Cyber security attacks refer to the sets of actions that the threat actors perform to gain any unauthorised access, cause damage to systems/computers, steal data, or compromise the computer networks. An attacker can launch a cyber attack from any location. The attacker can also be an individual or even a group. There are various TTP (tactics, techniques, and procedures) to do so.
In this article, we will look more into Security Attacks according to the GATE Syllabus for (Computer Science Engineering) CSE. We will read ahead to find out more about it.
Table of Contents
What are Security Attacks?
A vulnerable application could subject people and systems to several kinds of harm. An attack occurs when a malevolent actor takes advantage of security flaws or vulnerabilities to harm others. In this article, we’ll examine various attack methods, so that you’ll know what to watch out for when safeguarding your application.
Types of Security Attacks
Cyber security attacks can be of the following two types:
- Active attacks
- Passive attacks
1. Active Attacks
An active assault tries to change system resources or interfere with their functionality. Active attacks entail some form of data stream manipulation or false statement generation. Active attacks can take the following forms:
1.1. Masquerade
When one entity impersonates another, it commits a masquerade attack. One of the other active attack types is included in a masquerade attack. An authorisation process can become extremely vulnerable to a disguised attack if it isn’t always completely safeguarded. Masquerade attacks can be carried out via stolen logins and passwords, by spotting holes in programmes, or by figuring out a way to get around the authentication procedure.
1.2. Modification of Messages
Modification denotes that a communication has been delayed, reordered, or had a piece of it changed to achieve an unlawful effect. Modification compromises the accuracy of the source data. In essence, it indicates that unauthorised individuals not only access data but also spoof it by initiating denial-of-service attacks, such as modifying sent data packets or flooding the network with false data. An assault on authentication is manufacturing. A notification that originally said, “Allow JOHN to view confidential file X,” for instance, is changed to say, “Allow Smith to read confidential file X.”
1.3. Repudiation
This attack happens when the login control gets tampered with or the network is not totally secure. With this attack, the author’s information can be altered by malicious user actions in order to save fake data in log files, up to the broad alteration of data on behalf of others, comparable to the spoofing of email messages.
1.4. Replay
When the network is not completely secure or the login control is tampered with, an attack occurs. With this attack, the information of the author can be changed by malicious user actions to save suspicious data in log files, up to the widespread alteration of data on behalf of others, similar to the spoofing of email messages.
1.5. Denial of Service
Denial of service hinders the regular use of communication infrastructure. There may be a specified target for this attack. An entity might, for instance, suppress all messages sent to a specific location. Another example of service denial is when an entire network is disrupted, either by network disablement or message overload that lowers performance.
2. Passive Attacks
A passive attack does not eat up system resources and instead makes an effort to gather or use information from the system. Attacks that are passive in nature spy on or keep track of transmission. The adversary wants to intercept the transmission of information in order to collect it. The following are examples of passive attacks:
2.1. Releasing Message Content
Sensitive or confidential information may be present in a telephone conversation, an email, or a transmitted file. We want to keep an adversary from finding out what is being transmitted. In this type of passive attack, the information transmitted from one person to another gets into the hands of a third person/hacker. It jeopardises the confidentiality factor in a conversation.
2.2. Traffic Analysis
Imagine that we had a method of hiding (encrypting) data, preventing the attacker from extracting any data from the communication even if it was intercepted.
The adversary was able to ascertain the communication host’s location and identity as well as its frequency and message length. It could be possible to infer the nature of the message from this information.
SIP traffic encryption is the most practical defence against traffic analysis. An attacker would need access to the SIP proxy or call log in order to find out who made the call to accomplish this.
Keep learning and stay tuned to get the latest updates on the GATE Exam, GATE 2023 along with Eligibility Criteria, GATE Syllabus for CSE (Computer Science Engineering), GATE CSE Notes, GATE CSE Question Paper, and more.