A Security Attack is an unauthorised attempt to steal, damage, or expose data from an information system such as your website. Active and Passive Attacks are security attacks.
In an Active attack, an attacker tries to modify the content of the messages. A passive attack is an attack on a system in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The passive attack, an attacker observes the messages, copy them and may use them for malicious purposes. ... Passive Attack is dangerous for Confidentiality.
How serious is a particular attack type, is depends on two things, how the attack is carried out and what damage is done to the compromised system. An attacker being able to see code on his machine is probably the most serious kind of attack for a home user. For an e-commerce company, a denial-of-service (DOS) attack or information leakage may be of more immediate concern. Each vulnerability that can lead to compromise can be traced to a particular category, or class of attack. The properties of each class give you a rough feel how serious an attack in that class is, as well as how hard it is to defend against.
We examine seven categorised attack types. These seven attack types are the general criteria used to classify security.
- Denial-of- service
- Information Leakage
- Regular file access
- Misinformation
- Special field/database access
- Remote arbitrary code executing
- Elevation of privileges
Denial-Of-Service :
A DOS attack takes place when availability to a resource is intentionally blocked or degraded by an attacker. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
Information Leakage:
Information leakage can be likened to leaky pipe. Whenever something comes out, it almost always undesirable and results in some sort of damage. Information Leakage is a category of software vulnerabilities in which information is unintentionally disclosed to end-users, potentially aiding attackers in their efforts to breach application security. The key criteria for Information Leakage is that the exposure is unintentional and useful to attackers.
Regular File Access:
Regular file access can give an attacker several different means from which to launch an attack. Regular file access may allow an attacker to gain access to sensitive information, such as the usernames or passwords of users on a system.
Misinformation:
Misinformation is false or inaccurate information that is communicated regardless of an intention to deceive. Examples of misinformation are false rumors, insults. For example Military wants to make his forces seem like less of a threat than they really are. Military hides his heavy weapons, and the greater part of his infantry while allowing visibility of only a small portion of his force.
Special File/Database Access:
Methods used to gain access to a system are through special files and database access.
Remote Arbitrary Code execution:
Remote code execution is the ability an attacker has to access someone else's computing device and make changes, no matter where the device is geographically located. ... The best way to protect a computer from a remote code execution vulnerability is to fix holes that allow an attacker to gain access.In computer systems, arbitrary code execution refers to an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. a remote code execution vulnerability is to fix holes that allow an attacker to gain access. In computer systems, arbitrary code execution refers to an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process.
0 comments:
Post a Comment