Threats and Attacks

 Four kinds of threats and their types of attacks

1) Unauthorized disclosure

  • A threat to system confidentiality
  • Types of Attacks:
    1. Exposure
      • The attacker obtains unauthorized knowledge of sensitive data.  
    2. Interception
      • The attacker gain access to data being transmitted
      • A common attack in communication network 
    3. Inference
      • The attacker gains information from analyzing the pattern of traffic in a network 
    4. Intrusion
      • The attacker gains unauthorized access to data 
      • Probably after breaking the system’s access control protection 

2) Deception

  • A threat to system or data integrity
  • Types of Attacks:
    1. Masquerade
      • The attacker accesses to the system acting as an authorized user.
      • The attacker may have the login name and password.  
    2. Falsification
      • The attacker modifies or replaces valid data or produces false data 
    3. Repudiation 
      • The attacker denies 
        • sending the data,  
        • denies receiving the data, 
        • Possessing the data 

3)  Disruption

  • A threat to system availability and integrity
  • Types of Attacks:
    1. Incapacitation
      • An attack on system availability by destructing or damaging system resources (e.g., hardware) and their services.
    2. Corruption
      • An attack to system integrity such that the system resources or services operate in an unintended manner. 
      • This can be done by a malware or an attacker that modifies system function
    3. Obstruction 
      • An attack to system availability by interfering,  altering, or overloading communication functions

4)  Usurpation

  • A threat to system integrity
  • Types of Attacks:
    1. Misappropriation
      • An unauthorized software uses the OS and hardware resources
      • E.g., DoS attack that steals system services
    2. Misuse
      • Disabling security functions, can be by the following means: 
        • Malicious logic
        • An attacker that gains access to the system



Comments

Post a Comment

Popular posts from this blog

What is Cybersecurity?

In today’s digital world, we use the internet for everything from banking and shopping to studying and working. But with convenience comes risk. That’s where cybersecurity comes in. 🛡️ What is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. These attacks aim to access, change, or destroy sensitive information, extort money, or interrupt normal operations. In simple terms: Cybersecurity is like locking your house, but for your computer and online data. ⚠️ Why is Cybersecurity Important? Every day, hackers try to: Steal personal information like passwords or credit card numbers Spread viruses or malware to damage computers Take over systems and ask for ransom (ransomware attacks) Spy on users or organizations for political or financial gain If we don’t protect our devices and information, anyone can become a victim. 💻 Common Types of Cyber Attacks Phishing – Fake emails that trick you into gi...
Read more

CIA Triad

Image
  Confidentiality ( C ) Ensuring that only authorized people can access certain data or systems. Confidentiality covers two concepts. Data confidentiality -  Assures that confidential information is not made available or disclosed to unauthorized individuals. Privacy -  Assures that the owners have control on: What information related to them may be collected and stored,  By whom and to whom that information may be disclosed. Integrity ( I ) Integrity means that information is accurate, complete, and unaltered. This term covers two related concepts.  Data integrity:  Information and programs are changed only in a specified and authorized manner. System integrity:  A system performs its intended function in an unimpaired manner.  Free from deliberate or inadvertent unauthorized manipulation of the system. Availability (A) Systems work promptly and service is not denied to authorized users. Additional Objectives Authenticity:  Able to verify t...
Read more

Ensuring Security in a System

 Exploits A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).  An Exploit can cause, Gaining control of a computer system. Allowing privilege escalation Denial-of-service (DoS or related DDoS) attack. Vulnerability Assessment The process of defining, identifying, classifying and prioritizing vulnerabilities in Information systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. Penetration Testing  Also called pen testing or ethical hacking. The practice of testing a Information system, network or web application to find security vulnerabilities that an attacker could exploit.  The process involves gathe...
Read more