Any computer security experts out there?

Gozu · February 4, 2007, 2:43am

I’ve been reading on computer security recently and I have a hard time figuring out which attacks affect which architectural layer. Let me give you an example.

Let’s say someone uses a flaw in a CGI, ASP or similar and gains access to restricted information on some database (by pasting some malicious string on a browser for example). Since the attack targets a webapp, I’d be inclined to say this is an application layer attack. However, since the database is compromised, isn’t it also an attack on the DBMS (database management system) layer? Or is it both?

What about a virus or a worm? Would those be attacks on the application layer or the OS layer? I’m guessing application layer since the OS was not attacked directly. Then again, this gives an attacker control over the OS so, once again, does it affect both?

I’m confused. if anyone can shed some light on this, it’d be great.

Thanks for your time,

/gozu

Seven · February 4, 2007, 5:19am

In your first example, the target is the DB but the exploit was in an application.

In the second, it depends on what the exploit is doing. Does the trojan target the OS or the firewall (something like iptables or ipsec) opening access in? If firewall, then it’s application. The target is the OS but the fault was something else.

BUT… that last example is sort of gray because iptables and ipsec are often considered part of the OS because those elements install with the networking of the OS.

Topic		Replies	Views
ZoneAlarm firewall - technical question Factual Questions	15	1571	September 15, 2003
How to find a "white hat" hacker? In My Humble Opinion	6	1293	June 2, 2009
Is Windows really less secure? Factual Questions	33	2029	April 4, 2005
Are virus attacks on home computers a thing of the past Factual Questions	55	7303	March 9, 2016
A list of computer related attacks? Factual Questions	0	569	September 8, 2004

Any computer security experts out there?

Related topics