You are on page 1of 19

Security

Ananya R

steal or gain unauthorized access to or make unauthorized use of an asset. .Definition • In computer and computer networks an attack is any attempt to destroy. disable. expose. alter.

while active wiretapping alters or otherwise affects it] .Types • An attack can be active or passive. The wire tap received its name because. Legal wiretapping by a government agency is also called lawful interception.) • • [Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet conversations by a third party. (E. Passive wiretapping monitors or records the traffic. often by covert means.. the monitoring connection was an actual electrical tap on the telephone line. historically.g. see: wiretapping. • A "passive attack" attempts to learn or make use of information from the system but does not affect system resources.[2] • An "active attack" attempts to alter system resources or affect their operation.

• An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"). In the Internet. and hostile governments. an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. by an unauthorized or illegitimate user of the system (an "outsider").• An attack can be perpetrated by an insider or from outside the organization..e. international terrorists. potential outside attackers range from amateur pranksters to organized criminals. . i. • An "outside attack" is initiated from outside the perimeter.

conlusion • The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. . • A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises Confidentiality.

a threat is a possible danger that might exploit a vulnerability.g. e.e. intelligent.g. action. A threat can be either "intentional" (i. or event that could breach security and cause harm.. capability. That is. an individual cracker or a criminal organization) or "accidental" (e. the possibility of a computer malfunctioning.• A Threat is a potential for violation of security. which exists when there is a circumstance... a fire. or a tornado . or the possibility of an "act of God" such as an earthquake.

Data modification • After an attacker has read your data. the next logical step is to alter it. .1. An attacker can modify the data in the packet without the knowledge of the sender or receiver.

.

computer. . or network component without being authorized to do so.2. Identity Spoofing (IP Address Spoofing) • Spoofing occurs when the attacker determines and uses an IP address of a network. A successful attack allows the attacker to operate as if the attacker is the entity normally identified by the IP address.

Replay attack • A replay attack occurs when an attacker copies a stream of messages between two parties and replays the stream to one or more of the parties.3. resulting in a range of bad consequences. such as redundant orders of an item. the computers subject to the attack process the stream as legitimate(lawful)(genuine) messages. . Unless mitigated.

4. This can happen if an attacker can modify Active Directory Domain Services to add his or her server as a trusted server or modify Domain Name System (DNS) to get clients to connect through the attacker on their way to the server. all while thinking they are communicating only with the intended user. The attacker can monitor and read the traffic before sending it on to the intended recipient. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker. . Man-in-the-middle • A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker’s computer without the knowledge of the two communicating users.

one between the client and the attacker and the other between the attacker and the server. For example. the attacker splits the original TCP connection into 2 new connections. Once the TCP connection is intercepted.• The man-in-the middle attack intercepts a communication between two systems. in an http transaction the target is the TCP connection between client and server. Using different techniques. being able to read. . the attacker acts as a proxy. insert and modify the data in the intercepted communication. as shown in figure 1.

.

which causes abnormal termination or behavior of the applications or services. the denial-of-service attack prevents normal use of your computer or network by valid users. . • After gaining access to your network. which allows the attacker to make more attacks during the diversion. which results in a loss of access to network resources by authorized users.Denial-of-Service Attack • Unlike a password-based attack. • Block traffic. • Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. the attacker can do any of the following: • Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately. • Send invalid data to applications or network services.

or delete your data. This means your access rights to a computer and network resources are determined by who you are.Password-Based Attacks • A common denominator of most operating system and network security plans is password-based access control. Modify. • • • • • • . including access controls and routing tables. Older applications do not always protect identity information as it is passed through the network for validation. After gaining access to your network with a valid account. the attacker has the same rights as the real user. the attacker also can create accounts for subsequent access at a later time. if the user has administrator-level rights. your user name and your password. an attacker can do any of the following: Obtain lists of valid user and computer names and network information. reroute. Therefore. that is. Modify server and network configurations. This might allow an eavesdropper to gain access to the network by posing as a valid user. When an attacker finds a valid user account.

• Introduce a virus program that uses your computers and software applications to copy viruses throughout your network. delete. gaining control of your application. . • Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation. or modify your data or operating system. system. • Abnormally terminate your data applications or operating systems. and can do any of the following: • Read. or network.Application-Layer Attack • An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. • Disable other security controls to enable future attacks. add.

Passive • Eavesdropping • Eavesdropping can occur when an attacker gains access to the data path in a network and has the ability to monitor and read the traffic. If the traffic is in plain text. . This is also called sniffing or snooping. An example is an attack performed by controlling a router on the data path. the attacker can read the traffic when the attacker gains access to the path.

Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. . • Read your communications. and capture network data exchanges and read network packets. monitor. a sniffer provides a full view of the data inside the packet. • Using a sniffer.Sniffer Attack • A sniffer is an application or device that can read. If the packets are not encrypted. an attacker can do any of the following: • Analyze your network and gain information to eventually cause your network to crash or to become corrupted.