Auditing and Logging Vulnerabilities
From Guidance Share
(Difference between revisions)
| Revision as of 02:00, 30 October 2006 (edit) Admin (Talk | contribs) ← Previous diff |
Revision as of 02:01, 30 October 2006 (edit) Admin (Talk | contribs) Next diff → |
||
| Line 1: | Line 1: | ||
| == Description == | == Description == | ||
| - | Based on user identity and role membership, authorization to a particular resource or service is either allowed or denied. | + | Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction. |
| - | + | ||
| + | == Impact == | ||
| + | * User Denies Performing an Operation | ||
| + | * Attackers Exploit an Application Without Leaving a Trace | ||
| + | * Attackers Cover Their Tracks | ||
| + | |||
| == Vulnerabilities == | == Vulnerabilities == | ||
| - | * Poor authorization control | + | * Anonymous access enabled |
| - | * Poor or predictable session identifiers | + | |
| == Attacks == | == Attacks == | ||
| - | * Forceful Browsing | + | * Repudiation Attack |
| - | * Session Hijacking | + | |
| == Countermeasures == | == Countermeasures == | ||
| - | Countermeasures to prevent Authorization attacks include: | + | Countermeasures to prevent Auditing and Logging attacks include: |
| - | * Every object needs to have an authorization control that authorizes access based on the identity of the authenticated principle requesting access | + | * Disable anonymous access and authenticate every principle |
| - | * Use strong random numbers for session identifiers (e.g., GUIDs) | + | |
Revision as of 02:01, 30 October 2006
Contents |
Description
Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.
Impact
- User Denies Performing an Operation
- Attackers Exploit an Application Without Leaving a Trace
- Attackers Cover Their Tracks
Vulnerabilities
- Anonymous access enabled
Attacks
- Repudiation Attack
Countermeasures
Countermeasures to prevent Auditing and Logging attacks include:
- Disable anonymous access and authenticate every principle
