Professional Documents
Culture Documents
Habtamu Zeleke
Habtamu Zeleke
ASSIGNMENT-ONE
Jimma, Ethiopia
December, 2020
1
1. Computer Attack
Computer attacks mean a hacking of our computer. A person or hackers protected computer
without a persons or organization office interest. They created there hacking software or
malicious software and send to each computer. In this time our computer attacked by a
malicious and it cannot work with properly. Attacking or hacking others computer is illegal
trading system that a persons need to stole a data, file or any of their interest which can use to
get income by illegal way.
Security. Security is the main method to protect this attack in any sector or in any country.
Chief secures, cyber analysts and scientist are specialized to control the attack in a country.
There are different types of computer attacks, from those as sample we see some attacks
1) Viruses
Viruses is the first and oldest attack. The computer made at the first this viruses came with
them. The viruses attack our computers by the two methods.
Viruses attack our computer when it delete, remove, sharing from one place to other, sending
our information to hackers and etc.
2
Most of time it attacked our computer at the downloading time. Downloaded from any website
it works properly but inside the Trojan attack the file. We don’t know his attacking but after
attacking it damaged our web.
o Before downloading any file from the internet first check it by write its name and
viruses on Google.
o Don’t search directly from any of website
3) Root kits
Root kit (remote control): it is one of a dangerous computer attacking system. A hacker control
our computer which locate in any were by using remote control. A computer owners does not
know their hacking but they sit on one place or country by using Wi-Fi or internet connection
protected computer. A computer is hacked by this root kit it is zombie computer or useless
computer.
Any type of website, application, database, browser or operating systems cannot prefect from
the beginning. So the technical variability is said to be zero-day variability. The worm is a
malicious that found a cliché on the computer and the attack websites, apps, browser’s and etc.
Many time this attack target browser, adobe acrobat, and computer operating system.
o The software publisher company must be update their software at all times.
o After company updated also we update those software on our computer
5) Credential Reuse
The meaning of Credential reuse is a problem for many organizations. Users inundated with
requirements to supply complex passwords to different systems often resort to reusing the
same password across multiple accounts so that they can easily manage their credentials. Many
peoples restore there computer or password this credential reuse attack the computer. It is
3
stuffing attacks are possible because many users reuse the same username/password
combination across multiple sites, with one survey reporting.
Prevention method
This type of computer attacking is make our systems immune to all possible attacks,
realistically the need to accept that some attacks will get through our defence. However, a
resilient defines should include several layers. This includes the possibility of detecting those
attacks that succeeded despite all our efforts, preferably as soon as possible.
7) Teardrop attack
This attack causes the length and fragmentation offset fields in sequential Internet Protocol (IP)
packets to overlap one another on the attacked host; the attacked system attempts to reconstruct
packets during the process but fails. The target system then becomes confused and crashes. It
is similarly attacked on the networking because the server can be communicated with the
computer. Many person included this attacks inside of networking attacking. As generally it
attack the same a computer.
2. Network Attack
The network attack is a method of attacking that focus on network server and client.
This attacking system take place in three ways: attacker, website visitor and website. Attacker
visit a website for having script injection vulnerable. Then this attacker payload a malicious
software to database that steals cookies. The website transfer the victim browser to an attacker
and after exciting victim a visitor send a website cookie to attacker. Also a cross site scripting
4
attack occurs when a website has a vulnerability that allows the injection of scripts. This would
allow the attacker to steal the browser cookies for session hacking.
Prevention Method
It is a type of computer network attack that an attacker communicate between two entities. The
hacker set on the middle from the server and network it follow the network information step
by step. The attacker listens to the conversation between the public key message transmission
and the re-transmitter the message
Prevention Method
In this attack, an attacker exploits the use of the buffer space during a Transmission Control
Protocol (TCP) session initialization handshake. The attacker’s device floods the target
system’s small in-process queue with connection requests, but it does not respond when the
target system replies to those requests. This causes the target system to time out while waiting
for the response from the attacker’s device, which makes the system crash or become unusable
when the connection queue fills up.
4) Teardrop attack
This attack causes the length and fragmentation offset fields in sequential Internet Protocol (IP)
packets to overlap one another on the attacked host; the attacked system attempts to reconstruct
packets during the process but fails. The target system then becomes confused and crashes. If
5
users don’t have patches to protect against this DoS attack, disable SMBv2 and block ports 139
and 445.
5) Drive-by attack
This attacking system is focus on the HTTP and software programing which are PHP and
JavaScript codes. A person who can visit a website this drive by attack directly attacked our
application or client. Drive-by download attacks are a common method of spreading malware.
Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one
of the pages. It might re-direct the victim to a site controlled by the hackers. Drive-by
downloads can happen when visiting a website or viewing an email message or a pop-up
window. A drive-by download can take advantage of an app, operating system or web browser
that contains security flaws due to unsuccessful updates or lack of updates.
Prevention Method
6) Eavesdropping attack
7) Birthday attack
Birthday attacks are made against hash algorithms that are used to verify the integrity of a
message, software or digital signature. A message processed by a hash function produces a
message digest (MD) of fixed length, independent of the length of the input message; this MD
6
uniquely characterizes the message. The birthday attack refers to the probability of finding two
random messages that generate the same MD when processed by a hash function. If an attacker
calculates same MD for his message as the user has, he can safely replace the user’s message
with his, and the receiver will not be able to detect the replacement even if he compares MDs.
3. Web attack
Web is a software or programmable application that used to gain a data from a server.
1) SQL Injection
SQL injection, also known as SQLI, the attackers inject malicious SQL scripts in to website
app to gain access to the database to store in the website server. They use a commonly way for
hacking those way is the server hidden the SQL queries in site. For instance any want to use a
Facebook it must login with in an account, but on this SQL injection query would be sent to
database to request the user’s information. However, when hackers inject a malicious software
they could request all kinds of data or information from a database. They have a communication
system with the database. Most of software applications have database stored in their server,
this software applications are become attractive target for SQL injection.
o An SQL query is request for data from database we must cack if it is correctly fetched
or not
o When web app are stored there data on the server we must prepare the security location
to protect our database.
2) Denial of Service
This type of attacking is attacked the web server. The attackers sends an enormous amount to
our website or to hosting server to disrupt and even shutdown our system. It focus on server of
our web application and website ranting cloud servers. The cloud charged with an automated
server to share connection to any server. The denial-of-server attack is the same concept, except
that this time, the hackers gain illegal control over a millions of device to launch the attack on
the large scale. Different from the other attackers do not receive any direct benefit from the
denial-of service attacks. Many time this attacking system is targeted to attack an
organizational information and a hugest information stored centre.
7
How we can prevent
o Downloading the software application which is protect this type of attack from the
internet
3) Zero-day attack
A zero-day attack this software flaws before they are patched with software update. We stand
from its name it is zero-day attack so what mean that? The day of software update is day one,
then an attacker come before the update is said to day zero, from this the attacking system is
said to be zero-day attack. The attacker target on do not yet have fix software. A software
company checking their app to update this zero-day attack control all those un updated software.
The parameter tamping attack is based on the manipulation of parameter exchange between the
client and server. It also exchange the modification of application data in the server. The data
stored on the database by using client. In this time the parameter tamping have a
communication with the server. We don’t know their interaction but as inside the data stole
from our server.
Brute Force attack is called password attack. This method is one of the simplest form of web
attacks. Because the attackers or hackers simply tries different combination of username and
password as repeatedly until it is login to user account and take the other password using valid
form. For a single computer it take more time but to multiple computer simply they login by
8
breaking method or by combination of username and password. Many hackers developed there
powerful software to hack.
This attacking system is attacked by using the operating system command into the server that
is running the web application. It is deferent from the SQL injection because it enters from the
server side to the application side. In the SQL injection attack the control of full application.
The application also utilize to compromise other parts.
LDAP (Lightweight Directory Access Protocol) is an application software mostly used for
corporate intranets. Any one need to network to find the resource as sample device, file, as well
as username or password as part of single sign-on system. An LDAP injection attack allows
attackers to send queries without validation.