By Prakhar Golchha, Rajesh Deshmukh and Palak Lunia
Classes of
attack might include passive monitoring of communications, active network
attacks, close: in attacks, exploitation by insiders, and attacks through the
service provider. Information systems and networks offer attractive targets and
should be resistant to attack from the full range of threat agents, from
hackers to nation: states. A system must be able to limit damage and recover
rapidly when attacks occur.
There are eleven types of cyber attack:
1. Passive Attack
A passive
attack monitors unencrypted traffic and looks for clear:text passwords and
sensitive information that can be used in other types of attacks. Passive
attacks include traffic analysis, monitoring of unprotected communications,
decrypting weakly encrypted traffic, and capturing authentication information
such as passwords. Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks result in the disclosure
of information or data files to an attacker without the consent or knowledge of
the user.
2. Active Attack
In an active
attack, the attacker tries to bypass or break into secured systems. This can be
done through stealth, viruses, worms, or Trojan horses. Active attacks include
attempts to circumvent or break protection features, to introduce malicious
code, and to steal or modify information. These attacks are mounted against a
network backbone, exploit information in transit, electronically penetrate an
enclave, or attack an authorized remote user during an attempt to connect to an
enclave. Active attacks result in the disclosure or dissemination of data
files, DoS, or modification of data.
3. Distributed
Attack
A distributed
attack requires that the adversary introduce code, such as a Trojan horse or
back: door program, to a “trusted” component or software that will later be
distributed to many other companies and users Distribution attacks focus on the
malicious modification of hardware or software at the factory or during
distribution. These attacks introduce malicious code such as a back door to a
product to gain unauthorized access to information or to a system function at a
later date.
4. Insider Attack
An insider
attack involves someone from the inside, such as a disgruntled employee,
attacking the network Insider attacks can be malicious or no malicious.
Malicious insiders intentionally eavesdrop, steal, or damage information; use
information in a fraudulent manner; or deny access to other authorized users.
No malicious attacks typically result from carelessness, lack of knowledge, or
intentional circumvention of security for such reasons as performing a task.
5. Close: in
Attack
A close: in
attack involves someone attempting to get physically close to network
components, data, and systems in order to learn more about a network Close: in
attacks consist of regular individuals attaining close physical proximity to
networks, systems, or facilities for the purpose of modifying, gathering, or
denying access to information. Close physical proximity is achieved through
surreptitious entry into the network, open access, or both. One popular form of
close in attack is social engineering in a social engineering attack; the
attacker compromises the network or system through social interaction with a
person, through an e:mail message or phone. Various tricks can be used by the
individual to revealing information about the security of company. The
information that the victim reveals to the hacker would most likely be used in
a subsequent attack to gain unauthorized access to a system or network.
6. Phishing
Attack
In phishing
attack the hacker creates a fake web site that looks exactly like a popular
site such as the SBI bank or PayPal. The phishing part of the attack is that
the hacker then sends an e:mail message trying to trick the user into clicking
a link that leads to the fake site. When the user attempts to log on with their
account information, the hacker records the username and password and then
tries that information on the real site. To read more about major types of phishing attacks, click here.
7. Hijack Attack
Hijack attack
in a hijack attack, a hacker takes over a session between you and another
individual and disconnects the other individual from the communication. You
still believe that you are talking to the original party and may send private
information to the hacker by accident.
8. Spoof Attack
Spoof attack
in a spoof attack, the hacker modifies the source address of the packets he or
she is sending so that they appear to be coming from someone else. This may be
an attempt to bypass your firewall rules.
9. Buffer
Overflow
Buffer
overflow a buffer overflow attack is when the attacker sends more data to an
application than is expected. A buffer overflow attack usually results in the
attacker gaining administrative access to the system in a command prompt or
shell.
10. Exploit Attack
Exploit attack
in this type of attack, the attacker knows of a security problem within an
operating system or a piece of software and leverages that knowledge by
exploiting the vulnerability.
11. Password
Attack
An attacker
tries to crack the passwords stored in a network account database or a
password: protected file. There are three major types of password attacks: a
dictionary attack, a brute: force attack, and a hybrid attack. A dictionary attack
uses a word list file, which is a list of potential passwords. A brute: force
attack is when the attacker tries every possible combination of characters.
About the Authors:
Prakhar Golchha - Final Year Engineering Students, Computer Science & Engineering Department, SSIPMT, Raipur, India
Rajesh Deshmukh - ssistant Professor, Computer Science & Engineering Department, SSIPMT, Raipur, India
Palak Lunia - Final Year Engineering Students, Computer Science & Engineering Department, SSIPMT, Raipur, India
Publication Details:
International Journal of Scientific Engineering and Research
(IJSER) www.ijser.in ISSN (Online): 2347:3878, Impact Factor (2014): 3.05
Volume 3 Issue 4, April 2015 Licensed Under Creative Commons Attribution CC BY - A Review on Network Security Threats and Solutions.