CIA,Bot nets and other client side attacks.

CIA and Client Side Attacks

The first line of defense is user awareness and education. A client's account should be set to only the level of access required to perform their job without any problems. This is why Confidentiality, Integrity and Availability are key in the digital world. A client should protect all their sensitive information for unauthorized access. Protecting confidentiality hinges upon defining and enforcing appropriate access levels for information. This is the “need to know” theory. Integrity represents data integrity. How accurate is the data being used? Has it been changed or manipulated by unauthorized parties and if it has had changed made can the changes be undone? This leads to the next, Availability. Systems, access channels, and authentication mechanisms must all be working properly for the information they provide and protect to be available when needed. Even with awareness education and strict polices in place there can still be network attacks.

Client Side attacks are the most common and easiest way for malicious threats to enter a network. A user will click a link that looks harmless or download and open an email with an affect attachment. A client can even visit a seemingly harmless website which will inject malicious data, root kits virus's, bot nets, etc. without the client knowing. Web plug ins, Java, Adobe, ActiveX, Flash and many media are common targets for malicious data injection and other attacks. The lack of firewall protection from the “inside-out” is a way threats can enter the network also. This happens when malicious code passes thru the firewall undetected, the code is launched inside the network and then is free to infect the entire network. Technical methods include code injecting, cross-site scripting XSS, phishing scams, email attachments and social networking. Two primary client side attacks include emailing malicious content which can cause the client to host the malicious content without users knowledge.

Bot-nets is another client side attack where computers are infected with a malicious application called a bot and is now a 'zombie'. The hidden code enable a person “bot herder” to control the bot. Bot-nets are groups of zombie computers being remotely controlled by the bot herder. A bot herder, also referred to as a bot master, can be one person or a group of people. Their primary goal is make certain the the bot net stays intact. The herder sends out malicious  code to the C2C servers (what a user assumes is the DNS server) which in turn infects client computers, thus a zombie computer and a group of zombie computers is a bot-net. Bots can be used to recover sensitive information, bank account information, user names and passwords, record keystrokes and send spam emails. This is also a popular way to launch a DoS attack and to poison search results which spreads the infection. One way to detect bots is by viewing packets which contain an executable in a text editor. There are some common bot net entries to look for. “Load Library” is a common reference by bots and malicious code. The string “Kernel32.dll” could mean a bot is attempting to alter a kernel.

Bot-nets are difficult to detect because malicious, packed an sometimes encrypted bot net code passes unfiltered through the firewall to the zombie computer on the internal network.