Research Synthesis and Analysis of Browser Attacks and Network Intrusion
Browser attacks and network intrusion are drawbacks users face every day for being connected to the internet in one way or another. One has to access a browser to be served content on the web and one has to be connected to a network to view the web. We will take a closer look at both in this paper.
Browser attacks come in many different forms, making them very difficult to defend against. OWASP, which stands for open web application security project is a nonprofit organization which has made an effort to identify the many types of browser based attacks in the wild. OWASP is more well-known for its project called OWASP top ten project. The top ten biggest browser based attacks are as follows:
- Broken Authentication & Session Management
- XSS or Cross Site Scripting
- Insecure Direct Object Reference
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Using Components with knows vulnerabilities
- Invalidated Redirect & Forwards
These are the ten main categories that browser attacks fall into. An even more daunting task is that even though the list may have been created in 2013, most of these categories are still visible on the internet and can be used in today’s internet landscape.
Major Issues, Problems
The problems with browser attacks are largely due to the overwhelming number of browsers that are available to users. Not all browsers handle content the same way and not all browsers protect against vulnerabilities in the OWASP top ten in the same manner. With the five biggest browsers being Chrome, IE, Firefox, Safari, and Opera there are also the problem of versions of these top five. This enables a vulnerability to remain in the opened to be used to attack until a user gets around to updating their browser. An even greater issue is that a web application could exist and is made in 2013 and heavily used by a company. A company may not be able to upgrade the web application because of resources. However, this ultimately doesn’t work in modern browsers leaving potentially 1000 of computers susceptible to all vulnerabilities since 2013 in this web browser.
If this wasn’t alarming enough users have created frameworks that allow security researchers and engineers to test these web applications in their companies. One penetration testing framework is the BEEF framework. This framework has compiled many of the vulnerabilities in the OWASP top ten into a single interface which is used to exploit browsers which they call “hooking”. Beef was built by a group of developers to explore the vulnerabilities in browsers and test them specifically Beef is an excellent platform for testing a browser’s vulnerability to XSS and other injection attacks, (Null Byte, 2015).
New malware is being developed in the wild which is taking advantage of these browser vulnerabilities and exploiting them for man in the middle browser attacks. (Khandelwal, 2016) says, “Besides process level restrictions bypass, the AtomBombing code injection technique also allows attackers to perform man-in-the-middle (MITM) browser attacks, remotely take screenshots of targeted user desktops, and access encrypted passwords stored on a browser.” In a recent article the AtomBombing malware was dubbed to have no patch. (Khandelwal, 2016) says, “Since the AtomBombing technique exploits legitimate operating system functions to carry out the attack, Microsoft cannot patch the issue without changing how the entire operating system works. This is not a feasible solution, so there is no notion of a patch.”
Analysis, Ideas, and Solutions
Looking at some of the above browser based attacks as you can see in the case of the AtomBombing there is little that can be done. However, there are some general practices that can help an organization and or a normal computer user to defend against a large portion of these attacks, (How to Geek, n.d.).
- Keep your browser updated
- Enable Click-to-Play Plug-ins
- Uninstall Plug-ins you don’t need
- Keep Plug-ins updated
- Use a 64-bit Web Browser
- Run an Anti-Exploit Program
- Use Caution When Using Browser Extensions
In a work scenario, many of the above list will be able to be restricted through a group policy. Many of these browser attacks have specific signature that can be spotted by a good intrusion detection system like SNORT or Dell SonicWall. Also with a tool like Dell Kace you can track inventory of all web browsers that are being used within a company’s network to make sure there aren’t any legacy browsers floating around.
Network intrusion is something that everyone must deal with when connected to the internet whether it’s a person’s home network or work. (Moskowitz, 2014) defines, “A network intrusion is any unauthorized activity on a computer network.” Many believe this could be using the network for something it wasn’t intended to do whether consciously or subconsciously. (Moskowitz, 2014) continues, “In most cases, such unwanted activity absorbs network resources intended for other uses, and nearly always threatens the security of the network and/or its data. “
Major Issues, Problems
The largest problem that we have with network intrusion attacks is the scale of which the network is growing. With the emergence of internet of things, toasters and thermostats now fall susceptible to old attack vectors in networking. (Hodo et al., n.d.) says, “Research conducted by Cisco reports there are currently 10 billion devices connected, compared to the world population of over 7 billion and it is believed it will increase by 4% by the year 2020.” At an RSA conference a researcher discussed some very popular attack vectors that come up often when discussing network intrusion these are:
- Asymmetric Routing
- Buffer Overflow Attacks
- Protocol-Specific Attacks
- Traffic Flooding
Intrusion to a network can come in two main forms whether External Intruders, where these are people that will more than likely use malware or exploits to gain access to a system or Internal Intruders, these are people misuse the system by changing important data or theft of confidential data.
Analysis, Ideas, and Solutions
Intrusion detection systems bring the most hope to the defense from many of these attack vectors discussed. Whether (HIDS) Host-Based or (NIDS) network based. There are many different flavors of IDS systems and selecting the right system is very important and unique to budget and normal network usage. Some use signature based others are using anomaly based systems or pattern recognition. Recently we’ve seen a rise in hybrid approaches taking the best of both worlds. The four different techniques which are used are Statistical analysis, Evolutionary algorithm, Protocol verification, and Ruled Based or signature based systems. Ultimately these systems when used appropriately will catch uncharacteristic traffic. Some need a baseline of traffic to get started some work directly out of the box like a signature based system. As the networks continue to get more and more complex so do these IDS systems. The ability to pool known attacks into a signature share through all companies is a powerful tool but now the landscape is changing and attacks are becoming more targeted in nature. Anomaly based systems need to be used in conjunction with signature based. Many companies are faced with a resource issues as anomaly based systems need monitoring since the potential of false positives are a lot higher.
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P., Iorkyase, E., Tachtatzis, C., & Atkinson, R. (n.d.). Threat analysis of iot networks using artificial neural network intrusion detection system. Paper presented at the meeting of the International Symposium on Networks, Computers and Communications, Hammamet, Tunisia.
How to Geek. (n.d.). 7 ways to secure your web browser against attacks. Retrieved from http://www.howtogeek.com/228828/7-ways-to-secure-your-web-browser-against-attacks/
Khandelwal, S. (2016, October 27). This code injection technique can potentially attack all versions of windows. Retrieved from http://thehackernews.com/2016/10/code-injection-attack.html
Moskowitz, R. (2014, December 25). Network intrusion: methods of attack | rsa conference. Retrieved from https://www.rsaconference.com/blogs/network-intrusion-methods-of-attack
Null Byte. (2015). Hack like a pro: how to hack web browsers with beef « null byte. Retrieved from http://null-byte.wonderhowto.com/how-to/hack-like-pro-hack-web-browsers-with-beef-0159961/
OWASP. (n.d.). Category:owasp top ten project – owasp. Retrieved from https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013