Page 45 - CITS - Computer Software Application -TT
P. 45
COMPUTER SOFTWARE APPLICATION - CITS
There are two main types of network attacks
1 Active Attacks
2 Passive Attacks
Active Attacks
An active attack is a type of malicious activity in which an unauthorized party takes deliberate action to breach
the security of a computer system, network, or device. Unlike passive attacks, which involve eavesdropping or
monitoring without altering data, active attacks involve direct interference with the target to gain unauthorized
access, disrupt services, or manipulate data.
Here are some common types of active attacks
1 Spoofing: Attackers manipulate network protocols, IP addresses, or other identification information to
impersonate a trusted entity, gain unauthorized access, or deceive users
2 Denial of Service (DoS) Attack: As previously mentioned, this attack floods a network, server, or service with
excessive traffic to make it unavailable to legitimate users.
• DoS: Overwhelming a single system with a flood of traffic to make it unavailable.
• DDoS: Coordinating multiple systems to flood a target with traffic, amplifying the impact.
3 Brute Force Attack: Attackers attempt to guess passwords or encryption keys by systematically trying all
possible combinations until they find the correct one.
4 Password Attacks: This includes various methods like dictionary attacks, where attackers try common
passwords, or credential stuffing, where stolen usernames and passwords from one site are used on other
sites.
5 SQL Injection: Attackers manipulate input fields on a website to inject malicious SQL code into a database,
potentially allowing unauthorized access or data retrieval.
6 Malware Attacks: These involve deploying malicious software onto a system to compromise its security, steal
data, or perform other malicious actions.
• Viruses: Malicious programs that attach themselves to legitimate files and replicate when the infected file
is executed.
• Worms: Self-replicating programs that spread across networks and systems without human intervention.
• Trojans: Malware disguised as legitimate software, often used to gain unauthorized access to systems.
7 Spoofing A specific type of malware that encrypts a user’s files and demands a ransom for decryption.
8 Phishing: While primarily a form of social engineering, phishing emails may also lead to active attacks, such
as directing users to malicious websites that download malware onto their systems.Phishing: Deceptive emails
or messages aimed at tricking recipients into revealing sensitive information, such as passwords or credit card
details.
• Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations.
• Whaling: Similar to spear phishing, but targeting high-profile individuals, executives, or celebrities.
Passive Attacks
Passive attacks are a type of cybersecurity attack that focuses on intercepting and gathering information from a
targeted system or network without altering the data or causing any noticeable disruption. Unlike active attacks
that involve modifying or damaging data, passive attacks are primarily concerned with unauthorized access to
sensitive information, such as confidential data, credentials, or communication content. These attacks are often
difficult to detect because they don’t involve direct manipulation of data, making them a significant concern for
maintaining data privacy and security.
There are two main categories of passive attacks:
1 Eavesdropping: Eavesdropping attacks involve an unauthorized individual or entity intercepting and
monitoring data transmissions between legitimate users. This can happen on both wired and wireless networks.
32
CITS : IT&ITES - Computer Software Application - Lesson 01-17