When we include security features into our application’s design and execution, it helps to have a better understanding of the thinking process of attackers. The countermeasures can be applied more effectively by thinking like attackers and having an awareness of their possible strategies.
Having an understanding of the critical approach used by attackers to target your database network is helpful in better preparing for the protective measures. The key steps in attacker’s line of attack are summarized below:
- Survey and Evaluate
Surveying and evaluating the possible target are done in aggregation. The first typical step an attacker takes is to review the target to identify and assess its characteristics. These characteristics may consist of its supported services and procedures together with possible exposures and access points. The attacker plans an initial attack based on the information obtained during this phase.
- Exploit and Penetrate
After surveying the potential target, the next step is to exploit and penetrate. Your web application becomes the next target for attack if the network and host are completely secured. The entrance used by the legitimate users is the easiest way for an attacker to penetrate into an application.
- Escalate Privileges
After managing to break through an application or network, the attackers immediately try to escalate privileges. They mainly look for administration rights given by accounts that are associated with the Administrators group. They also attempt to find out the high level of privileges obtainable by the local system account. The primary defense against privilege escalation attacks is using least privileged service accounts all through your application. Moreover, many of these network level attacks need an interactive logon session.
- Maintain Access
In the next step, an attacker tries to make future access easier and covers up his or her tracks. It is possible to make future access easier by fixing back-door programs or accessing an existing account that is not secured enough. An attacker covers his or her tracks either by clearing logs or by hiding tools. Log files must be protected, and they should frequently be evaluated. Analyzing the log files can help preventing damage by exposing the early signs of an attempted attack.