Perimeter

Perimeter attacks involve using exploit code to take advantage of weaknesses detected in perimeter devices to take control of them or leverage some level of access into greater access. The list of known security holes in windows based systems is quite large and constantly growing. This puts the defenders in a position of needed to constantly apply security updates or patches and this can become a race between attackers trying to penetrate a system before the defenders can get it patched once a new update/patch is announced by the vendor.

perimeter attacks

perimeter attacks

  • Open Holes – if the attacker can find ports, protocols and services that are available for access without sufficient authorization, they may be able to walk in a open door without needed to “break in” or use any special exploit code.
  • Exploits – exploit code takes advantage of weaknesses that have identified in the perimeter devices they are attacking. The weaknesses may or may not have been publicly identified and may or may not have a patch or update available to close the hole. “Zero Day” exploits are code attacking a weakness that has not been publicly identified and usually has no commonly available defense or patch.
  • Exploitation Frameworks – packages that combine exploit code with delivery systems and payloads in a way that maximizes ease of use and create a virtual “point and click” attack environment (see Metasploit)

DEFENSES:
configuration management
patch management (SI-2 Flaw Remediation)

Leave a Reply

You must be logged in to post a comment.