Chapter 2: Anatomy of an Attack

Overview

"Hence the saying: If you know the enemy and know your-self, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

Sun Tzu, "The Art of War."

In the previous chapter, we considered the drawbacks of traditional security tools (such as firewalls, for example). However, before we proceed any further with a discussion of the mechanisms and tools for detecting intrusions and finding vulnerabilities used to complement traditional mechanisms and improve the safety and security of the corporate network, it would be reasonable to describe what the attacks are, how they are classified and how they are implemented. Without this knowledge, it would be rather difficult efficiently to detect attacks and prevent their negative impact on the resources of a corporate information system (IS). Systematic information on attacks and vulnerabilities helps to explain the drawbacks of traditional security mechanisms and tools described in the previous chapter. Furthermore, to take efficient counter-measures, which can help to prevent attacks on the hosts of a corporate network, administrators must have a sound understanding of the methods used by intruders. This book is not aimed at covering every single vulnerability, attack and method of intrusion in great detail. However, it is necessary to provide general concepts, illustrated by examples. Without at least getting acquainted with them, it would hardly be possible to understand the principles and mechanisms of intrusion detection.