TMS zl Management and Configuration Guide ST.1.1.100226
6-10
Intrusion Detection and Prevention
IDS/IPS Concepts
Unauthorized Access
Unauthorized access attacks occur when an unauthorized user accesses your
network either by guessing or stealing a password or by finding insecure
network access points. Some methods used to gain unauthorized access are:
■ Brute force
In a brute force attack, an attacker systematically attempts all possible
password combinations, in order to discover a password and gain access
to the network. Despite requiring a large amount of time and processing
power, brute force attacks are often successful. Implementing a brute
force attack is relatively simple: brute force and dictionary-based pass-
word cracker software is easily available online. However, a vigilant
network administrator can usually detect a brute force attack before it
succeeds.
■ War driving
War drivers exploit the open nature of the wireless medium to find and
infiltrate wireless networks by literally driving around in order to find
unsecured or easily cracked wireless networks. People often simply
connect a wireless access point (AP) and immediately begin using it
without enabling any sort of security measures, which allows war drivers
to have open access to the network. Because all transmissions between
wireless devices and the AP are unencrypted, a war driver can listen in
and steal any information passed between the two devices.
Additionally, not all wireless encryption schemes are secure. For example,
a war driver may gain access to a Wired Equivalent Privacy (WEP)-
secured network by intercepting traffic passed between the AP and
authorized wireless devices and analyzing the traffic with software that
deciphers encryption keys. The encryption key can then be used as a
password to access the network.
■ Wire tapping
Wiretapping occurs when a device that intercepts and broadcasts infor-
mation is placed on the physical network wire. Any intercepted or
“tapped” traffic can then be recorded and analyzed.