Page 654 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 654

Input and Parameter Checking

               One of the most notorious security violations is a buffer overflow. This
               violation occurs when programmers fail to validate input data

               sufficiently, particularly when they do not impose a limit on the
               amount of data their software will accept as input. Because such data
               is usually stored in an input buffer, when the normal maximum size of
               the buffer is exceeded, the extra data is called overflow. Thus, the type
               of attack that results when someone attempts to supply malicious

               instructions or code as part of program input is called a buffer
               overflow. Unfortunately, in many systems such overflow data is often
               executed directly by the system under attack at a high level of privilege
               or at whatever level of privilege attaches to the process accepting such
               input. For nearly all types of operating systems, including Windows,
               Unix, Linux, and others, buffer overflows expose some of the most
               glaring and profound opportunities for compromise and attack of any
               kind of known security vulnerability.


               The party responsible for a buffer overflow vulnerability is always the
               programmer whose code allowed nonsanitized or unsanitized input.
               Due diligence from programmers can eradicate buffer overflows
               completely, but only if programmers check all input and parameters
               before storing them in any data structure (and limit how much data
               can be proffered as input). Proper data validation is the only way to do

               away with buffer overflows. Otherwise, discovery of buffer overflows
               leads to a familiar pattern of critical security updates that must be
               applied to affected systems to close the point of attack.


               Maintenance Hooks and Privileged Programs

               Maintenance hooks are entry points into a system that are known only
               by the developer of the system. Such entry points are also called back
               doors. Although the existence of maintenance hooks is a clear
               violation of security policy, they still pop up in many systems. The

               original purpose of back doors was to provide guaranteed access to the
               system for maintenance reasons or if regular access was inadvertently
               disabled. The problem is that this type of access bypasses all security
               controls and provides free access to anyone who knows that the back
               doors exist. It is imperative that you explicitly prohibit such entry
   649   650   651   652   653   654   655   656   657   658   659