Classes of attack might includepassive monitoring of communications, active network attacks, close-in attacks,
exploitation by insiders, and attacks through the service provider. Information
systems and networks offer attractive targets and should be resistant to attack
from the full range of threat agents, from hackers to nation-states. A system
must be able to limit damage and recover rapidly when attacks occur. There are five types of attack:
A passive attack monitors unencrypted traffic and looksfor clear-text passwords and sensitive information that can be used in other
types of attacks. Passiveattacks includetraffic analysis, monitoring of unprotected communications, decrypting weakly
encrypted traffic, and capturing authentication information such as passwords.
Passive interception of network operations enables adversaries to see upcoming
actions. Passive attacks result in the disclosure of information or data files
to an attacker without the consent or knowledge of the user.
Active AttackIn an active attack, the attacker tries to bypass or breakinto secured systems. This can be done through stealth, viruses, worms, or
Trojan horses. Active attacks include attempts to circumvent or break
protection features, to introduce malicious code, and to steal or modify
information. These attacks are mounted against a network backbone, exploit
information in transit, electronically penetrate an enclave, or attack an
authorized remote user during an attempt to connect to an enclave. Active
attacks result in the disclosure or dissemination of data files, DoS, or
modification of data.
Distributed AttackA distributed attack requires that the adversary introducecode, such as a Trojan horse or back-door program, to a “trusted” component or
software that will later be distributed to many other companies and users
Distribution attacks focus on the malicious modification of hardware or
software at the factory or during distribution. These attacks introduce
malicious code such as a back door to a product to gain unauthorized access to
information or to a system function at a later date.
Insider AttackAn insider attack involves someone from the inside, suchas a disgruntled employee, attacking the network Insider attacks can be
malicious or no malicious. Malicious insiders intentionally eavesdrop, steal,
or damage information; use information in a fraudulent manner; or deny access
to other authorized users. No malicious attacks typically result from carelessness,
lack of knowledge, or intentional circumvention of security for such reasons as
performing a task
Close-in AttackA close-in attack involves someone attempting to getphysically close to network components, data, and systems in order to learn more
about a network Close-in attacks consist of regular individuals attaining close
physical proximity to networks, systems, or facilities for the purpose of
modifying, gathering, or denying access to information. Close physical
proximity is achieved through surreptitious entry into the network, open
access, or both.
Onepopular form of close in attack is socialengineering in asocial engineering attack, the attacker compromises the network or system
through social interaction with a person, through an e-mail message or phone.
Various tricks can be used by the individual to revealing information about the
security of company. The information that the victim reveals to the hacker
would most likely be used in a subsequent attack to gain unauthorized access to
a system or network.
In phishing attack the hacker creates a fake website that looks exactly like a popular site such as the SBI bank or paypal. The
phishing part of the attack is that the hacker then sends an e-mail message
trying to trick the user into clicking a link that leads to the fake site. When
the user attempts to log on with their account information, the hacker records
the username and password and then tries that information on the real site.
Hijack attack In a hijack attack, a hacker takesover a session between you and another individual and disconnects the other
individual from the communication. You still believe that you are talking to
the original party and may send private information to the hacker by accident.
Spoof attack In a spoof attack, the hacker modifiesthe source address of the packets he or she is sending so that they appear to
be coming from someone else. This may be an attempt to bypass your firewall
Buffer overflow A buffer overflow attack is whenthe attacker sends more data to an application than is expected. A buffer
overflow attack usually results in the attacker gaining administrative access
to the system in a ommand prompt or shell.
Exploit attack In this type of attack, the attackerknows of a security problem within an operating system or a piece of software
and leverages that knowledge by exploiting the vulnerability.
Password attack An attacker tries to crack thepasswords stored in a network account database or a password-protected file.
There are three major types of password attacks: a dictionary attack, a
brute-force attack, and a hybrid attack. A dictionary attack uses a word list
file, which is a list of potential passwords. A brute-force attack is when the
attacker tries every possible combination of characters.