Written by Tharun Buddigina

Types of Security attacks

Have your friends ever asked you to pass on some message to someone? Yes? It is obvious. Sometimes we tell the exact information but sometimes we forget some and modify in our own style and convey the message😂. Quiet common!! The intention for the above context is not our memory, but is modification of a message. So, here we go with our concept.

Passive Attack

It is an attack in which an intruder monitors a system and network communications and scans for open ports and other vulnerabilities. The intruder gathers information that is being passed on but doesn’t make any changes to it. Remember our people Alice, Bob and Malory? If not, we have invited them here again!!

Quick Recap: Alice and bob are at both the ends of conversation i.e. Sending and Receiving respectively. Mallory is the villain, the intruder for the conversation between Alice and Bob. We bring our people now to context for a better understanding. Imagine Alice and Bob are communicating on E-mail.

Some of the passive attacks are as following:

  • Disclosing information: If Mallory interprets their mail and discloses the sensitive information from the mail it can cause heavy loss as from the other type of attacks.
  • Traffic Analysis: Suppose if Alice and Bob are using encrypted mail knowing that they are being tracked, so there is no chance for the disclosure of information. But earlier, Mallory had some information from their mails like frequency, length, location and identity of the mail. Through this, our clever Mallory can guess what the above details can be. This is traffic analysis.

Active Attack

An active attack involves not only gathering information but also includes modification of message or causing any false statements. Active attacks are:

  • Masquerade: Here, Mallory acts like Alice and sends message to Bob. The process in which one entity pretends to be other and performing a successful attack is masquerade attack.
  • Modification of Message: Suppose that Bob sends Alice to ask her if she is interested to join him for lunch. Actually Alice has some work and she is unable to join and she replies the same. But our Mallory transforms the message saying that she is interested in joining him. Through this, Mallory could make any harm to Bob by asking him for a specific place, etc. It is also a security threat.
  • Recursion or Replay: If Mallory captures the message from Alice to Bob and sends it multiple times to Bob with evil intention can be an authorized attack. This process replaying the messages is replay attack or session replay or recursion attack.
  • Repudiation: This is actually performed by sender or receiver. If Alice has sent a mail asking Bob to do some authentication process that might cause harm but later denying that she has sent one such. Observed? Not always bad ones are the attackers, money and situation can change any one. So, it is our responsibility and trust that we rely on.
  • Denial of Service (DoS): If Mallory doesn’t want Alice to chat with Bob, then he can flood the network with messages or cause false statements so that she will not be able to send messages to Bob due to degraded performance of the network. This is Denial of Service attack.

What we see might not have existed, the existed one might not come to visibility. The confusion not in the sentence but within the era we are in. So, we should keep our eyes open and thrive for the real existence. More knowledge on your way…. Stay updated. Till then, Have a happy and healthy learning.

Co-author: @yuktibagrodia

Stay Home Stay Safe!!

Leave a comment