mật khẩu? Nếu không có một số loại chứng thực cơ chế bất cứ ai sẽ có thể truy cập dữ liệu tài khoản của bạn và thay đổi thông tin mà không có sự chấp thuận của bạn. Áp dụng cùng một quá trình suy nghĩ để làm việc | Dangers with Privilege Escalation Attacks 33 FIGURE Example E-mail After sending the e-mail to the entire customer list the attacker logs into the Microsoft Internet Information Services IIS server and modifies the home page of the restaurant to notify the customers the restaurant is temporarily closed for renovations. The attacker then changes the passwords of all the domain administrators accounts so it will not be easy for legitimate administrators to revert the malicious acts of the attacker. As you can imagine a situation like this can be absolutely devastating to small and large companies alike. Winning back customers and reestablishing a good reputation by word of mouth for how good the restaurant really is will be a significant challenge. This type of attack can cause a large loss of revenue for the restaurant and can ultimately lead to the failure of the business altogether. Think of ways an attack similar to this can be used against your organization. Can you think of similar attacks that would be such devastating How long would your organization be able to withstand a significant decrease in revenue What is the likeliness an attack like this will or can occur Scenario 3 Horizontal Escalation Horizontal privilege escalation can allow an attacker to gain access to data that may not necessarily belong to him. In poorly designed applications an attacker may have the capability of identifying flaws within a Web application that allows him access to 34 CHAPTER 2 Active Directory - Escalation of Privilege other users information. Once access is gained to another users data or account via leveraging flaws he may modify copy destroy or use the data for his needs. In this scenario the attacker works as a telemarketer for a training company that sells training to potential students who want to pass information technology IT certifications. The job is okay but sometimes it feels like all our attacker does is make calls and cross his fingers whether the call will