Attack (computing)

Attack (computing)

From Wikipedia, the free encyclopedia

Jump to: navigation, search

For other uses, see Attack.

In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.^[1]

Definitions

IETF

Internet Engineering Task Force defines attack in RFC 2828 as:^[2]

an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

US Government

CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America^[3] defines an attack as:

Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

The increasing dependencies of modern society on information and computers networks (both in private and public sectors, including military)^{[4] [5] [6]} has led to new terms like cyber attack and Cyberwarfare.
CNSS Instruction No. 4009^[3] define a cyber attack as:

An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.

Phenomenology

An attack can be active or passive.^[2]

An "active attack" attempts to alter system resources or affect their operation.

A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. (E.g., see: wiretapping.)

An attack can be perpetrated by an insider or from outside the organization;^[2]

An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.

An "outside attack" is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

The term "attack" relates to some other basic security terms as shown in the following diagram:^[2]

+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+

| An Attack: | |Counter- | | A System Resource: |

| i.e., A Threat Action | | measure | | Target of the Attack |

| +----------+ | | | | +-----------------+ |

| | Attacker |<==================||<========= | |

| | i.e., | Passive | | | | | Vulnerability | |

| | A Threat |<=================>||<========> | |

| | Agent | or Active | | | | +-------|||-------+ |

| +----------+ Attack | | | | VVV |

| | | | | Threat Consequences |

+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+

A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the Confidentiality, Integrity or Availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of Information Security.

The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises Confidentiality.

A Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).^[2]

A set of policies concerned with information security management, the information security management systems (ISMS), has been developed to manage, according to Risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.^[7]

An attack should led to a security incident i.e. a security event that involves a security violation. In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached.

The overall picture represents the risk factors of the risk scenario.^[8]

An organization should make steps to detect, classify and manage security incidents. The first logical step is to set up an Incident response plan and eventually a Computer emergency response team.

In order to detect attacks, a number of countermeasures can be set up at organizational, procedural and technical levels. Computer emergency response team, Information technology security audit and Intrusion detection system are example of these.^[9]

Types of attacks

An attack usually is perpetrated by someone with bad intentions: Black hatted attacks falls in this category, while other perform Penetration testing on an organization information system to find out if all foreseen controls are in place.
The attacks can be classified according to their origin: i.e. if it is conducted using one or more computers: in the last case is called a distributed attack. Botnet are used to conduct distributed attacks.
Other classifications are according to the procedures used or the type of vulnerabilities exploited: attacks can be concentrated on network mechanisms or host features.
Some attacks are physical: i.e. theft or damage of computers and other equipment. Others are attempts to force changes in the logic used by computers or network protocols in order to achieve unforeseen (by the original designer) result but useful for the attacker. Software used to for logical attacks on computers is called malware.

The following is a partial short list of attacks:

• Passive

  • Network

    • wiretapping

    • Port scanner

    • Idle scan

• Active

  • Denial-of-service attack

  • Spoofing

  • Network

    • Man in the middle

    • ARP poisoning

    • Ping flood

    • Ping of death

    • Smurf attack

  • Host

    • Buffer overflow

    • Heap overflow

    • Format string attack

Consequence of a potential attack

A whole industry is working trying to minimize the likelihood and the consequence of an information attack.

For a partial list look at Category:Computer security software companies

They offer different products and services, aimed at:

• study all possible attacks category

• publish books and articles about the subject

• discovering vulnerabilities

• evaluating the risks

• fixing vulnerabilities

• invent, design and deploy countermeasures

• set up contingency plan in order to be ready to respond

Many organization are trying to classify vulnerability and their consequence: the most famous vulnerability database is the Common Vulnerabilities and Exposures

The Computer emergency response teams were set up by government and large organization to handle computer security incidents.

See also

• Asset (computing)

• Common Vulnerabilities and Exposures

• Computer emergency response team

• Computer insecurity

• Computer security

• Contingency plan

• Countermeasure (computer)

• Exploit (computer security)

• Factor Analysis of Information Risk

• Hacking: The Art of Exploitation Second Edition

• Internet Engineering Task Force

• Information technology security audit

• Information Security

• Intrusion detection system

• IT risk

• Metasploit

• Month of Bugs

• National Information Assurance Glossary

• Penetration test

• Risk factor

• Security control

• Security service (telecommunication)

• Threat

• Vulnerability

• Vulnerability management

• w3af

References

1. ^ Free download of ISO/IEC 27000:2009 from ISO, via their ITTF web site.

2. ^ ^{a b c d e} Internet Engineering Task Force RFC 2828 Internet Security Glossary

3. ^ ^{a b} CNSS Instruction No. 4009 dated 26 April 2010

4. ^ Cortada, James W. (2003-12-04) The Digital Hand: How Computers Changed the Work of American Manufacturing, Transportation, and Retail Industries USA: Oxford University Press pp. 512 ISBN 0-19-516588-8

5. ^ Cortada, James W. (2005-11-03) The Digital Hand: Volume II: How Computers Changed the Work of American Financial, Telecommunications, Media, and Entertainment Industries USA: Oxford University Press ISBN 978-0-19-516587-6

6. ^ Cortada, James W. (2007-11-06) The Digital Hand, Vol 3: How Computers Changed the Work of American Public Sector Industries USA: Oxford University Press pp. 496 ISBN 978-0-19-516586-9

7. ^ Wright, Joe; Jim Harmening (2009) "15" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 257 ISBN 978-0-12-374354-1

8. ^ ISACA THE RISK IT FRAMEWORK (registration required)

9. ^ Caballero, Albert (2009) "14" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 225 ISBN 978-0-12-374354-1