Download Security Attacks: Understanding Passive and Active Threats and Countermeasures and more Slides Information Security and Markup Languages in PDF only on Docsity!
Security Attacks
Security Attacks Traffic Analysis Modification Masquerading Replaying Repudiation Traffic Analysis Snooping Traffic Analysis Snooping Traffic Analysis Snooping Traffic Analysis Snooping Traffic Analysis Snooping Traffic Analysis Security Attacks Snooping Traffic Analysis Security Attacks Snooping Traffic Analysis Security Attacks Snooping Traffic Analysis Security Attacks Snooping Traffic Analysis Modification Security Attacks Traffic Analysis Masquerading Modification Security Attacks Traffic Analysis Replaying Masquerading Modification Security Attacks Traffic Analysis Threats to Confidentiality Threats to Availability Threats to Integrity Denial of Service Type: Passive Attacks Type: Active Attacks Snooping or Sniffing means listening or observing ( eavesdropping ) Eavesdropping
2
Passive Versus Active Attacks
- (^) If User A and User B want to communicate in presence of adversary (Attacker) - (^) Attack may be: - (^) Passive – just looking - (^) Active – may change message
A A
B B
Passive Attacks
- (^) In nature these attacks are alike eavesdropping or monitoring of transmission **Types:
- Snooping** and releasing message contents (Looking, listening/observing)
- Traffic Analysis: Monitoring traffic flow (location, identity of host, message length even sometime possible in case of encryption)
Eavesdropping (Message Interception)
- (^) Basic attacking approach to destroy confidentiality
- (^) It provides unauthorized access to information (message, files, audio clip etc.) either sniffing of data packet or through wire-tapping.
- (^) Difficult to detect A
B
Eavesdropper
Modification (Message
Tampering)
- (^) It means, stops the flow of the message, modify it fake modifications (addition or deletion) and then release it again.
- (^) Normally hidden communication delay occurs in it.
- (^) It can easily be detected using message digest. Attacker
A
B
Masquerade (Identity
Fabrication
- (^) It means to steel the identity of someone else and then generate and distribute objects under this identity Fabricated identity from A
A
B
Happens when one entity is different Msg. sequence can also be captured and replayed later as valid sequence
Repudiation Attack
- (^) It means denying his/her participation in any transaction or in data transmission on the network.
- (^) For example, Someone may deny that he/she did not make any transaction from the credit card
Denial of Service Attack
(Destroying Connection)
- (^) Destroy or denying the connection with network resources with different tricks or commands
- Modify software with (alias commands)
- (^) Corrupt packets in transit
- (^) Crashing or overwhelm the server
A B
Inhibits the use of normal Communication facilities with : delay, server down not responding Link down or failure etc.
General Elements for effective
Security System
- (^) Prevention: means to prevent the system from attack before its successful execution using antiviruses and firewalls.
- (^) Detection: When a system is under attack , to detect it. it might be effective or ineffective due to prevention policy. Intrusion detection system (IDS) are commonly used for it. IDS: network analyzer to identify the un-expected network traffic or pattern
- (^) Response: How to react against the attacked system
Response (…)
- (^) It includes the strategies to reduce the harmful effects that might be happened due to the detected attack(s). Common Strategies:
- (^) Automated Intrusion Prevention System (IPS) are used for this purpose. IPS automatically remove the fake access control and facilitate backup option.
- (^) Turn Off or disconnect the system
- (^) Reset the system using system restore
Why Networks are Vulnerable?
Anonymity: E.g. Who and where is the attacker? Unknown perimeter: Where is my networks boundary? Unknown Path: unknown route & shared medium System complexity: great mesh of network interconnected resources. Sharing: Who needs access to what and why? Points of failure: Any weakest link(s)?
What is X.
- (^) Security architecture or service that provides various services to secure network transmission
- Authentication - assurance that the communicating entity is the same that is claimed
- (^) Access Control - prevention of the unauthorized use of a resource
- (^) Data Confidentiality – protection of data from unauthorized disclosure
- Data Integrity - assurance that data received is as sent by an authorized entity without any false modification
- Non-Repudiation - protection against denial by one of the parties in a communication
- (^) eavesdrop: intercept messages
- (^) actively insert messages into connection
- (^) impersonation: can fake (spoof) source address in packet (or any field in packet)
- hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
- denial of service : prevent service from being used by them (e.g., by overloading resources)
• And many more….
What can an Attacker do?