SECURITY ATTACKS

A security attack is an unauthorized attempt to steal, damage, or expose data from an information system such as your computer or website.

It can also be defined as — Any Action that compromises the security of information owned by an organization.

Security attacks are of two types-

Active Attacks: An Active attack attempts to alter system resources or effect their operations. Active attack involve some modification of the data stream or creation of false statement.

1. Masquerade: Masquerade attack takes place when one entity pretends to be different entity.
2. Replay: Replay invovles the passive capture of the messages and it’s subsequent retransmission to produce an unauthorized effect.
3. Modification of message: It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorised effect.
4. Denial of Service: It prevents normal use of communication facilities. Here the attacker disrupts the services provided by a server.

Passive Attacks: A Passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring of transmission. The goal of the opponent is to obtain information that is being transmitted

1. Release of Message contents: Telephonic conversation, an electronic mail message or a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
2. Traffic Analysis: Suppose that we had a way of masking (encryption) of information, so that the attacker even if captured the message could not extract any information from the message. The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.