Software companies often conduct penetration attacks to figure out any hidden security vulnerabilities in software applications. Penetrations attacks are setup by hiring hire a group of experts, known as tiger teams or penetration teams, and let them break-in a software system. Hebbard et al. (1980) tried the same thing with graduate students. In the years, these penetration teams have discovered several areas in which systems are likely to be weak.
Our computer security experts do get asked what common types of cyber attacks that are often successful are. Below are listed most common cyber attacks. When designing a system, make sure it can withstand attacks like the following:
Some Common Attacks
1- Request memory pages, disk space, or tapes and just read them. Many systems do not erase them before allocating them, and they may be full of exciting information written by the previous owner.
2- Try illegal system calls, or legal system calls with illegal parameters, or even legal system calls with standard but unreasonable parameters. Many systems can easily be confused.
3- Start logging in and then hit DEL, RUBOUT, or BREAK halfway through the login sequence. In some systems, the password checking program will get killed, and the login considered successful.
4- Try modifying complex operating system structures which exist in userspace. The program builds a large data structure containing the file name and many other parameters and passes it to the system. As the file is read and written, the system sometimes updates the design itself. Changing these fields can wreak havoc with the security.
5- Spoof the user by writing a program that types “login:” on the screen and go away. Many users will walk up to the terminal and willingly tell it their login name and password, which the program carefully records for its evil master.