Question

In class we discussed Transitive Trust. And we covered so many different types of attacks. Do you think that there may be an attack on Trust? Explain your answer.

Answer 1

In the computer security, transitive trust refers to a two-way relationship which is automatically created between parent and child domains and it determines how much implied security trust Party A gives to Party B when acting on behalf of Party A to Party C. Party A expects Parties B and C to use the same security policies and effort as it would use itself in all instances. When a new domain is created, it shares resources with its parent domain by default, enabling an authenticated user to access resources in both the child and parent.

Most of the Internet's security is built around reputation and trust, for example, relying on certificates to encrypt and authenticate. Certificates rely on the exchange of public data keys, generated by top-secret private keys, to ensure safe communications. As the network security appliance sits between business computers and the Internet, this chain of trust is broken since all data must pass through it. The business uses this security appliance to intercept and scan all communications for IP misuse. This makes certificate verification quite impossible, because the device also has to decrypt and then re-encrypt secure transmissions. To do so it uses its own private keys, which are trusted by each of its protected computers, to replace the Internet site's identifying certificate with one provided by the security device. This security flaw also makes user-led client-side attacks more difficult to detect in the case of transitive trust.

Client-side attacks occur when a user download an image, open a link, install an update that will then run the malicious code in their machines. The client-side attacks require user interaction. Most firewalls are far more restrictive inbound compared to outbound; they were designed to mitigate server-side attacks originating from untrusted networks. But they often fail to prevent client-side attacks. Allows an attacker to execute scripts in the victim's web browser. This attack is used to intercept user sessions, deface websites, insert hostile content, conduct phishing attacks, and takes over the user's browser by using scripting malware. All web application frameworks are vulnerable to this exploit. The exploit typically uses HTML or JavaScript, but any scripting language, including VBScript, ActiveX, Java, or Flash, supported by the victim's browser is a potential target for this attack.

The following types of attacks are considered client-side attacks:

• Content Spoofing
• Cross-site scripting (XSS)