Impersonating a User or System

As described in section 6.1, common ways to identify and authenticate users include the use of physical keys, account names and passwords, and biometric checks. Password guessing, password trapping, use of security holes in programs, and use of common network access procedures are methods that can be used to impersonate users. Impersonation attacks involving the use of physical keys and biometric checks are less likely.

Compared to standalone systems, systems on networks are much more susceptible to attacks where crackers impersonate legitimate users for the following reasons:

• Crackers have potential access to a wide range of systems over a large geographic area. As a result, network nodes that are not securely configured and/or are running programs with security holes are particularly vulnerable.

• A cracker can use the finger or ruser programs to discover account names and then try to guess simple passwords (see sec. 9.2.7).

• Crackers can make use of more sophisticated password guessing methods, e.g., a cracker could use a distributed password guessing program in which multiple systems are used to guess passwords.

• Electronic eavesdropping can be used to trap user names and unencrypted passwords sent over the network (see sec. 9.1.2).

• Common network access procedures (see sec. 9.2) can be used to impersonate users. Attacks where root privileges are gained are particularly dangerous because a cracker may be able use common network access procedures to break into numerous systems.

• Crackers can monitor the activity on a system and impersonate a user when the impersonation attacks is less likely to be detected.

Individual systems on a network are also vulnerable to imposter attacks. A cracker can configure a system to masquerade as another system, thus gaining unauthorized access to resources or information on systems that ``trust'' the system being mimicked. section 10.2.7 discusses how to protect a system against impersonation when using the ``r'' commands.