The two main types of attacks in a computer system are passive attacks, such as sniffing traffic, and active attacks, such as releasing malware or creating a denial of service. An attack can be against any of the security services, confidentiality, integrity, availability, or authentication.
Let’s take a look at each of these.
- Confidentiality is the protection of data against unauthorized disclosure. For example, if you’re in a medical facility, you wouldn’t want unauthorized individuals looking at patient information.
- Integrity is the protection of data from unauthorized modification. For example, if someone changed his or her salary from $12 an hour to $20 an hour, that would be a violation of integrity.
- Availability is ensuring data and services are available to authorized users. A denial-of-service attack locks out legitimate users and it’s an attack against availability.
- Authentication is an assurance that the communicating entity is who they say they are by verifying the identity of a user or a device. Now, hackers use various spoofing methods to gain access to privileged information. Defend against spoofing attacks by using authentication techniques.
Information about Passive Attacks
Passive attacks include something that you might not think is dangerous, such as eavesdropping using traffic analysis or tapping, which uses a network adapter card and promiscuous mode to capture all network packets on the local area network and examine the contents.
Passive attacks include a more aggressive form of an attack called a reconnaissance attack. In this case, an attacker is trying to find out information about the network. Scanning techniques can vary, but there are some common scans and each has a different objective.
Most likely an attacker will do a ping sweep, which is the set of ICMP echo packets that are sent to a network of machines that are usually specified within a range of IP addresses to see which ones will respond and are alive.
After the attacker determines which ones are alive and responding, the attacker will then do a port scan, which identifies TCP and UDP ports on a live target system, looking for services along with potential vulnerabilities.
Once identified, the intruder can plan an attack on any weak services that he or she finds.
Passive attacks are hard to detect. Someone may be monitoring transmissions and possibly capturing authentication information, such as usernames and passwords or router advertisements. This can result in the disclosure of information to an attacker without the consent or knowledge of the user.
Information about Active Attacks
Active attacks include when an attacker tries to break in and possibly alter the integrity of the system by stealing or modifying information, or introducing malicious code, such as viruses, worms, or Trojan horses.
Denial of Service Attack
Denial of service is an attack against availability, which sends out multiple requests to a system in an effort to interrupt or suspend services to legitimate users. A simple denial of service attack is not effective. A distributed denial of service attack is more effective, as it uses armies of botnets to launch a more effective attack. Both can result in the system being overwhelmed and crashing or consuming all resources, such as processing, memory, or bandwidth.
In a buffer overflow, the attacker sends out more information to an application than is expected. Buffers can hold a finite amount of data. The extra information can overflow and overwrite into adjacent buffers. Buffer overflows are common, as programmers fail to check and validate his or her source code, and damage can range from unexpected errors to very bad results, such as a hacker gaining administrative access to the system and executing malicious code.
In a password attack, this is where an attacker tries to obtain the password stored in a network account database or password-protected file. Password attacks can use brute-force attack methods, rainbow table attacks, or packet sniffers.
Defend Against Passive and Passive Attacks
Defend Against Passive Attacks
With passive attacks, use prevention and detection. In the case of prevention, we’d want to use encryption. By using encryption, if someone were to capture the data, they couldn’t read it unless they had a key. And detection, use intrusion detection systems to monitor for ping sweeps and port scans.
Defend Against Passive Attacks
With active attacks, defend against active attacks by using encryption, whether the data is at rest or in motion. If someone were able to obtain the data, they couldn’t read it unless they had a key. And policies, this may be as simple as frequent changes of passwords and strength of passwords. Physical controls, these may be the most overlooked forms of security. Controls include locks and smart cards. And device security, such as intrusion detection systems, intrusion prevention systems, firewalls, and switch port security.
Manage Overall Risk
To reduce the overall risk to a network, security specialists should not only understand vulnerability scanning but also ethical hacking skills as well. On any network, there are passive and active attacks.
As we can see in these live attack maps, monitor and defend against attacks in a layered approach with various methods to protect against passive and active attacks.