Firewall
250
8.1
Threat analysis
BAT54-Rail/F..
Release
7.54
06/08
D Destroy data on the workstations of the LAN.
D Paralyze workstations of the LAN or the connection to the Internet.
Note: We restrict ourselves in this section to the attacks of local networks
(LAN) resp. to workstations and servers in such LANs.
8.1.2 The ways of the perpetrators
In order to undertake their objectives, the perpetrators need at first a way to
access your PCs and data. In principle, the following ways are open as long
as they are neither blocked nor protected:
D Via the central Internet connection, e. g. via routers.
D Via decentral connections to the Internet, e. g. modems of single PCs or
mobile phones on notebooks.
D Via wireless networks operating as a supplement to wired networks.
Note: In this chapter we only deal with the ways via the central Internet con-
nection, via the router.
Note: For hints on the protection of wireless networks, please refer to the re-
spective chapters of this user manual configuration resp. of the appropri-
ate device documentation.
8.1.3 The methods
Normally strangers have of course no access to your local area network or to
the workstations belonging to it. Without the appropriate access data or pass-
words nobody can thus access the protected area. If spying out of these ac-
cess data is not possible, the attackers will try another way to achieve their
goals.
A fundamental starting point is to smuggle data on one of the allowed ways
for data exchange into the network, which opens from the inside the access
for the attacker. Small programs can be transferred on a computer by appen-
dices in e-mails or active contents on web pages, e.g., in order to lead after-
wards to a crash. The program uses the crash to install a new administrator
on the computer, which can then be used from distance for further actions in
the LAN.
If the access via e-mail or www is not possible, the attacker can also look out
for certain services of servers in the LAN, which are useful for his purposes.
Because services of the servers are identified over certain ports of the TCP/
IP protocol, the search for open ports is also called “port scanning”. On the
occasion, the attacker starts an inquiry for particular services with a certain
program, either generally from the Internet, or, only on certain networks and
unprotected workstations, which in turn will give the according answer.
To Next Page
Loading...
Need help?
General
