?– Classes of attack: Classes of attack might include passive monitoring of
communications, active network attacks, close-in attacks, exploitation by insiders, and
attacks through the service provider.
Information systems and networks offer attractive targets and should be resistant to attack
from the full range of threat agents, from hackers to nation-states. A system must be able
to limit damage and recover rapidly when attacks occur.
Classes of Attack
There are ?¬?ve classes of attack:
?– Passive: Passive attacks include traf?¬?c analysis, monitoring of unprotected
communications, decrypting weakly encrypted traf?¬?c, and capturing authentication
information such as passwords. Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks result in the disclosure of
information or data ?¬?les to an attacker without the consent or knowledge of the user.
Examples include the disclosure of personal information such as credit card numbers
and medical ?¬?les.
?– Active: Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information. These attacks are
mounted against a network backbone, exploit information in transit, electronically
penetrate an enclave, or attack an authorized remote user during an attempt to connect
to an enclave.
Pages:
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58