Attack 6
Subverting the Server/s
Attack 2 - copy legitimate IDs from existing products
Attack 3 - Steal bulk IDs from the database
Attack 4 - Subverting the Channel
Attack 5- Subverting the Database
Attack 6 - Subverting the Server
This is a similar problem to Attack 4, except that now we're considering a direct attack on the The business logic which controls all the authentication procedures, controls all the WORM storage and controls the subsequent upload to the Online storage. It could, potentially be subverted by a skilled insider or a very skilled outsider. Like a spoofed upload from the outside, a successful attack here could allow illicit entries to the database to appear completely normal to the system.
The main protections here will be strong biometric identification of authorised users and the use of the most secure server operating system we can find to enforce, for example, protected paths and full access logging. In this we have been heavily influenced by the NSA's analysis of server vulnerabilities.
Where possible, we will also have web cams and/or CCTV continually monitoring access to the most sensitive areas where such subversion could be attempted.
