Professional Documents
Culture Documents
Types of Attacks
Attacks in General
Bad things can happen to an organization in a number of ways. Bad things can be split into 2 groups.
Malicious or Accidental
Either way they are called attacks. There are 4 primary categories of attacks.
2
Categories of Attacks
There are four primary categories of attacks:
Access Modification Denial of Service Repudiation
Types of Theft
Access can be achieved by physically stealing the storage media. What is a Sniffer? A sniffer is a computer that is configured to capture all traffic on the network. A sniffer is used to capture user IDs, Passwords and other access controls.
9
Interception Challenge
Information access using interception is very difficult. On the internet, this could be done by causing a name resolution change. This is achieved by causing a computer to resolve to an incorrect address. The traffic sent to the attackers system instead of the real destination. BANKING INSTITUTION ATTACKS
10
11
Modification Attacks
A modification attack is an attempt to modify information that an attacker is not authorized to modify. Such an attack can occur wherever the information resides, stationary or in transit. This type of attack is an attack against the integrity of the information.
12
Modification: Changes
This type of attack involves changing existing information. Ie:
Changing an employees salary Changing an employees bank records
Modification: Insertion
An insertion attack is the addition of information to existing information. This is especially effective when used on historical information that is yet to be acted upon. For instance, an attacker may add lines to bank records clearing accrued debt.
14
Modification: Deletion
A deletion attack is the removal of existing information. An attacker may remove records of a bank transaction that indicate a due date for debt payment. It is a common practice for attackers to delete information in transit. How can we tell it is happening? CRC CHECKING
15
16
17
18
19
22
23
Masquerading Attack
This is an attempt to act like or impersonate someone else or some other system. This attack can occur in personal communications, in transactions or in system to system communications.
24
Denying an Event
Denying an event is simply disavowing that the action was taken as it was logged. For instance, you receive a bill telling you that you made credit card purchase, when in fact you didnt.
25