Auditing and Logging Vulnerabilities

From Guidance Share

(Difference between revisions)
Jump to: navigation, search
Revision as of 02:00, 30 October 2006 (edit)
Admin (Talk | contribs)

← Previous diff
Current revision (06:32, 6 August 2007) (edit)
GardenTender (Talk | contribs)

 
Line 1: Line 1:
== Description == == Description ==
-Based on user identity and role membership, authorization to a particular resource or service is either allowed or denied.+Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.
- + 
 + 
 +== Impact ==
 +* User Denies Performing an Operation
 +* Attackers Exploit an Application Without Leaving a Trace
 +* Attackers Cover Their Tracks
 + 
 + 
== Vulnerabilities == == Vulnerabilities ==
-* Poor authorization control+* Anonymous access enabled
-* Poor or predictable session identifiers+ 
== Attacks == == Attacks ==
-* Forceful Browsing+* Repudiation Attack
-* Session Hijacking+ 
== Countermeasures == == Countermeasures ==
-Countermeasures to prevent Authorization attacks include:+Countermeasures to prevent Auditing and Logging attacks include:
-* Every object needs to have an authorization control that authorizes access based on the identity of the authenticated principle requesting access+* Disable anonymous access and authenticate every principle
-* Use strong random numbers for session identifiers (e.g., GUIDs)+

Current revision

Contents

Description

Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.


Impact

  • User Denies Performing an Operation
  • Attackers Exploit an Application Without Leaving a Trace
  • Attackers Cover Their Tracks


Vulnerabilities

  • Anonymous access enabled


Attacks

  • Repudiation Attack


Countermeasures

Countermeasures to prevent Auditing and Logging attacks include:

  • Disable anonymous access and authenticate every principle
Personal tools