1.3 Vulnerabilities, threats, and countermeasures

1.3    Vulnerabilities, threats, and countermeasures

In general, a vulnerability refers to a weakness that can be exploited by somebody (e.g., an intruder) to violate a system or the information it contains. In a computer network or distributed system, passwords transmitted in cleartext often represent a major vulnerability. The passwords are exposed to eavesdropping and corresponding sniffing attacks. Similarly, the ability of a network host to boot with a network address that has originally been assigned to another host refers to another vulnerability that can be used to spoof that particular host and to masquerade accordingly . Unfortunately, the power of Web technology in general and HTTP in particular also makes the WWW vulnerable to a number of serious attacks.

A threat refers to a circumstance, condition, or event with the potential to either violate the security of a system or to cause harm to system resources. Computer networks and distributed systems are susceptible to a wide variety of threats that may be mounted either by intruders ^[17] or legitimate users. As a matter of fact, legitimate users are more powerful adversaries, since they possess internal information that is not usually available to intruders.

Finally, a countermeasure is a feature or function that either reduces or eliminates one (or several) system vulnerability(ies) or counters one (or several) threats. For example, the use of strong authentication techniques reduces the vulnerability of passwords transmitted in the clear and counters the threat of password sniffing and replay attacks. Similarly, the use of cryptographic authentication at the network layer effectively eliminates attacks based on machines spoofing other machines IP addresses and counters IP spoofing attacks.

In essence, this book is about countermeasures that can be used and deployed to secure the WWW and applications that make use of it. Note, however, that security in general and WWW security in particular are vague terms that may mean various things to different people. The nature of security is such that it cannot be proven. ^{[18 ]} The very best we can show is resistance against a certain set of attacks we know and with which we are familiar. There is nothing in the world that can protect us against new types of attack. For example, timing attacks, differential fault analysis (DFA), and differential power analysis (DPA) are some of the latest tools in the never-ending competition between cryptographers and cryptanalysists.

In this book, we are not going to define the term security formally Instead, we focus on techniques and mechanisms that are available today and that can be used to provide security services (i.e., access control and communication security services) on the Web. The assumption is that if a WWW application is able to provide these security services, there are at least some obstacles to overcome in order to successfully attack the application. If the security services are well designed and properly implemented, the resulting obstacles are far too big to be overcome by occasional intruders. Before we delve into the technical details, we want to briefly introduce a generic security model that explains and puts into perspective the various aspects of security.