SECURITY ATTACKS

DEFINITION

Attack is any attempt to destroy, expose, disable, steal or gain

unauthorized access to or make unauthorized use of an asset.
 TYPES OF ATTACKS
Passive attack

Active attack
Passive Attack:
Passive attack attempts to take the information from the system and does not affect any system
resources and its operations.

Active Attack:
Active attack attempts to change the system resources or affect their usual operations.
PASSIVE ATTACKS

There are two main types of passive attacks

1.Release Of Message Content
2.Traffic Analysis
RELEASE OF MESSAGE CONTENT

A telephone conversation, an e-mail message and a

transferred file may contain sensitive or confidential
information. We would like to prevent the
opponent from learning the contents of these
transmissions.
TRAFFIC ANALYSIS

Traffic Analysis is a little more complicated. It is very subtle and hard

to detect it would be like this if we had a way to hide the
information on a message and the hacker still viewed the
information this would be a traffic analysis attack.
ACTIVE ATTACKS
• Eavesdropping
• Snooping
• Interception
• Modification Attacks
• Repudiation Attacks
• Denial-of-service (DoS) Attacks
• Distributed denial-of-service (DDoS) Attacks
• Back door Attacks
• Spoofing Attacks
• Man-in-the-Middle Attacks
• Replay Attacks
• Password Guessing Attacks
CIA Security Model
Confidentiality, Integrity & Availability
WHAT IS THE CIA MODEL?
• A simple but widely-applicable security model is the CIA triad standing for:
• Confidentiality
• Integrity
• Availability
• These are the three key principles which should be guaranteed in any kind of secure
system.
• This principle is applicable across the whole subject of Security Analysis, from access
to a user's internet history to security of encrypted data across the internet.
• If any one of the three can be breached it can have serious consequences for the
parties concerned.
CONFIDENTIALITY

• Confidentiality is the ability to hide information from those people unauthorised to view it.

• It is perhaps the most obvious aspect of the CIA triad when it comes to security; but correspondingly, it
is also the one which is attacked most often.

• Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data
transferred from one computer to another.
INTEGRITY

• The ability to ensure that data is an accurate and unchanged representation of the original secure
information.

• One type of security attack is to intercept some important data and make changes to it before sending it
on to the intended receiver.
AVAILABILITY

• It is important to ensure that the information concerned is readily accessible to the authorised viewer
at all times.

• Some types of security attack attempt to deny access to the appropriate user, either for the sake of
inconveniencing them, or because there is some secondary effect.

• For example, by breaking the web site for a particular search engine, a rival may become more popular.