☻Passive attacks☻
*******************
..........↨...........
Passive attacks attempt to learn or make use of information from the system but
do not affect system resources. A passive attack is one where the attacker only
monitors the communication channel. A passive attacker only threatens the
confidentiality of data. Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions. The goal of the opponent is to obtain information
that is being transmitted.
.
.
.
☺Two types of passive attacks are related to message contents and traffic analysis:
.
.
• ♥Eavesdropping. In general, the majority of network communications occur in
an unsecured or "cleartext" format, which allows an attacker who has gained
access to data paths in the network to "listen in" or interpret (read) the data exchanged over the network.
The ability of an eavesdropper to monitor the
network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, the data can be read by others as it traverses the network.
.
.
•♥ Traffic analysis. It refers to the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even
intercepted and stored, the more can be inferred from the traffic.
.
.
.
☻Active attacks☻
******************
..........↨...........
Active attacks attempt to alter system resources or affect their operation.
This type of attack is one where the adversary attempts to delete, add, or in some other way
alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.
.
Active attacks involve some modification of the data stream or the creation of a false stream and can be divided into six categories:
.
.
.
• ♥Masquerade. It is a type of attack where the attacker pretends to be an
authorized user of a system in order to gain access to it or to gain greater
privileges than they are authorized for.
.
.
.
• ♥Replay. In this kind of attack, a valid data transmission is maliciously or
fraudulently repeated or delayed. This is carried out either by the originator or
by an adversary who intercepts the data and re-transmits them, possibly as part
of a masquerade attack.
.
.
.
• ♥Modification of Messages. The attacker removes a message from the network
traffic, alters it, and reinserts it.
.
.
• ♥Man in the Middle (MitM). In this kind of attacks, an intruder intercepts
communications between two parties, usually an end user and a website. The
attacker can use the information accessed to commit identity theft or other
types of fraud.
.
.
.
• ♥Denial of Service (DoS) and Distributed Denial of Service (DDoS).
As I previously walked you through the full details of (DOS / DDOS) A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems,
(sometimes called a botnet) Eben is no more focusing on this sort of attack anymore. :)
.
.
.
• ♥Advanced Persistent Threat (APT). It is a network attack in which an
unauthorized person gains access to a network and stays there undetected for
a long period of time. :D How sweet and funny this really seems :P The intention of an APT attack is to steal data rather
than cause damage to the network or organization. APT attacks target
organizations in sectors with high-value information, such as national defense,
manufacturing and the financial industry.
My brothers and family, please study hard to reach certain levels in this computing era ♥♥
0 Comments