Skip to main content

Types of Attacks


Types of Attacks:-
   We shall classify attacks with respect to two views: the common person’s view and a technologist’s vies.
1     Attacks: A General View
                                            From a common person’s point of view, we can classify attacks into three categories, as shown below.
Criminal Attacks   criminal attacks are the simplest to understand. Here, the sole aim of the attackers is to maximize financial gain by attacking computer systems. The lists some forms of criminal attacks.
Attack
Description
Fraud
 
 
Scams
 
 
 
 
 
 
Destruction
 
 
 
 
 
Identity theft
 
 
 
 
 
 
Intellectual property theft
 
Brand theft
Modern fraud attacks concentrate on manipulating some aspects of electronic currency, credit cards, electronic stock certificates, checks, letters of credit, purchase orders, ATMs, etc.
Scams come in various forms, some of the most common ones being sale of services, auctions, multi-level marketing schemes, general merchandise and business opportunities, etc. People are enticed to send money in return of great profits, but end up losing their money. A very common example is the Nigeria scam, where an email from Nigeria (and other African countries ) entices people to deposit money into  a bank account with a promise of hefty gains. Whosoever gets caught in this scam loses money heavily.
Some sort of grudge is the motive behind such attacks. For example, unhappy employees attack their own organization, whereas terrorists strike at much bigger levels. For example, in the year 2000, there was an attack against popular Internet sites such as Yahoo!, CNN, eBay, Buy.com, Amazon.com and E*TRADE where authorized users of these sites failed to log in or access these sites.
This is best understood with a quote from Bruce Schneier: Why steal from someone when you can just become that person? In other words, an attacker does not steal anything from a legitimate user – he becomes that legitimate user! For example, it is much easier to manage to get the password of someone else’s bank account or to actually be able to get a credit card on someone else’s name. Then that privilege can be misused until it gets detected.
Intellectual property theft ranges from stealing companies’ trade secrets, databases, digital music and videos, electronic documents and books, software and so on.
 
It is quite easy to set up fake Web sites that look like real Web sites. How would a common user know if she is visiting the HDFC Bank site or an attacker’s site? Innocent users end up providing their secrets and personal details on these fake sites to the attackers. The attackers use these details to then access the real site, causing an identity theft.
 Publicity Attacks:-
                                 Publicity attacks occur because the attackers want to see their names appear on television news channels and newspapers. History suggests that these types of attackers are usually not hardcore criminals. They are people such as students in universities or employees in large organizations, who seek publicity by adopting a novel approach of attacking computer systems.
One form of publicity attacks is to damage (or deface) the Web pages of a site by attacking it. One of the most famous such attacks occurred on the US Department of Justice’s Web site in 1996. The New York times home page was also famously defaced two years later.
Legal Attacks:-
                           This form of attack is quite novel and unique. Here, the attacker tries to make the judge or the jury doubtful about the security of a computer system. This works as follows. The attacker attacks the computer system and the attacked party (say a bank or an organization) manages to take the attacker to the court. While the case is being fought, the attacker tries to convince the judge and the jury that there Is inherent weakness in the computer system and that she has done nothing wrongful. The aim of the attacker is to exploit the weakness of the judge and the jury in technology matters.
For example, an attacker may sue a bank for a performing an online transaction, which she never wanted to perform. In court, she could innocently say something like the bank’s Web site asked me to enter a password and that is all that I provided; I do not know what happened thereafter. A judge is likely to sympathize with the attacker!
2  Attacks: A Technical View:-
                                                    From the technical point of view, we can classify the type of attacks on computer and network systems into two categories for better understanding: (a) Theoretical concept behind these attacks and (b) Practical approaches uses by the attackers. Let us discuss these one-by-one.
Theoretical Concepts        As we discuss earlier, the principles of security face threat from various attacks. These attacks are generally classified into four categories, as mentioned earlier, they are:
·         Interception – Discussed in the context of confidentiality, earlier. It means that an unauthorized party has gained access to a resource. The party can be a person, program or computer- based system. Examples of interception are copying of data or programs and listening to network traffic.
·         Fabrication --   Discussed in the context of authentication, earlier. This involves creation of illegal object on a computer system. For example, the attacker may add fake records to a database.
·         Modification – Discussed in the context of integrity, earlier. For example the attacker may modify the values in a database.
·         Interruption -- Discussed in the context of availability, earlier. Here, the resource becomes unavailable, lost or unusable. Examples of interruption are causing problems to a hardware device, erasing program, data or operating systems components.
These attacks are further grouped into two types: Passive attacks and Active attacks. Let us discuss these two attacks now.
Passive Attacks:        Passive attacks are those, wherein the attacker indulges in eavesdropping or monitoring of data transmission. In other words, the attacker aims to obtain information that is in transit. The term passive indicates that the attacker does not attempt to perform any modifications to the data. In fact, this is also why passive attacks are harder to detect. Thus, the general approach to deal with passive attack is to think about prevention, rather than detection or corrective actions.
Passive attacks do not involve any modifications to the contents of an original message.
Fig.  Shows further classification of passive attacks into two sub-categories. These categories are namely, release of message contents and traffic analysis.
Release of message contents is quite simple to understand. When we send a confidential email message to our friend, we desire that only she be able to access it. Otherwise, the contents of the message are released against our wishes to someone else. Using certain security mechanisms, we can prevent release of message contents. For example, we can encode messages using a code language, so that only the desired parties understand the contents of a message, because only they know the code language. However, if many such messages are passing through, a passive attacker could try to figure out similarities between them to come up with some sort of pattern that provides her some clues regarding the communication that is taking place. Such attempts of analyzing (encoded) messages ot come up with likely patterns are the work of the traffic analysis attack.
Active attacks:        unlike passive attacks, the active attacks are based on modification of the original message in some manner or the creation of a false message. These attacks cannot be prevented easily. However, they can be detected with some effort and attempts can be made to recover from them. These attacks can be in the form of interruption, modification and fabrication.
In active attacks, the contents of the original message are modified in some way.
·         Trying to pose as another entity involves masquerade attacks.
·         Modification attacks can be classified further into replay attacks and alteration of messages.
·         Fabrication causes Denial of Service (DOS) attacks.
Masquerade is caused when an unauthorized entity pretends to be another entity. As we have seen, user C might pose as user A and send a message to user B. User B might be led to believe that the message indeed came from user A. In masquerade attacks, an entity poses as another entity. In attack may involve capturing the user’s authentication sequence (e.g. user ID and password). Later, those details can be replayed to gain illegal access to the computer system.
In a replay attack, a user captures a sequence of events or some data units and re-sends them. For instance, suppose user A wants to transfer some amount to user C’s bank account. Both users A and C have account with bank B. User A might send an electronic message to bank B, requesting for the funds transfer. User C could capture this message and send a second copy of the same to bank B. Bank B would haven o idea that this is an unauthorized message and would treat this as a second and different, funds transfer request from user A. Therefore, user C would get the benefit of the funds transfer twice: once authorized, once through a replay attack.
Alteration of messages involves some change to the original message. For instance, suppose user A sends an electronic message Transfer $1000 to D’s account to bank B. User C might capture this and change it to Transfer $10000 to C’s account.
Not that both the beneficiary and the amount have been changed – instead, only one of these could have also caused alteration of the message. Denials of service (DOS) attacks make an attempt to prevent legitimate users form accessing some services, which they are eligible for. For instance, an unauthorized user might send too many login requests to a server using random user ids one after the other in quick succession, so as to flood the network and deny other legitimate users from using the network facilities.
3    The Practical side of Attacks
The attacks discussed earlier can come in a number of forms in real life. They can be classified into two broad categories: application- level attacks and network –level attacks, as shown in fig.
Let us discuss these as follows.
·         Application level attacks – These attacks happen at an application level in the sense that the attacker attempts to access, modify or prevent access to information of a particular application or to the application itself. Examples of this are trying to obtain someone’s credit card information on the Internet or changing the contents of a message to change the amount in a transaction, etc.
·         Network level attacks – These attacks generally aim at reducing the capabilities of a network by a number of possible means. These attacks generally make an attempt to either slow down or completely bring to halt, a computer network. Note that this automatically can lead to application level attacks, because once someone is able to gain access to a network, usually she is able to access/modify at least some sensitive information, causing havoc.
These two types of attacks can be attempted by using various mechanisms, as discussed next. We will not classify these attacks into the above tow categories, since they can span across application as well as network levels.
Security attacks can happen at the application level or the network level.
4     Programs that Attack
 Let us now discuss a few programs that attack computer systems to cause some damage or to create confusion.
Virus      One can launch an application-level attack or a network level attack using a virus. In simple terms, a virus is a piece of program code that attaches itself to legitimate program code and runs when the legitimate programs runs. It can then infect other programs in that computer or programs that are in other computers but on the same network. This is shown in Fig. In this example, after deleting all the files from the current user’s computer, the virus self-propagates by sending its code to all users whose email addresses are stored in the current user’s computer, the virus self-propagates by sending its code to all users whose email addresses an restored in the current user’s address book.
Virus can also be triggered by specific events (e.g. a virus could automatically execute at 12 PM every day). Usually viruses cause damage to computer and network systems to the extent that it can be repaired, assuming that the organization deploys good backup and recovery procedures.
A virus is a computer program that attaches itself to another legitimate program and causes damage to the computer system or to the network.
During its lifetime, a virus goes through four phases:
      (a)   Dormant phase:    Here, the virus is idle. It gets activated based on certain action or event (e.g. the user typing a certain key or certain date or time is reached, etc). This is an optional phase.
      (b)   Propagation phase:  In this phase, a virus copies itself and each copy starts creating more copies of self, thus propagating the virus.
(c)    Triggering phase:   A dormant virus moves into this phase when the action/event for which it was waiting is initiated.
(d)   Execution phase:    This is the actual work of the virus, which could be harmless (display some message on the screen) or destructive (delete a file on the disk).
Viruses can be classified into the following categories:
(a)   Parasitic virus:   This is the most common form of viruses. Such a virus attaches itself to executable files to attach itself and spread.
(b)   Memory-resident virus:   This type of virus first attaches itself to an area of the main memory and then infects every executable program that is executed.
(c)    Boot sector virus:  This type of virus infects the master boot record of the disk and spreads on the disk when the operating system starts booting the computer.
(d)   Stealth virus: This virus has intelligence built in, which prevents anti-virus software programs from detecting it.
(e)    Polymorphic virus:  A virus that keeps changing its signature (i.e. identity) on every execution, making it very difficult to detect.
There is another popular category of viruses, called as the Macro virus. This virus affects specific application software, such as Microsoft Word or Microsoft Excel. These viruses affect the documents created by users and spread quite easily since such documents are very commonly exchanged over email. There is a feature called as macro these application software programs, which allows the users to write small useful utility programs within the documents. Viruses attack these macros and hence the name macro virus.
Worm:   Similar in concept to a virus, a Worm is actually different in implementation. A virus modifies a program (i.e.  it attaches itself to the program under attack). A worm, however, does not modify a program. Instead, it replicates itself again and again. This is shown in Fig.  The replication grows so much that ultimately the computer or the network on which the worm resides, becomes very slow, finally coming to a halt. Thus, the basic purpose of a worm attack is different from that of a virus. A worm attack attempts to make the computer or the network under attack unusable by eating all its resources.
A worm does not perform any destructive actions and instead, only consumes system resources to bring it down.
Trojan horse    A Trojan horse is a hidden piece of code, like a virus. However, the purpose of a Trojan horse is different. Whereas the main purpose of a virus is to make some sort of modifications to the target computer or network, a Trojan horse attempts to reveal confidential information to an attacker. The name (Trojan horse)  is due to the Greek soldiers, who hid inside a large hollow horse, which was pulled by Troy citizens, unaware of its contents. Once the Greek soldiers entered the city of Troy, they opened the gates for the rest of Greek soldiers.
In a similar fashion, a Trojan horse could silently sit in the code for a login screen by attaching itself to it. When the user enters the user id and password, the Trojan horse could capture these details and send this information to the attacker without the knowledge of the user who had entered the id and password. The attacker can then merrily use the user id and password to gain access to the system. This is shown in Fig.
A Trojan horse allows an attacker to obtain some confidential information about a computer or a network.
 

Comments

Post a Comment

Popular posts from this blog

Derivation of the Phase Rule

Derivation of the Phase Rule:                                        According to this rule, for any equilibrium thermodynamic system, the sum of the number of degrees of freedom(F) and the number of phases(P) are equal to the sum of number of independent component ‘C’ and the number of external factors n(T and P) affecting the physical state of the system.            F+P=C+n   Or ,     F+P= C+2        where ( n=2 )   Or ,    F= C-P+2    (Gibbs phase rule) Let us consider a heterogeneous system in equilibrium having C components (C 1 ,C 2 ,----C c ) distributed in P phase (P 1 , P 2 , ----P p ). The number of degree of freedom = Total number of variables   - ...
Post a Comment
Read more

Properties of Lubricants

Properties of Lubricants:- Lubricants have several properties, some important properties are given below:- 1.       Viscosity:                              It is the property of a liquid or a fluid by virtue of which it offers resistance to its own flow. If two layers of a liquid separated by a distance’s and moving with a relative velocity difference ‘v’ then force per unit area(f) required to maintain this velocity difference is given by-                                                 f=nv/d Where n is the coefficient of viscosity. Viscosity is the most important property of ...
Post a Comment
Read more

Additives For Lubricants

Additives For Lubricants There are lack of properties of single lubricating oil so the properties of lubricants may be improved by adding some specific suitable compounds, such type of compounds which are used to improve the properties of lubricants are known as additives for lubricants. Some important additives are listed below. (i)                  Extreme pressure additives:   These additives either get absorbed on the metal surface or react with the metal to form a layer having low shear strength on the metal surface and prevent wearing and tearing. They also protect them from welding and seizure under extreme pressure conditions. For example fatty ester, acids, organic chlorine compounds, metallic soaps etc. (ii)                Viscosity Index improves: The prevent the oil from thickening at low temperature and thin ...
Post a Comment
Read more