Security Concept: Attack Vector

24 Sep

Our last discussion looked at the security concepts of lock down and layered security. Attack vector is another important security concept. Different agencies and organizations have different words for this but it all comes down to the same concept.

Your adversary wants to attack you and they will attack you through some perceived weakness, a vector. Vector means a pointy little arrow. You can think of the arrow going through the path they’re trying to attack you. If a burglar kicks in your front door, the attack vector is the front door. Burglar crawls in through window, attack vector is the window.

In our last post, ThoughtfullyPrepping correctly said the best “lock down” to your PC being hacked over the Internet is pulling the connection to the Internet. The Internet is the primary attack vector hackers use to get into your system. We can subdivide this into smaller attack vectors. Some of the most common computer hacker attack vectors:

1) Your web browser
2) Your e-mail client
3) JAVA installed on your system
4) Flash player
5) Acrobat Reader

Some attacks go through one thing and then use another: A web browser attack taking advantage of flash player. These last three items have had tens of thousands of vulnerabilities over the years. How can you nullify attacks through these popular attack vectors?

If you don’t need it, uninstall JAVA. You could go without flash player, but how then would you play sheep dash or online flappy bird? Too great a sacrifice. Inside your browser you can install an add on (flashblock) that blocks flash content from automatically playing. This give you control over which flash content is allowed. Keep flash player updated. Visit the Flash Player Settings Manager website to check your settings and choose stronger settings than the defaults.

You can replace Acrobat Reader with a less targeted and less bloated pdf reader like Sumatra PDF.

For an e-mail client, choose one that doesn’t support scripting or one which can turn it off. Avoid Outlook and anything that supports Active X on Windows platform. Don’t open attachments in e-mails from strangers. Just delete them.

You could run your web browser sandboxed, using the free program Sandboxie. It will break many sites, but you can install browser add ons like NoScript which keep javascript and other scripts from running. Turn the extension off when you need scripting. For privacy, add Ghostrey to your browser.

By looking at known attack vectors you can reduce your vulnerability to attacks. By listing possible attack vectors you can get a good idea of how you can be attacked. It gets you thinking about how you can secure each line of attack.

The greatest weakness is entirely missing an attack vector. You’ve secured your home. The doors are bullet proof. The windows, impenetrable. A tiny burglar crawls through your dog door. A missed attack vector.

In the book, I devoted a page to securing window air conditioners. Why? It’s an overlooked burglar attack vector. Most ACs just sit in the window frame, held in place by a few tiny screws at the top. Burglars can easily push the AC into the home and crawl through the window. If you have a window AC, spend some time to secure it.

Securing your garage door from having the traveller disconnected is another overlooked home security attack vector.

When you secure anything, be it your home, computer, survival retreat, vehicle, anything, make a list of possible attack vectors. Don’t be overwhelmed. If you’re on the ball, you’ll see a huge amount of attack area. You can’t bulletproof everything. You don’t need to. The vast majority of attacks look for easy vulnerabilities. Something as simple as a locked door discourages break ins. A reinforced door makes a kick in difficult. Most burglars will move on to the house down the road when confronted with a few hardened attack vectors.

The same is true with computer hackers. Unless you’ve pissed off the NSA, when a hacker finds their favorite attack vectors closed, they’ll move on to hacking somebody else.

One Response to “Security Concept: Attack Vector”

  1. thoughtfullyprepping September 26, 2014 at 5:06 pm #

    Now here’s the rub.
    Some viruses and nasty type people can spoof you into believing that an email is genuine.
    After all if family email you, 9 times out of 10 you’ll open it.
    Work colleague, yep, you’ll probably open it as you will a friend’s message who emails you a lot. Simple human nature. What’s normal in your life can’t be hostile.

    Only it could be a bad guy or virus who is pretending to be someone else or has highjacked that persons email account.

    Phishing is also a worry.
    Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

    Got to love Wiki for their definitions haven’t you.

    In short if you do something like internet banking and the bank emails you, most non security wise people will at least open the email to see what it is.
    Sometimes that’s all it takes.

    It’s a tough thing to realize but once online you can be owned in seconds.

    Computer users MUST treat all communications like they carry the plague.

    For instance, I get an email from a friend, I’ll email back to check it is them before opening it. They know I do it, they do it do me.
    A mutual confidence check that all is well.
    As for unsolicited mail. One word, SPAM!
    As for the bank, SPAM and a irate phone call the next day to ask them why they are contacting me on a pathetically secure means of communications.

    Don’t forget, update your virus checker and periodically view your “sent” mail.
    If you are sending mail you know nothing about, ask yourself why.

    Unplug, write letters, or use carrier pigeons for secure comms..
    That and if in doubt, hit the OFF switch and ask for expert help.

    One final thing. preppernextdoor has spoken about securing “the unlikely” against physical attack.
    I sort of agree yet know that come a time that I’ll be scavenging, a lot of you won’t have got round to it.
    I know that, I’ll rely on that, and so will anyone else has taken the time to learn “skills” essential to urban survival.

    So please, remain lazy as I never like to work too hard when scavenging.
    Gain over effort. You don’t put in any effort, people like me will gain.

Comments are closed.

%d bloggers like this: