Attacks Ch2

8/13/2019 Attacks Ch2

1/26

Chapter 2

Types of Attacks

1


2/26


3/26


4/26

Definition of Access Attacks

An Access Attack is an attempt to gaininformation that the intruder is notauthorized to see.

This attack may occur on stationary data ordata in transit.

These types of attacks are attacks againstthe confidentiality of the information.

4


5/26

Access Attack: SNOOPING

Snooping is looking through information filesin the hope of finding something that is ofvalue.

If on paper , the intruder will open draws to dothe snooping.

If on a computer system , the intruder willopen files to do the same type of snooping.

5


6/26

Access Attack: Eavesdropping

Eavesdropping is the act of listening to aconversation that is not their right to be partof.

Wireless networks are especially prone toeavesdropping.

Wireless networks bring with them manysecurity issues.

6


7/26

Access Attack: Interception

Unlike eavesdropping, interception is an

attack against the information. Intruders insert themselves in the path of

information. Once the information is captured and

examined, the attacker may decide to allowthe information to continue or not.

7


8/26

How are Attacks Accomplished

Access attacks take different forms dependingon whether the information is stored on paperor electronically in a computer system.

Paper records Filing cabinets, desks,drawers, printers, faxes, etc.

Electronic Records Servers, PCs, CD -ROMS,backup tapes, disks, etc

8


9/26

Types of Theft

Access can be achieved by physically

stealing the storage media. What is a Sniffer?

A sniffer is a computer that is configured to

capture all traffic on the network. A sniffer is used to capture user IDs,

Passwords and other access controls.9


10/26

Interception Challenge

Information access using interception isvery difficult.

On the internet, this could be done bycausing a name resolution change.

This is achieved by causing a computer to

resolve to an incorrect address. The traffic sent to the attackers system

instead of the real destination. BANKING INSTITUTION ATTACKS

10


11/26

How is Interception Done?

Interception can be accomplished by an

attacker taking over a session already inprogress. This type of attack is best performed against

interactive traffic such as telnet. The attacker allows the legitimate user to

begin the session with the server and thenuses specialized software to take over the

session. 11


12/26

Modification Attacks

A modification attack is an attempt to

modify information that an attacker is notauthorized to modify.

Such an attack can occur wherever the

information resides, stationary or intransit. This type of attack is an attack against the

integrity of the information. 12


13/26

Modification: Changes

This type of attack involves changing existing

information. Ie: Changing an employees salary Changing an employees bank records

The information is not removed, moved, justsimply modified.

13


14/26

Modification: Insertion

An insertion attack is the addition of

information to existing information. This is especially effective when used on

historical information that is yet to be

acted upon. For instance, an attacker may add lines to

bank records clearing accrued debt.

14


15/26

Modification: Deletion

A deletion attack is the removal of existinginformation.

An attacker may remove records of a banktransaction that indicate a due date for debtpayment.

It is a common practice for attackers to delete

information in transit. How can we tell it is happening?

CRC CHECKING

15


16/26

Modification Attacks in General

It is more difficult to mount a modificationattack on information in transit.

Attackers normally execute an interceptionattack against the traffic .

Then change the information before passing iton to the destination.

16


17/26

Definition of Denial of Service

Denial of Service (DoS) are attacks that denyuse of resources to legitimate users.

DoS attacks generally do not allow theattacker to access or modify information onthe computer system.

DoS attacks are simple but may be crippling tocertain organizations.

17


18/26

Denial of Access to Information A DoS attack against information causes that

information to be unavailable, which causesdenial of access to information.

This situation is especially important when thelocation of information has been changed.

18


19/26

Denial of Access to Applications These DoS attacks target applications that

manipulate or display information. For instance an attacker may choose to target

Microsoft Outlook & as a result all electroniccorrespondence is interupted.

19


20/26

Denial of Access to Systems

A common attack is to bring down a

computer system. This type of DoS results in the halting of all

processes in an organization which relies

on electronic transactions. What is an example of this type of Attack?

SHUTDOWN20


21/26

Denial of Access to Communications

DoS attacks against communications are very

common. Examples range from cutting a wire to jamming radio communications or floodingnetworks with excessive traffic.

In these attacks, the target is the medium ofcommunication and not the information.

21


22/26

Denial of Service in General

DoS attacks are primarily attacks againstcomputer systems and networks.

This is not to say that no DoS attacks takeplace against information on paper:

Intercepting a BANK van that carry trustdocuments.

22


23/26

Definition of Repudiation Attacks

A repudiation attack is an attack against

the accountability of information. Attackers attempt to give FALSE

information or deny a real event or

transaction from occurring.

23


24/26

Masquerading Attack

This is an attempt to act like or impersonate

someone else or some other system. This attack can occur in personal

communications, in transactions or in system

to system communications.

24


25/26

Denying an Event

Denying an event is simply disavowing that

the action was taken as it was logged. For instance, you receive a bill telling you that

you made credit card purchase, when in fact

you didnt.

25


26/26

How is Repudiation Attacks Done?

an example of a Repudiation Attack?

The from address of an email can bechanged at will by the sender.

NOTE: Denying an event in the electronic

world is much easier than in the physicalworld. WHY?

THERE ARE NO SIGNATURES26

Documents

Attacks Ch2