attack? (02 November 2015)
Many years ago, your local telephone service may have been shared among you and many of your neighbors in what was called a party line. With a party line, any party on the shared circuit could listen in on, join in (welcomed or not), or disrupt any conversation. Ethernet and WiFi share this characteristic, and it's an important reason why everyone is encouraged to use encryption is to prevent the forms of eavesdropping common to shared media or party lines.
Eavesdropping is one of several kinds of attacks we call man in the middle attacks. Each man in the middle or MITM attacks involves an attacker (or a device) that can intercept or alter communications between two parties who typically are unaware that the attacker is present in their communications or transactions. Let's look at two examples of Internet MITM attacks. More…
Is This a Hack or an Attack? (15 September 2015)
Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes.
Some are described as acts of hacktivism. In an effort to characterize certain attacks as the most sophisticated ever, one enthusiastic Wikipedia contributor uses the phrase advanced targeted computer hacking attack. However, the reality is that a cyber attack doesn't necessarily involve hacking, and a great many hacks have nothing to do with attacks. More…
Threats, Vulnerabilities and Exploits – oh my! (10 August 2015)
Some of the most commonly used security are misunderstood or used as if they were synonymous. Certain of these security terms are so closely related that it's worth examining these together. Today, we'll look at several related terms – threat, vulnerability, and exploit – and learn how security professionals use these to assess or determine risk. More…
What is Two-Factor Authentication? (13 July 2015)
Passwords have proven time and again to be vulnerable to attacks. They can be guessed, stolen, intercepted or even traded away for candy bars. Entire databases of passwords have been breached, and such breaches are occurring altogether too frequently.
What if that stolen password wasn't the only "factor" an attacker needed to access your account? Suppose he needed something else? This is the principle behind multi-factor authentication: In addition to knowing a password, you must use something else to demonstrate that you are who you claim to be - and not someone who's stolen a password. More…
What is social engineering? (15 June 2015)
Social engineering is an attempt to influence or persuade an individual to take an action. Some social engineering has beneficial purposes; for example, a company may distribute a healthcare newsletter with information intended to influence you to get a flu shot.
But social engineering is commonly used by criminals to cause the recipient of an email, text, or phone call to share information (such as your online banking username and password, or personal identifying information such as your social security or passport number) or take an action that will benefit the criminal, not the individual. More…