Page 45 - CITS - Computer Software Application -TT
P. 45

COMPUTER SOFTWARE APPLICATION - CITS




           There are two main types of network attacks
           1  Active Attacks
           2  Passive Attacks
           Active Attacks
           An active attack is a type of malicious activity in which an unauthorized party takes deliberate action to breach
           the security of a computer system, network, or device. Unlike passive attacks, which involve eavesdropping or
           monitoring without altering data, active attacks involve direct interference with the target to gain unauthorized
           access, disrupt services, or manipulate data.
           Here are some common types of active attacks
           1  Spoofing:  Attackers  manipulate  network  protocols,  IP  addresses,  or  other  identification  information  to
              impersonate a trusted entity, gain unauthorized access, or deceive users
           2  Denial of Service (DoS) Attack: As previously mentioned, this attack floods a network, server, or service with
              excessive traffic to make it unavailable to legitimate users.
              •  DoS: Overwhelming a single system with a flood of traffic to make it unavailable.
              •  DDoS: Coordinating multiple systems to flood a target with traffic, amplifying the impact.
           3  Brute Force Attack: Attackers attempt to guess passwords or encryption keys by systematically trying all
              possible combinations until they find the correct one.
           4  Password  Attacks:  This  includes  various  methods  like  dictionary  attacks,  where  attackers  try  common
              passwords, or credential stuffing, where stolen usernames and passwords from one site are used on other
              sites.
           5  SQL Injection: Attackers manipulate input fields on a website to inject malicious SQL code into a database,
              potentially allowing unauthorized access or data retrieval.
           6  Malware Attacks: These involve deploying malicious software onto a system to compromise its security, steal
              data, or perform other malicious actions.

              •  Viruses: Malicious programs that attach themselves to legitimate files and replicate when the infected file
                 is executed.
              •  Worms: Self-replicating programs that spread across networks and systems without human intervention.

              •  Trojans: Malware disguised as legitimate software, often used to gain unauthorized access to systems.
           7  Spoofing A specific type of malware that encrypts a user’s files and demands a ransom for decryption.
           8  Phishing: While primarily a form of social engineering, phishing emails may also lead to active attacks, such
              as directing users to malicious websites that download malware onto their systems.Phishing: Deceptive emails
              or messages aimed at tricking recipients into revealing sensitive information, such as passwords or credit card
              details.

              •  Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations.
              •  Whaling: Similar to spear phishing, but targeting high-profile individuals, executives, or celebrities.
           Passive Attacks
           Passive attacks are a type of cybersecurity attack that focuses on intercepting and gathering information from a
           targeted system or network without altering the data or causing any noticeable disruption. Unlike active attacks
           that involve modifying or damaging data, passive attacks are primarily concerned with unauthorized access to
           sensitive information, such as confidential data, credentials, or communication content. These attacks are often
           difficult to detect because they don’t involve direct manipulation of data, making them a significant concern for
           maintaining data privacy and security.
           There are two main categories of passive attacks:
           1  Eavesdropping:  Eavesdropping  attacks  involve  an  unauthorized  individual  or  entity  intercepting  and
              monitoring data transmissions between legitimate users. This can happen on both wired and wireless networks.




                                                           32

                              CITS : IT&ITES - Computer Software Application - Lesson 01-17
   40   41   42   43   44   45   46   47   48   49   50