Two Main Types of Attacks in A Computer System

0 14

The two main types of attacks in a computer system are passive attackssuch as sniffing traffic, and active attacks, such as releasing malware or creating a denial of service. An attack can be against any of the security services, confidentiality, integrity, availability, or authentication. 

Let’s take a look at each of these. 

  • Confidentiality is the protection of data against unauthorized disclosure. For example, if you’re in a medical facility, you wouldn’t want unauthorized individuals looking at patient information. 
  • Integrity is the protection of data from unauthorized modification. For example, if someone changed his or her salary from $12 an hour to $20 an hour, that would be a violation of integrity. 
  • Availability is ensuring data and services are available to authorized users. A denial-of-service attack locks out legitimate users and it’s an attack against availability. 
  • Authentication is an assurance that the communicating entity is who they say they are by verifying the identity of a user or a device. Now, hackers use various spoofing methods to gain access to privileged information. Defend against spoofing attacks by using authentication techniques.

Information about Passive Attacks

Passive attacks include something that you might not think is dangerous, such as eavesdropping using traffic analysis or tapping, which uses a network adapter card and promiscuous mode to capture all network packets on the local area network and examine the contents. 

Passive attacks include a more aggressive form of an attack called a reconnaissance attackIn this case, an attacker is trying to find out information about the network. Scanning techniques can vary, but there are some common scans and each has a different objective.

Most likely an attacker will do a ping sweepwhich is the set of ICMP echo packets that are sent to a network of machines that are usually specified within a range of IP addresses to see which ones will respond and are alive. 

After the attacker determines which ones are alive and responding, the attacker will then do a port scanwhich identifies TCP and UDP ports on a live target system, looking for services along with potential vulnerabilities. 

Once identified, the intruder can plan an attack on any weak services that he or she finds. 

Passive attacks are hard to detect. Someone may be monitoring transmissions and possibly capturing authentication information, such as usernames and passwords or router advertisementsThis can result in the disclosure of information to an attacker without the consent or knowledge of the user

Information about Active Attacks

Active attacks include when an attacker tries to break in and possibly alter the integrity of the system by stealing or modifying information, or introducing malicious code, such as viruses, worms, or Trojan horses.

Denial of Service Attack

Denial of service is an attack against availabilitywhich sends out multiple requests to a system in an effort to interrupt or suspend services to legitimate users. A simple denial of service attack is not effective. A distributed denial of service attack is more effective, as it uses armies of botnets to launch a more effective attack. Both can result in the system being overwhelmed and crashing or consuming all resources, such as processing, memory, or bandwidth.

Buffer Overflow

In a buffer overflowthe attacker sends out more information to an application than is expected. Buffers can hold a finite amount of data. The extra information can overflow and overwrite into adjacent buffersBuffer overflows are common, as programmers fail to check and validate his or her source codeand damage can range from unexpected errors to very bad resultssuch as a hacker gaining administrative access to the system and executing malicious code.

Password Attack

In a password attack, this is where an attacker tries to obtain the password stored in a network account database or password-protected file. Password attacks can use brute-force attack methods, rainbow table attacks, or packet sniffers.

Defend Against Passive and Passive Attacks

Defend Against Passive Attacks

With passive attacks, use prevention and detectionIn the case of prevention, we’d want to use encryption. By using encryption, if someone were to capture the data, they couldn’t read it unless they had a key. And detection, use intrusion detection systems to monitor for ping sweeps and port scans.

Defend Against Passive Attacks

With active attacks, defend against active attacks by using encryption, whether the data is at rest or in motion. If someone were able to obtain the data, they couldn’t read it unless they had a keyAnd policies, this may be as simple as frequent changes of passwords and strength of passwords. Physical controlsthese may be the most overlooked forms of securityControls include locks and smart cards. And device security, such as intrusion detection systems, intrusion prevention systems, firewalls, and switch port security. 

Manage Overall Risk

To reduce the overall risk to a network, security specialists should not only understand vulnerability scanning but also ethical hacking skills as well. On any network, there are passive and active attacks.

Check Point Live Cyber Threat Map
FireEye Cyber Threat Map

As we can see in these live attack maps, monitor and defend against attacks in a layered approach with various methods to protect against passive and active attacks.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More