Scribd
Upload
21 views18 pages

Week#03 Lecture #01

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
21 views18 pages

Week#03 Lecture #01

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Information Security

SE-308
Week 3(Lecture#01)
Software Attacks

– Introduction
– Attack
– Types of Attacks
– Active Attacks
– Passive Attacks
Attack
• An attack is any action that destroys security.

• An "attack" refers to any intentional and


unauthorized attempt to compromise the
confidentiality, integrity, or availability of a
system or its data.

• Attackers use various methods to take


advantage of system, network, or application
vulnerabilities to achieve their objectives.
Types of Attacks
Active Attack:
The attacker tries to change or modify the content of
messages. Active Attack is dangerous to Integrity as
well as availability. Due to active attack system is
always damaged and System resources can be
changed.
Example:
• Spoofing
• Malicious Code
• Man-in-the-Middle
• Hoaxes
• Spam
• Back Doors
• Mail Bombing
• Password crack
• Social Engineering
• Brute Force
• Dictionary
• Pharming
• Denial-of-Service (DoS)
• Phishing
• Distributed Denial-of-Service (DDoS)
Types of Attacks (Cont’d)
Passive Attack:
Passive attack involve monitoring or overhear on
communication channels, system activities and data
exchanges without altering or changing the data and
disrupting or disturbing the communication flow.

Example:
• Traffic Analysis
• Release of message content
• Sniffers
• Timing Attack
• Shoulder Surfing
• Video Surveillance
Active Attacks

1. Malicious code
"Malicious code," also known as malware, refers to
any type of software or code designed with
malicious intent to compromise or damage the
security or gain unauthorized access to computer
systems, networks, or data.

Example:
• Viruses
• Worms
• Trojan Horse
• Ransomware
Active Attacks (Cont’d)

2. Hoaxes
• In simple terms, hoaxes are fake stories or
information that intentionally spread for
misleading or tricking people.
• These hoaxes can be spread through email, social
media, or even just by word of mouth.
• It's important to be careful and check if
something seems too good to be true add up
before believing or sharing it.

Example:
• Chain Message
• The "Haunted House" Rumor
Active Attacks (Cont’d)
3. Back Doors
• A backdoor is like a secret entrance into a computer
system or network. It can be made by system
designers or maintenance workers.

• Sometimes, these backdoors are intentionally hidden


and are hard to find because they don't leave a detail
in the system's records.

• They let someone get into the system without


permission, which can be really risky for security.

Example:
• Hidden Account
• Master Password
Active Attacks (Cont’d)

4. Password Cracking

• Password cracking is a technique used by


attackers to discover or guess passwords
that grant access to secured systems,
accounts, or data by using hashes.

• It includes trying different methods to


discover passwords by using flaws of
systems or by trying different combinations
of characters until the correct one is found.
Active Attacks (Cont’d)
5. Brute Force
• Try every possible password until you find the right one.
• Attackers use computing power to guess passwords
systematically, trying every combination until they get it
right.

Example:
• Imagine you have a locked locker, and you need a four-digit
code to unlock it. You know that the code is made up of
numbers from 0 to 9, and you want to try every possible
combination to open the safe.
• You start with 0000 and try to open the safe. It doesn't work.
So, you move on to 0001, 0002, 0003, and so on, trying
every combination until you find the right one. It might take
a while, but eventually, you try 1234, and the safe unlocks!
Active Attacks (Cont’d)
6. Dictionary Attack
• A dictionary attack uses a "dictionary" that contains a list of
commonly used passwords, words or popular phrases, and guess
someone's password and gain unauthorized access to their
account or system.

• Using personal information such as your date of birth, student ID


number, or other easily guessable details as passwords can
make your accounts vulnerable to dictionary attacks.

Example:
• If your date of birth is "01/01/1990," and you use "01011990" as
your password, it could be easily guessed.

• Similarly, if your student email account is associated with a


predictable student ID number like "20230001," using it as a
password.
Active Attacks (Cont’d)

7. Denial of Services

• Denial of Service (DoS) is a type of attack


aimed at making a computer system,
network, website, or online service
unavailable to its users by overflowing or
overloading it with an excessive amount of
malicious traffic, requests, or data.

• The main goal of a DoS attack is to disrupt


or disturb the normal functionalities of the
target system or service, making it
DoS:
Active Attacks (Cont’d)

8. Distributed Denial of Services (DDoS)


• DDoS stands for Distributed Denial of
Service.
• This kind of attack involves using several
compromised systems which are infected
with the malware.
• These systems are managed remotely by a
hacker to overload a target system or
network with traffic or requests.
DDoS:
Active Attacks (Cont’d)
9. Spoofing
• Spoofing is a trick or technique used by hackers
to pretend their messages are coming from a
trusted computer or source.

• This technique used to gain unauthorized access


to computers, the intruder or attacker sends
messages with a source IP address that has
been design to indicate that the messages are
coming from a trusted host.

• To do this, hackers might use different methods


to get trusted IP addresses and then change the
packet headers to insert these fake addresses.
Spoofing
Thank you

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy