Saturday, April 17, 2010

Types of attacks

From Microsoft Encyclopedia of Security (direct quote)

Types of attacks
Access attacks: The intruder tries to gain access to resources on your network by exploiting flaws in software such as buffer overflows and information leakage and by elevating the intruder’s privileges to execute arbitrary code.

Denial of service (DoS) attacks: The intruder tries to deny legitimate users access to resources on your network.

Reconnaissance attacks
: The intruder ties to map your network services in order to exploit vulnerabilities detected.

Effects on systems being attacked
Active attacks: These involve trying to modify data either during transmission or while stored on the target system. Examples include inserting backdoors and Trojans, deleting or modifying log files, disrupting services or communication, and so on.

Passive attacks: The goal here is not to modify the target system but rather to capture data being transmitted by eavesdropping or by using a packet sniffer in order to obtain sensitive or confidential information such as passwords or credit card numbers. Passive attacks are also used for capturing information that can help the attacker create a map of the target network’s hosts and services, which
usually forms the preamble of an active attack.

No comments:

Post a Comment