Server-side attacks are the attacks launched directly by the attacker to a listening service. So, servers should be deployed in a DMZ zone. Direct access should be blocked to server ports from an untrusted network.
Similarly, Denial of Service (DoS) attack, operating system vulnerabilities, pending patch, & updates are the other vulnerabilities on the server side.
Vulnerabilities in database management systems include these:
1- LDAP Injection: This is a technique takes advantage of non-validated input vulnerability. So, an attacker may access the database using LDAP filter.
2- Database connectivity attack: This attack is focused on exploiting the data connectivity between the application and its database. Database connection requires a connection string to initiate a connection to the database. Data connectivity attack includes:
- Connection String Injection
- Connection String Parameters Pollution (CSPP)
- Connection Pool DoS
3- Excessive retention of sensitive data: Keeping sensitive data longer than necessary increases the impact of a security breach.
4- SQL Injection: This attack is indeed the injection of malicious SQL queries. These vulnerabilities can be detected by using application vulnerability scanners. Attacker extracts the valuable information from its database using SQL injection. Using SQL queries, attacker interrupts the process, manipulates the database, and executes the commands and so on.
5- Command Injection: It can be done by any of the following methods:
- Shell Injection
- File Injection
- HTML Embedding
6- Aggregation of personally identifiable information: It is a potentially risky undertaking that can result in an organization possessing sensitive personal information. Sometimes, this happens when an organization deposits historic data from various sources into a data warehouse. It can is a gold mine or a time bomb.
7- Loose access permissions: Database management systems have schemes of access controls that are usually designed far too loosely. Another aspect of loose access permissions is an excessive number of persons with privileged access that this is actually like a time bomb.
Cryptographic systems are apt to contain vulnerabilities. Like any powerful tool, if the operator doesn’t know how to use it, it can be useless at best and dangerous at its worst.
The ways in which a cryptographic system may be vulnerable include these:
- Use of outdated algorithm: Developers and engineers must be careful to select encryption algorithms that are robust.
- Failure to encrypt encryption keys
- Weak cryptographic keys
- Insufficient protection of cryptographic keys: If too many people have access to keys, or if the keys are not sufficiently protected, an intruder may be able to compromise the system simply by stealing and using the keys.
Cryptography attacks are intended to recover the encryption key. Once an attacker has the encryption key, he can decrypt all messages. The process of finding vulnerabilities in code, an encryption algorithm, or key management scheme is called Cryptanalysis.
1- Known Plaintext Attack: It is a cryptographic attack type where a cryptanalyst has access to plaintext and the corresponding ciphertext and seeks to discover a correlation between them.
2- Chosen Cipher-text Attack: It is a cryptographic attack type where a cryptanalyst chooses a ciphertext and attempts to find the corresponding plaintext.
3– Cipher-text Only Attack: this, is a cryptographic attack type where a cryptanalyst has access to only a ciphertext . So, attacker attempts to extract the plain text or key by recovering plain text messages as much as possible to guess the key.
4- Chosen Plaintext Attack: This attack is a cryptographic attack type where a cryptanalyst can encrypt a plaintext of his choosing and observe the resulting ciphertext. It is the most common attack against asymmetric cryptography. Attacker can expose sensitive information.
5- Adaptive Chosen Cipher-text Attack: This is an interactive type of chosen plaintext attack where an attacker sends some ciphertexts to be decrypted and observe the results of decryption.
6- Adaptive Chosen Plaintext Attack: This is a form of Chosen plaintext cryptographic attack where the cryptanalyst issues a series of interactive queries.
7- Code Breaking Methodologies: It includes several tricks and techniques, which are helpful to break encryption and expose the information in it (like cryptographic keys and message). The following are some effective techniques and methodologies:
- Brute Force
- Frequency Analysis
- One-Time Pad
8- Rubber Hose Attack: It is a technique of gaining information about cryptographic secrets (like passwords, keys, and encrypted files) by torturing a person.
Industrial Control Systems (ICS)
ICS is a general term that incorporates several types of control systems used in industrial production. The most common is Supervisory Control and Data Acquisition (SCADA). SCADA is a system working with coded signals over communication channels to provide control of remote equipment.
Disable unnecessary ports & services such as
- FTP & TFTP
- Dual-Homed Computer/Dual Network Interface Cards (NIC)
- Firewall between Corporate Network and Control Network
- Firewall and Router between Corporate Network and Control Network
- Firewall with DMZ between Corporate Network and Control Network
- Paired Firewalls between Corporate Network and Control Network
- Enforce Encryption where applicable
- Enforce patch management
- Risk management application to ICS
- Implementation of least privileges policy
- Redundancy & Fault Tolerance
Rread more about vulnerability assessment here.