Scribd
Upload
66 views4 pages

Attacks

This document discusses various types of attacks on integrity, confidentiality, and availability. It describes authentication attacks like password guessing that allow impersonating users, and session attacks that hijack existing connections. Content-based attacks use malicious software and social engineering tricks users. Protocol attacks target cryptographic weaknesses. Solutions include strong authentication, encryption, user education, and monitoring systems. Attacks on confidentiality aim to disclose sensitive data through interception, inadvertent sharing, or deducing information. Availability attacks interfere with or overwhelm systems to deny access. Defenses involve filtering, segmentation, adding capacity, and detecting anomalous traffic.

Uploaded by

AmoOonz
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
66 views4 pages

Attacks

This document discusses various types of attacks on integrity, confidentiality, and availability. It describes authentication attacks like password guessing that allow impersonating users, and session attacks that hijack existing connections. Content-based attacks use malicious software and social engineering tricks users. Protocol attacks target cryptographic weaknesses. Solutions include strong authentication, encryption, user education, and monitoring systems. Attacks on confidentiality aim to disclose sensitive data through interception, inadvertent sharing, or deducing information. Availability attacks interfere with or overwhelm systems to deny access. Defenses involve filtering, segmentation, adding capacity, and detecting anomalous traffic.

Uploaded by

AmoOonz
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Attacks

Attacks on integrity: Preventing the modification and preserving the consistency of information.

Attack Type Description Solution


Allows an attacker to masquerade as a user with
higher privileges than themselves. by  User education on how to create a password that is difficult to
crack.
 Shoulder-surfing
Authentication attack  Password guessing
 Encrypted access.
 Add strong authentication e.g. on-time passwords or
 Disclosure of unauthorized sources
cryptographic tokens.
 Sniffing of password from network connections.
Allows an attacker to take over a connection after
initial authentication has taken place. Or when the  Encryption or continual authentication
Session attack system does not realize that the session is over and  Segmentation and isolation of management networks
allows another user to use the same session.
Software, email attachment, or webpage that appear
 Policies for the proper use / view of programs.
Content-based attack to be harmless or legitimate but it’s actually designed
 Content inspections software, e.g. virus scan.
to be malicious
Take advantage of weaknesses in cryptographic
Protocol attack system. Attack the timing mechanism, bit flipping,  Design and use strong cryptographic protocols
and use of mathematical errors to derive keys.
Incorrectly Allowing unwanted traffic or access into  Scanner tools to examine network traffic
Inadvertent access methods the network or system.  Good network review and planning.
Sometimes users can be tricked into disclosing
Social engineering information to an unauthorized party
 Users education

Unexpected input Some programs can be attacked by presenting  Perform careful design review to ensure that all programs check for
them with malformed input of various types metacharacter, boundary conditions, and general integrity and
correct formatting of input data.
 Allow only strong, trustworthy protocols through perimeter
security devices and extending access only to a limited group of
authorized users.
 Use an intrusion detection system
 Promptly apply any security-related patches that vendors releases.
 Maintain a clear audit trial
Not all users can be trusted. 80% of attacks come  Give users only those privileges necessary to perform their job
Abuse of privileges from inside the organization duties
 Distribute high value responsibilities among several employees
 Ensure the weakest link in your trust relationship design is
Computers often trust each other in implicit and
Trust relationship strong enough
explicit ways. Attackers exploit trust relationships to
exploitation  Careful design of trust relationship to eliminate unnecessary
"leapfrog" from system to another.
dependencies
 Regular review of system integrity
Backdoors are designed to give access to program  Code review
Exploitation of backdoors and data by a higher authorized entity.  Restriction of unnecessary protocols through perimeter
security.
Attacks on Confidentiality: Preventing the unauthorised disclosure of sensitive information.

Attack Type Description Solution


 Develop confidentiality policies and educate users about those
policies
Information accidentally made available to an
Inadvertent disclosure attacking party  Content screening of outbound information for keywords such
as "confidential" can prevent accidental disclosure by
employment.
 Encryption
Information can be intercepted as it cross untrusted  VPN
Interception of information medium  Physical restriction of secure channels
 Segmentations of the network into specific blocks
Is the process of monitoring electromagnetic
Van-Eck bugging emanations from electronic devices from a distance.
 Faraday cages and other COMSEC precautions

Sometimes users can be tricked into disclosing  Develop confidentiality policies and educate users about those
Social engineering information to an unauthorized party policies.
Are present on any system that shares resources
among multiple users according to a non-
 Protocol review detection of attempts to cause leakage of
deterministic method. Convert channels allow user to
Convert channels deduce the types of tasks other users are performing
information
 Network segmentations
or the contents of data sets, based on how a system
changes behavior.
Allow attacker to deduce classified
Data aggregation information from unclassified information
 Careful review of information made public
Attacks on Availability: Authorised users should have timely and uninterrupted access to information or network.

Attack Type Description Solution


Prevent weak signal from being received by  Rate filters
broadcasting a stronger radio implementation.  Ingress filtering
Interference/ jamming Accessing and communicating in a rate faster than the  Detection and manual insertion of filters
computer can processing its tasks.  Adding additional capacity
Prevent attack data from being logged or make attack  Statistical analysis to prevent chaffing
Audit suppression data look legitimate.  Private management channels
Unexpected input causes a system to crash or behave  Perform careful design
Unexpected input erratically.  Promptly apply any security-related patches

You might also like