8/13/2019 Attacks Ch2
1/26
Chapter 2
Types of Attacks
1
8/13/2019 Attacks Ch2
2/26
8/13/2019 Attacks Ch2
3/26
8/13/2019 Attacks Ch2
4/26
Definition of Access Attacks
An Access Attack is an attempt to gaininformation that the intruder is notauthorized to see.
This attack may occur on stationary data ordata in transit.
These types of attacks are attacks againstthe confidentiality of the information.
4
8/13/2019 Attacks Ch2
5/26
Access Attack: SNOOPING
Snooping is looking through information filesin the hope of finding something that is ofvalue.
If on paper , the intruder will open draws to dothe snooping.
If on a computer system , the intruder willopen files to do the same type of snooping.
5
8/13/2019 Attacks Ch2
6/26
Access Attack: Eavesdropping
Eavesdropping is the act of listening to aconversation that is not their right to be partof.
Wireless networks are especially prone toeavesdropping.
Wireless networks bring with them manysecurity issues.
6
8/13/2019 Attacks Ch2
7/26
Access Attack: Interception
Unlike eavesdropping, interception is an
attack against the information. Intruders insert themselves in the path of
information. Once the information is captured and
examined, the attacker may decide to allowthe information to continue or not.
7
8/13/2019 Attacks Ch2
8/26
How are Attacks Accomplished
Access attacks take different forms dependingon whether the information is stored on paperor electronically in a computer system.
Paper records Filing cabinets, desks,drawers, printers, faxes, etc.
Electronic Records Servers, PCs, CD -ROMS,backup tapes, disks, etc
8
8/13/2019 Attacks Ch2
9/26
Types of Theft
Access can be achieved by physically
stealing the storage media. What is a Sniffer?
A sniffer is a computer that is configured to
capture all traffic on the network. A sniffer is used to capture user IDs,
Passwords and other access controls.9
8/13/2019 Attacks Ch2
10/26
Interception Challenge
Information access using interception isvery difficult.
On the internet, this could be done bycausing a name resolution change.
This is achieved by causing a computer to
resolve to an incorrect address. The traffic sent to the attackers system
instead of the real destination. BANKING INSTITUTION ATTACKS
10
8/13/2019 Attacks Ch2
11/26
How is Interception Done?
Interception can be accomplished by an
attacker taking over a session already inprogress. This type of attack is best performed against
interactive traffic such as telnet. The attacker allows the legitimate user to
begin the session with the server and thenuses specialized software to take over the
session. 11
8/13/2019 Attacks Ch2
12/26
Modification Attacks
A modification attack is an attempt to
modify information that an attacker is notauthorized to modify.
Such an attack can occur wherever the
information resides, stationary or intransit. This type of attack is an attack against the
integrity of the information. 12
8/13/2019 Attacks Ch2
13/26
Modification: Changes
This type of attack involves changing existing
information. Ie: Changing an employees salary Changing an employees bank records
The information is not removed, moved, justsimply modified.
13
8/13/2019 Attacks Ch2
14/26
Modification: Insertion
An insertion attack is the addition of
information to existing information. This is especially effective when used on
historical information that is yet to be
acted upon. For instance, an attacker may add lines to
bank records clearing accrued debt.
14
8/13/2019 Attacks Ch2
15/26
Modification: Deletion
A deletion attack is the removal of existinginformation.
An attacker may remove records of a banktransaction that indicate a due date for debtpayment.
It is a common practice for attackers to delete
information in transit. How can we tell it is happening?
CRC CHECKING
15
8/13/2019 Attacks Ch2
16/26
Modification Attacks in General
It is more difficult to mount a modificationattack on information in transit.
Attackers normally execute an interceptionattack against the traffic .
Then change the information before passing iton to the destination.
16
8/13/2019 Attacks Ch2
17/26
Definition of Denial of Service
Denial of Service (DoS) are attacks that denyuse of resources to legitimate users.
DoS attacks generally do not allow theattacker to access or modify information onthe computer system.
DoS attacks are simple but may be crippling tocertain organizations.
17
8/13/2019 Attacks Ch2
18/26
Denial of Access to Information A DoS attack against information causes that
information to be unavailable, which causesdenial of access to information.
This situation is especially important when thelocation of information has been changed.
18
8/13/2019 Attacks Ch2
19/26
Denial of Access to Applications These DoS attacks target applications that
manipulate or display information. For instance an attacker may choose to target
Microsoft Outlook & as a result all electroniccorrespondence is interupted.
19
8/13/2019 Attacks Ch2
20/26
Denial of Access to Systems
A common attack is to bring down a
computer system. This type of DoS results in the halting of all
processes in an organization which relies
on electronic transactions. What is an example of this type of Attack?
SHUTDOWN20
8/13/2019 Attacks Ch2
21/26
Denial of Access to Communications
DoS attacks against communications are very
common. Examples range from cutting a wire to jamming radio communications or floodingnetworks with excessive traffic.
In these attacks, the target is the medium ofcommunication and not the information.
21
8/13/2019 Attacks Ch2
22/26
Denial of Service in General
DoS attacks are primarily attacks againstcomputer systems and networks.
This is not to say that no DoS attacks takeplace against information on paper:
Intercepting a BANK van that carry trustdocuments.
22
8/13/2019 Attacks Ch2
23/26
Definition of Repudiation Attacks
A repudiation attack is an attack against
the accountability of information. Attackers attempt to give FALSE
information or deny a real event or
transaction from occurring.
23
8/13/2019 Attacks Ch2
24/26
Masquerading Attack
This is an attempt to act like or impersonate
someone else or some other system. This attack can occur in personal
communications, in transactions or in system
to system communications.
24
8/13/2019 Attacks Ch2
25/26
Denying an Event
Denying an event is simply disavowing that
the action was taken as it was logged. For instance, you receive a bill telling you that
you made credit card purchase, when in fact
you didnt.
25
8/13/2019 Attacks Ch2
26/26
How is Repudiation Attacks Done?
an example of a Repudiation Attack?
The from address of an email can bechanged at will by the sender.
NOTE: Denying an event in the electronic
world is much easier than in the physicalworld. WHY?
THERE ARE NO SIGNATURES26
Top Related