An attacker performs an analysis of a target system, protocol, message, or
application in order to overcome protections on the target or as a precursor
to other attacks. Analysis can involve dissection of an application,
analysis of message patterns, formal analysis of protocols, or other
methods. The outcome of these attacks can be disclosure of sensitive
information, or disclosure of security configuration that leads to further
attacks targeted to discovered weaknesses.
Attack Prerequisites
Any entity that can be observed by an attacker could potentially be
vulnerable to an analysis attack.
Resources Required
Most analysis attacks require tools in order to collect information about the
target. For example, scanning suites and packet sniffers might be used to
analyze a web service or protocol. Moreover, following collection of
information, some attacks require additional tools in order to process the
discovered data. Cryptanalysis applications are one example of such tools.
Finally, some of these attacks require a high level of sophistication on the
part of an attacker in order to extract useful results from collected
information.
Solutions and Mitigations
Implementation: When possible, minimize the information a system displays
about itself, including minimizing unnecessary information in error messages
and other descriptive messages.
Design: Utilize techniques to minimize covert information. For example,
intentionally throttling network throughput can hide an entities true
throughput potential.
Description
