In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access

to or make unauthorized use of an asset.

Phenomenology
An attack can be active or passive. An "active attack" attempts to alter system resources or affect their operation.A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. (E.g., see: wiretapping.) [Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of
telephone and Internet conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it]

An attack can be perpetrated by an insider or from outside the organization;An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. An "outside attack" is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.The term "attack" relates to some other basic security terms as shown in the following diagram:[2]
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+ | An Attack: | |Counter- | | A System Resource: | | i.e., A Threat Action | | measure | | Target of the Attack | | +----------+ | | | | +----------------+ | | | Attacker |<==================||<========= | | | | i.e., | Passive | | | | | Vulnerability | | | | A Threat |<=================>||<========> | | | | Agent | or Active | | | | +-------|||------+ | | +----------+ Attack | | | | VVV | | | | | | Threat Consequences | + - - - - - - - - - - - - + + - - - - + + - - - - - - - - - -+

A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the Confidentiality, Integrity or Availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers). The so called CIA triad is the basis of Information Security.

The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises Confidentiality. A Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).[2] A set of policies concerned with information security management, the Information Security Management Systems (ISMS), has been developed to manage, according to Risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.[7] An attack should led to a security incident i.e. a security event that involves a security violation. In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached. The overall picture represents the risk factors of the risk scenario.[8] An organization should make steps to detect, classify and manage security incidents. The first logical step is to set up an Incident response plan and eventually a Computer emergency response team. In order to detect attacks, a number of countermeasures can be set up at organizational, procedural and technical levels. Computer emergency response team, Information technology security audit and Intrusion detection system are example of these.

Types of attacks
An attack usually is perpetrated by someone with bad intentions: Black hatted attacks falls in this category, while other perform Penetration testing on an organization information system to find out if all foreseen controls are in place. The attacks can be classified according to their origin: i.e. if it is conducted using one or more computers: in the last case is called a distributed attack. Botnet are used to conduct distributed attacks. Other classifications are according to the procedures used or the type of vulnerabilities exploited: attacks can be concentrated on network mechanisms or host features. Some attacks are physical: i.e. theft or damage of computers and other equipments. Other are logical, trying to force changes in the logic used by computers or network protocols in order to achieve unforeseen (by the original designer) result but useful for the attacker. The general term used to describe the category of software used to logically attacking computers is called malware. The following is a partial short list of attacks:

Passive

Network wiretapping Port scanner Idle scan Active o Denial-of-service attack o Spoofing o Network Man in the middle ARP poisoning Ping flood Ping of death Smurf attack o Host Buffer overflow Heap overflow Format string attack

For a partial list look at Category:Computer security software companies They offer different products and services, aimed at:

study all possible attacks category publish books and articles about the subject discovering vulnerabilities evaluating the risks fixing vulnerabilities invent, design and deploy countermeasures set up contingency plan in order to be ready to respond

Many organization are trying to classify vulnerability and their consequence: the most famous vulnerability database is the Common Vulnerabilities and Exposures The Computer emergency response teams were set up by government and large organization to handle computer security incidents.
Port scanner

A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. A port scan or portscan is "An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service."[1] To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port

The idle scan is a TCP port scan method that consists of sending spoofed packets to a computer[1] to find out what services are available. This is accomplished by impersonating another computer called a "zombie" (that is not transmitting or receiving information) and observing the behavior of the zombie system. This action can be done through common software network utilities such as nmap and hping. The attack involves sending forged packets to a specific machine target in an effort to find distinct characteristics of another zombie machine. The attack is sophisticated because there is no interaction between the attacker computer and the target: the attacker interacts only with the "zombie" computer. This exploit is dual-hatted as a port scanner and a mapper of trusted IP relationships between machines. The target system interacts with the "zombie" computer and difference in behaviour can be observed using different "zombies" with evidence of different privileges granted by the target to different computers.