Types
of Attacks on a System
These are the Passive type of Computer Attacks:
Eavesdropping:
This is the process of listening in or overhearing parts of a
conversation. It also includes attackers listening in on your network traffic.
Its generally a passive attack, for example, a coworker may overhear your
dinner plans because your speaker phone is set too loud. The opportunity to
overhear a conversation is coupled with the carelessness of the parties in the
conversation.
Identity
spoofing:
Every computer has an IP address, due to which it
is considered as a valid and independent entity on the network. One of the
common computer attacks is to assume the identity of another computer. Here IP
packets may be sent from valid addresses and gain access to a particular IP.once
access is gained, the data on the system may be deleted, modified or rerouted
.Alternatively, the hacker can make use of this hacked IP and cause attacks on
the other systems within or outside the network.
Snooping
Attacks:
This is when someone looks through your files in
the hopes of finding something interesting whether it is electronic or on
paper. In the case of physical snooping people might inspect your dumpster,
recycling bins, or even your file cabinets; they can look under your keyboard
for post-It-notes, or look for scraps of paper tracked to your bulletin board.
Computer snooping on the other hand involves someone searching through your
electronic files trying to find something interesting.
Interception:
This can be either an active or passive process.
In a networked environment, a passive interception might involve someone who
routinely monitors network traffic. Active interception might include putting a
computer system between sender and receiver to capture information as it is
sent. From the perspective of interception, this process is covert. The last
thing a person on an intercept mission wants is to be discovered. Intercept
missions can occur for years without the knowledge of the intercept parties.
Replay
Attacks: (Replay an authentication session to fool a
computer into granting access)
These are becoming quite common, this occur when
information is captured over a network. Replay attacks are used for access or
modification attacks. In a distributed environment, logon and password
information is sent over the network between the client and the authentication
system. The attacker can capture this information and replay it later. This can
also occur security certificates from systems such as Kerberos: The attacker
resubmits the certificate, hoping to be validated by the authentication system,
and circumvent any time sensitivity.
Data
Modification Attacks:
This involves the deletion, insertion, or
alteration of information in an unauthorized manner that is intended to appear
genuine to the user. These attacks can be very hard to detect. The motivation
of this type of attack may be to plant information, change grades in a class,
alter credit card records, or
something similar. Website defacements are a common form of modification
attacks.
Repudiation
Attacks:
This makes data or information to appear to be
invalid or misleading (Which can even be worse). For example, someone might access your email server and
inflammatory information to others under the guise of one of your top managers.
This information might prove embarrassing to your company and possibly do
irreparable harm. This type of attack is fairly easy to accomplish because most
email systems don't check outbound email for validity. Repudiation attacks like
modification attacks usually begin as access attacks.
Dos
Attacks:
Denial of
service (DoS) forces the
target computer to allocate so much memory for TCP connections so that it runs
out of memory.
1.
Ping of death - Uses IP
to cause large packets to be reassembled in order to make the target computer
crash.
2.
A common DoS attack is to open as many TCP
sessions as possible; This type of attack is called TCP SYN flood DoS attack.
DDos
Attacks:
Distributed Denial-of-services this is similar to a DoS attack. This type of attack
amplifies the concepts of DoS attacks by using multiple computer systems to
conduct the attack against a single organization. These attacks exploit the
inherent weaknesses of dedicated networks such as DSL and Cable. The conclusion
is that uses many machines to attack one system or network.
Password
Guessing Attacks:
This occurs when an account is attacked
repeatedly. This is accomplished by sending possible passwords to an account in
a systematic manner. These attacks are initially carried out to gain passwords
for an access or modification attack. There are two types of password guessing
attacks:
Brute-force attack: Attempt
to guess a password until a successful guess occurs. This occurs over a long
period. To make passwords more difficult to guess, they should be longer than
two or three characters (Six should be the bare minimum), be complex and have
password lockout policies.
Dictionary attack: This
uses a dictionary of common words to attempt to find the users password.
Dictionary attacks can be automated, and several tools exist in the public
domain to execute them.
Man-in-the-Middle
Attacks:
During this
attack an attacker can read, insert and modify any messages between two other
people or computers without either victim knowing that the connection between
them has been compromised. The attacker can observe and intercept messages
going between the two victims. The attacker can change the message content
going to both victims.
Back
door Attacks:
Also called a trapdoor this can have two
different meanings, the original term back door referred to troubleshooting and
developer hooks into systems. During the development of a complicated operating
system or application, programmers add back doors or maintenance hooks. These
back doors allow them to examine operations inside the code while the program
is running.
The second type of back door refers to gaining access to a network and
inserting a program or utility that creates an entrance for an attacker. The
program may allow a certain user to log in without a password or gain
administrative privileges. A number of tools exist to create a back door attack
such as, Back Orifice (Which has been updated to work with windows server 2003
as well as earlier versions), Subseven, NetBus, and Net Devil. There are many
more. Fortunately, most anti-virus software will recognize these attacks.
Spoofing
Attacks:
A spoofing attack is when a malicious party
impersonates another device or user on a network in order to launch attacks
against networks hosts, steal data, spread malware, or bypass access controls.
There are several different types of spoofing attacks that malicious parties
can use to accomplish this. Some of the most common methods include IP address
spoofing attacks, ARP (Address resolution Protocols) spoofing attacks and DNS
server spoofing attacks.
Compromised-Key
Attacks:
To store sensitive data, a secret code or number
may be used. Obtaining the key is no doubt a real huge task for the hacker; it
is possible that after intense research the hacker is indeed able to lay his
hands on the key. Once the key is in possession of the hacker will now have
access to the sensitive data and can make change to the data.However, there are
also chances that the hacker will try different permutations and combination of
the key to gain access to other sets of sensitive data as well.
Application-Layer
Attacks:
The aim of the application layer attack is to
cause fault in the server’s operating system once a fault is created in the
operating system, the hacker is able to gain access to the server controls.
This in turn leads to the hacker modifying the data in various ways. A virus
may be introduced into the system or may send numerous requests to the server,
which can result in its crash or security controls may be disabled, due to
which restoring the server back can became difficult.
