types of attacks and threads
Post on 12-Feb-2017
1.086 Views
Preview:
TRANSCRIPT
TYPES OF SECURITY ATTACKS AND THREADS
SUBMITTED BY
K. S. SRIVIJAYMANICKAM
M.SC-IT
14MIT025
DEFINITION
Attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset
TYPES OF ATTACKS
Passive attack
Active attack
Insider attack
Phishing attack
Hijack attack
Spoofing attack
Exploit attack
Password attack
Passive Attack:
Passive attack attempts to take the information from the system and does not affect any system resources and its operations.
Active Attack:
Active attack attempts to change the system resources or affect their usual operations.
Insider Attack:
An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access.
An insider attack is also known as an insider threat.
IDS-Intrusion Detection System
Phishing Attack:
In phishing attack the hacker creates a fake web site that looks exactly like a popular site.
Spoofing Attack:
Modifies the source address of the packet.
Hijack Attack:
In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication.
Exploit Attack:
An exploit is the use of software, data, or commands to “exploit” a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms or viruses.
Password Attack:
An attacker tries to crack the passwords stored in a network account database or a password-protected file.
Types:
Dictionary attack
Brute force attack
THREATSA threat is something that may or may not happen, but has the potential to cause serious
damage. Threats can lead to attacks on computer systems, networks and more.
Types of threats:
Most of the hacker uses 2 types of threats only
Cross Site Scripting (XSS)
SQL Injection
Cross- Site Scripting(XSS):Cross-site scripting, or popularly known as XSS is an example of an injection attack wherein an
attacker is able to inject malicious code snippets to get important information, or perform other malicious tasks.
Example:
Online banking-user
•Hacker opened a malicious website in another tab. On that website, there is an image link which contains following code:
•<img src=”xyz.com/img.png”><script>maliciousBlock();</script></img>
SQL Injection:
An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database.
Tool:
• Havij SQL Injection
top related