NoteVerse

Security attacks and classifications

Comprehensive study notes, diagrams, and exam preparation for Security attacks and classifications.

Security Attacks and Classifications

Definition

A security attack is any action that compromises the security of information owned by an organization. These attacks involve unauthorized access, modification, or destruction of data, threatening the confidentiality, integrity, or availability of information systems.

Main Content

1. Passive Attacks

  • The attacker monitors and intercepts data transmission without altering the system resources.
  • The goal is to obtain information without the sender or receiver knowing the system has been compromised.
  • Example: Network traffic analysis or eavesdropping on unencrypted communications.

2. Active Attacks

  • The attacker attempts to alter system resources or affect their operation.
  • These attacks involve modification of the data stream or the creation of a false stream.
  • Example: Replay attacks, denial-of-service, or masquerading as a legitimate user.

3. Insider vs. Outsider Attacks

  • Insider attacks involve individuals within the organization who have authorized access to the system.
  • Outsider attacks are performed by unauthorized individuals from outside the network perimeter.
  • Example: An employee leaking database information (Insider) vs. a hacker performing a brute-force entry (Outsider).

Working / Process

1. Reconnaissance (Information Gathering)

  • The attacker scans the target to find vulnerabilities such as open ports or weak software versions.
  • Data is collected regarding the network architecture to plan the entry point.

2. Exploitation (Execution)

  • The attacker utilizes a specific vulnerability found during reconnaissance to gain unauthorized access.
  • This phase often involves injecting malicious code or bypassing authentication protocols.
Attacker ----> [ Firewall/Gateway ] ----> Target System
      (Exploit Payload)

3. Persistence and Exfiltration

  • The attacker maintains long-term access by installing "backdoors" or rootkits.
  • Sensitive data is extracted from the target system to a remote server controlled by the attacker.

Advantages / Applications

  • Understanding attack classifications helps security professionals design robust Multi-Layered Defense (Defense-in-Depth) strategies.
  • Identifying attack vectors allows for the implementation of proactive measures like firewalls, Intrusion Detection Systems (IDS), and encryption.
  • Classifying attacks assists in forensic investigations to determine the origin and method of a breach, helping organizations harden their infrastructure against future threats.

Summary

Security attacks are deliberate attempts to bypass security controls to gain unauthorized access, modify data, or disrupt services. These are broadly categorized into passive (monitoring) and active (modifying) attacks, which can originate from both internal and external sources. Understanding these methodologies is critical for developing effective cybersecurity defenses and incident response protocols.

Important terms to remember: Confidentiality, Integrity, Availability, Vulnerability, and Exploit.

← Prev: Security principles
Next: Mathematical foundation →