What is Privilege Escalation Attack
Operating systems typically provide users and applications with privileges to perform the tasks that they are required to accomplish. In a secure environment, applications and users typically receive very restricted privileges, which means that successfully compromising them will only provide attackers with a small range of possible actions they can take. When a hacker wants greater privileges than the typical user, he or she has to find a way around this security feature, which can result in a privilege escalation attack.
Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances privilege escalation is required.
No matter how hard security experts try to keep hackers out of protected networks, they always seem to find a way in. One of the tactics that hackers use to gain unauthorized access to a network is known as privilege escalation. Successful privilege escalation attacks grant hackers privileges that normal users don't have. There are two common types of privilege escalation — horizontal and vertical.
Horizontal and vertical escalation both rely on a central aspect of computer programming known as "privileges." Privileges are a security feature of most programs and operating systems; they limit the access that different kinds of users have to files and codes. The more privileges a user has, the more he or she can modify or interact with a system or application.
When a username or password is stolen and then used to gain unauthorized access to an account or network, this is also an example of horizontal privilege escalation. Malware that employs keystroke logging or tracking cookies can be used to steal passwords and facilitate future privilege escalation attacks.
One of the most effective ways to prevent horizontal privilege escalation attacks is to choose passwords that won't be easily guessed by hackers. Always choose unique passwords for every account you create. Keeping antivirus software up to date can also help prevent horizontal privilege escalation attacks. Maintaining patched and updated web browsers is also particularly important in avoiding these kind of attacks.
In a vertical privilege escalation attack, the attacker grant himself privileges usually reserved for higher-access users. In most privilege escalation attacks, the hacker first logs in with a low-end user account. Then he can search for exploitable flaws in the system that can be used to elevate his privileges. If the hacker successfully exploits such flaws, he may be able to authorize network activity, create new system users, access files or change the system settings. Such an attack can result in the theft of sensitive data or the hijacking of an entire network.
Obviously, attackers want to have far greater access to a system than they would get if they simply used the rights that an application has. Thus, they use attacks intended to allow them to either seize rights or to perform actions as a more privileged user. Both of these attacks are forms of privilege escalation. In fact, attackers often take advantage of existing privileges to gain additional attacks. In so-called transitive attacks, is where a machine A trusts machine B and machine B trusts machine C. Therefore, Hacker can attack machine C and machine C will automatically be trusted by A.
In network security, this is an ongoing concern. It used to be in older Unix systems, this was a normal part of the operating system. We would set up specific configurations in the operating system that allowed trust to many, many different computers. It skipped over step of having to authenticate every time we went to a server that was trusted.
But in those days, administrators didn’t have to worry so much about somebody taking over machines and then gaining access to everything in organization. These days, our systems are designed not to allow those trusts by default. In fact, these days it’s very, very common for a machine just not to trust anybody.
Firewalls don’t trust anybody. Computer operating systems don’t trust anybody. Server operating systems don’t trust anybody. And in reality, with the type of security concerns we have today it’s probably a good idea to keep things running that way.
Did you find this tutorial helpful? Don’t forget to share your views with us.