Transitive and Client-side Attacks – CompTIA Security+ SY0-401: 3.2

If the bad guys can’t attack a server directly, then they’ll try going through a trusted neighbor. In this video, you’ll learn how transitive attacks and attacks against the clients have become significant security concerns.

<< Previous Video: Insider ThreatsNext: Password Attacks >>

Transitive attacks are attacks that become very, very difficult to prevent. You have to spend a lot of time looking at configurations and making sure your systems in your network is not set up to allow something like this to occur. A transitive attack is where a machine A trusts machine B and machine B trusts machine C. Therefore, I can attack machine C and machine C will automatically be trusted by A.

Now this may not actually be something you want to occur. This may be something that’s occurring just because the series of trust that’s been set up. Maybe in reality you really did not want a trusting C, but because of this transitive nature of trust in operating systems it’s something that may be there already. So again, it’s something you really have to look for.

In network security, this is an ongoing concern. It used to be in older Unix systems, this was a normal part of the operating system. We would set up specific configurations in the operating system that allowed trust to many, many different computers. It skipped over step of having to authenticate every time we went to a server that was trusted.

But in those days, we didn’t have to worry so much about somebody taking over our machines and then gaining access to everything in our organization. These days, our systems are designed not to allow those trusts by default. In fact, these days it’s very, very common for a machine just not to trust anybody.

Our firewalls don’t trust anybody. Our computer operating systems don’t trust anybody. Our server operating systems don’t trust anybody. And in reality, with the type of security concerns we have today it’s probably a good idea to keep things running that way.

Firewalls are often used to help with this as well, especially if you have many different business partners connecting into your network. It’s very common, unfortunately, for people to set up a firewall and forget to block access to different business partners. These days, we lock them down pretty well.

Obviously, your firewall isn’t going to be able to block everything. So if you have business partners coming in in your organization, some people may set up completely different firewalls and completely different kinds of access to all of those. But ultimately, you’ve got a hole there so that your end users can access that business partner or the business partner can come into your organization.

And unfortunately, when you build a hole and build access into a firewall, you can have a lot more than just what you designed to come through that firewall hitting your network. So these transitive attacks are things you must keep in mind whenever you’re setting up connections between systems and between organizations. Of course, the bad guys have noticed that we’re putting firewalls, we’re hardening our servers, we’re making it very, very difficult for people to go directly to the source to get the type of access they want.

If a bad guy wants to get to a database, it’s very, very hard now to go to that database server. We put all kinds of security methods in place to prevent direct access to that database. So the bad guys have decided, well, if you’re going to protect the server, let’s go now and attack the client because the client is not going to be protected from the server. Your client has to talk to the server. Therefore, that’s a great place to go.

And if you can find an application that is badly programmed that will allow me access to that data in a way that perhaps you were not expecting then I now have access to everything in the database. And that becomes a huge concern. So our bad guys are now hitting those clients.

And we have so many different applications running on our computers. We’ve got browsers. We have media players. We have email applications. Each one of those may have vulnerabilities associated with them that would allow the bad guys access to your computer, access to your data, or access to the server by hopping through that application.

And one single tiny bug in any one of those applications can now cause a huge amount of data to be exploited on your servers. So that’s why you have to make sure that you’re keeping your operating system updated, you’re keeping your applications updated. You want to avoid that single vulnerability so by staying up to date with all of these patches and all of these updates, you can be at least a little more sure that your end users are going to be protected from somebody trying to take advantage of some of these client side attacks.