9.3.2.2. Context
This vulnerability applies to eAIP distribution via a file download service, for example a Web server or an FTP server. It can concerns both secured (by Secure Socket Layer - SSL) and not secured download servers, accessible on the Internet or any other network.
9.3.2.3. Description
An AIS office can publish eAIP packages on-line on a server for end-users to download. This server is an obvious target. A successful attacker who, using a flaw in the server software, gains control over the computer on which it is running, may impact:
. Availability: He is able to take the server out of order or to delete eAIP packages;
. Data Integrity: He can replace an eAIP by another document of his craft, while an end-user things that he is using an official eAIP.
9.3.2.4. Mitigating controls
Possible controls to mitigate the risks stated above:
1.
Proper security practice: Keep the server secure, with the latest security patches applied. Secure the operating system the service is running on.
2.
Electronic signature: End users can check authenticity of the electronically signed packages they download.
9.3.3. Download Server Denial of Service
9.3.3.1. Risk classification table
Table 9.3.
9.3.3.2. Context
This vulnerability applies to eAIP distribution via a file download service, for example a Web server or an FTP server. It can concerns both secured (by SSL) and not secured download servers, accessible on the Internet or any other network.
9.3.3.3. Description
Hardware and software are more likely to fail against this type of attack. A successful attacker who, using a flaw in the server software, manages to remotely take the server out of order, may impact availability: eAIP packages will not be available until the attack ends or the service is restored.
9.3.3.4. Mitigating controls
Possible controls to mitigate the risks stated above:
1.
Proper security practice: Keep the server secure, with the latest security patches applied. Secure the operating system the service is running on.
2.
Offer redundant service;
3.
For end users: do not rely solely on remote services, especially through public networks.
9.3.4. Download Server Hijacking
9.3.4.1. Risk classification table
Table 9.4.
9.3.4.2. Context
This vulnerability applies to eAIP distribution via Web downloads, secured by SSL or not, through the Internet or not.
9.3.4.3. Description
This "man in the middle" attack consists in intercepting Web requests sent by end users to the Web server, and responding to them. The attacker is effectively bypassing the Web server, and providing his own forged Web server instead. This can be done by DNS hijacking or by network path control (i.e. one of the computers traversed by the request is controlled by the attacker).
It can happen even on servers secured by SSL if the end user does not carefully verify the server's certificate or if his computer has been tampered without his knowledge so that it si-lently accepts forged certificates.
9.3.4.4. Mitigating controls
Possible controls to mitigate the risks stated above:
1.
Proper security practice: Securing all computers and devices which are crossed by the Web requests from the end-user's side to the server's side. This includes firewall, routers and proxy servers.
2.
Use of SSL: Using an SSL enabled Web server confirms to the end-user that he is con-nected to the expected Web server, and not the attacker's. However, the end user must manually check the authenticity of the SSL certificate. If not, he may be connecting to the attacker's Web server without noticing.
3.
Electronic signature: End users can check authenticity of the electronically signed packages they download.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:Electronic AIP Specification(19)
