Professional Documents
Culture Documents
Unit 2 IDS
Unit 2 IDS
UNIT-2
Contents
Classes of Attacks
Network Layer Attack
Application Layer Attacks
Human Layer Attacks
Classes of attackers
Introduction
An attack can be defined as any method, process, or means used to
maliciously attempt to compromise security.
Introduction
• In May 2000, the Internet Engineering Task Force defined attack in RFC 2828 as:
“An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade security services and violate the
security policy of a system.”
• CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of the
United States of America defines an attack as:
“Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system
resources or the information itself.”
• The increasing dependency of modern society on information and computer networks (both in private and
public sectors, including the military)has led to new terms like cyber attack and cyberwarfare.
“An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting,
disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the
integrity of the data or stealing controlled information.”
Security Attacks/Threats
These are actions that compromise the security of
information owned or transferred by an entity. Attacks
can be one of 4 forms:
• Interruption
• Interception
• Modification
• Fabrication
Type Of Attacks/Threats
Information Information
source (a) Normal Flow Destination
I
I
I I
ACTIVE ATTAC
K
PASSIVE
ATTACK
Active and Passive Attacks
Attack/threats
Active threats
Passive threats
Interception
Interruption Modification Fabrication
(Availability) (Integrity) (authentication)
Passive
Attacks
Interception • The phenomenon of confidentiality plays an important
role in this type of attack. The data or message which is
sent by the sender is intercepted by an unauthorized
individual where the message will be changed to the
different form or it will be used by the individual for his
malicious process. So the confidentiality of the
message is lost in this type of attack.
• It is also known as “Release of message contents”.
Interception
Traffic • Traffic
and
examining
analysis is the process of intercepting
messages in order to deduce information
from patterns in communication. It can be performed
even when the messages are encrypted and cannot be
Analysis
Fabricate message
Session • In a session replay attack, a hacker steals an authorized
user’s log in information by stealing the session ID.
The intruder gains access and the ability to do
anything the authorized user can do on the website.
Replay
Modification • In message modification attack, an intruder alters
packet header addresses to direct a message to a
different destination or modify the data on a target
machine.
Modify
message
Denial of • In a denial of service (DoS) attack, users are deprived of
access to a network or web resource. This is generally
accomplished by overwhelming the target with more
traffic than it can handle.
Service
(DOS)
Attacks on OSI Layer
What Are The 7 Layers Of Security?
What Are The 7 Layers Of Security?
This question is a bit more complex than it first looks. Many readers may be familiar with the OSI Model, a
framework that many early cybersecurity adopters use to prescribe security solutions as related to a
networking system. Unfortunately, cybersecurity today goes far beyond a networking-only approach. Today,
cybersecurity traverses far beyond the network realm to the endpoint, perimeter, and the humans on the
other side.
That’s why cyber experts proposed a new model that looks at cybersecurity more holistically.
The 7 layers of cybersecurity should center on the mission critical assets we are seeking to protect.
1: Mission Critical Assets – This is the data you need to protect*
2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an application, an application’s
access to your mission critical assets, and the internal security of the application.
4: Endpoint Security – Endpoint security controls protect the connection between devices and the network.
5: Network Security – Network security controls protect an organization’s network and prevent
unauthorized access of the network.
6: Perimeter Security – Perimeter security controls include both the physical and digital security
methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cybersecurity posture. Human security controls
include phishing simulations and access management controls that protect mission critical assets from a wide
variety of human threats, including cyber criminals, malicious insiders, and negligent users.
Password Based
Attack
An attack in which repetitive attempts are made to duplicate a
valid logon or password sequence.
Malware
Attack
DOS
ATTACK
MAN IN THE MIDDEL
ATTACK
IP SPOOFING
SQL INJECTION ATTACK
XSS
ATTACK
Network Attackers Tool(Penetration Testing Tool)
Metasploit Framework
Ettercap
sqlmap
Kali Linux