Computer Network Defenders are the cyber security guards standing watch, ready to repel the barbarians (hackers) at the gate (way). Information Technology (IT) cyber warriors team together using network security tools, security knowledge, and experience to detect, thwart, and recover from hackers, cybercriminals, and network villains. Before engaging in virtual mortal combat with this unseen enemy, we must study and learn their threatening attack methods and sharpen our skills in network security sandboxes (training labs). Learning and, training, and exposure to a wide range of malicious malware, software, and hardware attacks will better prepare us to defend the organization and do our jobs more effectively.
Our enemy is intelligent and often patient. With many hacking tools and times, cybercriminals, like many intruders (barbarians), attempt to find the easiest or least obstructive ways to gain entry and wreak havoc inside the network. The attack methods chosen to identify security access vulnerabilities and get inside undetected are often instructive. For example, a buffer overflow allows the attacker to disrupt the network system or achieve network entry. A lousy input data attack targets an organization application to gain unauthorized access or, at worse, crash the application.
A buffer overflow attack can be described as a trip to the gas station. Say your vehicle has an 18-gallon gas tank, but when you fill it up, it stops at 18 gallons (on the nose). However, you give the gas handle some extra squeeze to eliminate more gas. Attackers write code that takes advantage of that extra squeeze and writes code to fill the memory buffer beyond the 18-gallon limit and include malicious instructions.
Buffer overflow is a technical attack by any means; because the cyber-criminal needs to know how computer variables work, such as network design, architecture, and computer memory. Also, skillful attackers are knowledgeable about computer languages. The attacker uses their programming code to target specific hardware, operating systems, network variables, or protocols. “Susceptibility to a buffer overflow attack is entirely contingent on software flaws.” (Easttom, W. C) A perfect coded program is a unicorn; virtually impossible, and with that flawed concept, attackers use buffer overflow for practical malicious intent.
Software programmers must be more conscious about writing security into the software without compromising usability. Also, applications need to be “put through the paces” or tested hard to the point of breaking the application. Because attackers rely on these security measures to occur also, software companies should try to catch these shortfalls before release; We should not use customers and students as field beta testers for software pushed out the door to meet business timelines. Security before practicality is the way to operate.
Another attack similar to the buffer overflow is the bad input data attack. Cyber-criminals attack software applications by feeding unexpected “bad data inputs.” These wrong inputs usually include but are not limited to, special characters like the percent sign or question mark. Also, strange dollar values are thrown along with random character strings. Unfortunately, IT professionals’ jobs become more challenging when applications connect to back-end databases. This connection may expose threats to external users of data injections at log-in screens; there is an opportunity for a knowledgeable bad actor to do something malicious or simply bring the system to a halt. Compared to a buffer overflow, this attack is just as if not more effective. While both attacks lean on the technical side, it is challenging to stop insufficient input data. Many third-party applications constantly update to counter these probing and lethal input data attacks.
The most straightforward action against wrong data input and its malicious cousin SQL inject is to have software engineers and program developers rigidly test their applications. Also, have the application programming validate expected inputs, filter outlying characters and strings, and validate input parameters. Also, technicians should test form fields and URL parameters. Create a whitelist for server validation and use an API known for security validation.
Defenders should check out this site (unless you already have it): https://owasp.org/www-project-cheat-sheets/
Easttom, W. C., II. (2018). <i>Network defense and countermeasures: Principles and practices, 3/e</i> (3rd ed.). Pearson Education.