Professional Documents
Culture Documents
Information Security-2 Attacks
Information Security-2 Attacks
Information Security 2
Syed Muhammad Mehdi
CS-RCET-UET
Outline
• Attacks
• Passive Attacks
• Active Attack
• Different Categories of Attacks
• How attackers may Attack
• Protect a Network
Threat vs Attack
• Passive Attacks
• Active Attacks
• Insider Attacks
• Outsider Attacks
Passive and Active Attacks
Passive Attack Active Attack
• Access
• Modification
• Denial of Service
• Repudiation
• Masquerade Attack
• Back Doors
• Brute Force
• Spoofing
• Session Replay
• Man in the middle attack
• Code and SQL Injection attack
• Insider Threats
1. Access Attack
• Attacker
• Some one outside your network perimeter who is trying to break in
• Regular user has an inside view, so overwhelming majority originate from
inside
• Collecting information
• Probing the network
• Launching an attack
Collecting Information
• Whois
• Query to the interNIC.
• It maintains the publicly accessible database of all registered domains
• Can be searched with simple query “whois domainname”
• “Whois pugc.edu.pk”
Collecting Information [2]
• After gaining information and finding the suitable attack time, the
attacker may finaly now launch the attack.
Protect a Network
How to Protect Network [1] 51
Security
Requirements
(FIPS 200)
(page 1 of 2)
Security
Requirements
(FIPS 200)
(page 2 of 2)
Least
Least Psychological
common Isolation Encapsulation
privilege acceptability
mechanism
Least
Modularity Layering
astonishment
The End