Security Attack is an action that attempt to compromise the information security and/or disrupt the normal flow of information, that is from source to destination. There are several methods on attempting it: Interruption#, Interception#, Modification# and Fabrication#. Based on its invasiveness, Security Attack could be divided into two categories: Passive Attack# and Active Attack#.
Security Attack
-
Web Defacement
Web Defacement is a #Security Attack penetrating a web server and replace its contents with custom messages by the intruder.
- TNS3131 Chapter 1: Overview of Network Security
-
Security Service
Security Service is a service that improve the security data processing system and/or information transfers. It needs to at least secure four elements: confidentiality#, authenticity#, integrity#, and availability#. It has Security Mechanism# implemented in order to fulfil its promises and prevents potential Security Attack.
-
Security Mechanism
Security Mechanism is a mechanism that detects, prevents or recovers from Security Attack#. Most mechanism utilises #cryptography. Based on whether it is general or specific to the Open Systems Interconnection (OSI) Model# layers, Security Mechanism could be categorised into the following two groups:
-
Passive Attack
Passive Attack is a kind of #Security Attack involves eavesdropping or monitoring the network without disturbing the system utilities. It is rather difficult to detect, but there are some prevention methods available. Interception# is such attack. A Passive Attack could be developed into an Active Attack.
-
Modification
Modification is a form of #Security Attack aims at gaining access to the system and altering the information. It undermines the integrity# of the system. Replay Attack# and modification is one of the example of Modification attack.
-
Interruption
Interruption is a form of #Security Attack aims at disturbing the delivery of system utilities to the end users. It violates the availability# of the system service. This can be caused by hardware destruction, communication line cut, the disabling of file system, or Denial of Service (DoS)#.
-
Interception
Interception is a form of #Security Attack aims at eavesdropping or monitoring or simply gaining access to the network flow or the system itself. It undermines the confidentiality# of the system. Traffic analysis# and Man-In-The-Middle Attack (MITM)# are one of the methods of interception, and the information acquired by this method could be exposed to the public or furthered materialised using one of the Active Attack.
-
Fabrication
Fabrication is a form of #Security Attack aims at forging an identity, pretending to be an authenticated entity. It undermines the authenticity# of the system. Masquerade# and Server-Side Request Forgery (SSRF)# are one of the example.
-
Active Attack
Active Attack is a kind of #Security Attack that modifies the data stream or create a false stream to the target and attempts to gain unauthorised access to computer systems. It is rather hard to prevent, but there are some measures available to detect and recover from the destruction. Example of Active Attack including Interruption#, Modification#, and Fabrication#.