Security attacks: Any action that compromises the security of information owned by an organization. These attacks are classified as:
Passive attack (emphasis on prevention rather than detection): Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are
Release of message content / snooping : It is very simple to understand. Eg: An electronic mail message and a transferred file may contain sensitive or confidential information. We should prevent others, from learning the contents of these transmissions by encoding the message with code language.
Traffic analysis: Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
Active attacks (involves some modification): Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
- Masquerade: takes place when one entity pretends to be different
- Replay: passive capture of the data unit and its subsequent retransmission to produce an unauthorized effect.
- Modification of msgs: Some portion of a legitimate message is altered or the messages are delayed or reordered to produce an unauthorized effect.
- Denial of Service: It prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target; for eg, an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.