Information Security Attacks

 

Attack

Description

Consequences

Countermeasures

Data Modification

Change or destroy information on a system

·         Can’t get information.

·         Get false information from our own data files.

·         Intrusion detection

·         Access control

·         Backup (2)

·         User Training (2)

Data Theft

Steal sensitive information without owner knowing about it

·         Competitor or bad guy gets information.

·         We don’t know that someone has the information.

·         Intrusion detection

·         Access control

·         User Training (2)

·         Backup (2)

Flooding

Bombards system with more messages or information than it can handle

·         System cannot process all the data coming in or it processes this information and ignores other important processing tasks. 

·         Results in denial of service to valid users.

·         Firewall

·         Redundant Systems (2)

Imitation or Spoofing

Pretends to be a valid user by using a stolen userID and password or by “hijacking” a valid session

·         Bad guy can get into a computer to steal data, destroy data, or take control of system, but looks like a valid user.

·         Encryption

·         Access Control

·         User Training (2)

Jamming

Electronically disrupt transmission signals

·         Information coming in over communications lines is incorrect or can’t be understood.

·         Disconnection

·         Redundant Systems (2)

Mole

A trusted person of an organization gives information to an outsider

·         Competitor or bad guy gets information

·         We don’t know that someone has the information.

·         Access Control

·         User Training (2)

Packet Sniffer

Tools collect information from network such as UserID, passwords, contents of E-mail messages, credit card numbers.

·         Attacker can get valid UserIDs and passwords that enable him to legally log onto a system.

·         Confidential information is read by unauthorized persons.

·         Encryption

·         User Training (2)

Social Engineering

Information obtained by talking with people, obtaining their trust, and tricking them to give out information, like passwords.

·         Passwords and other confidential information may be given to an unauthorized person.

·         User Training

Virus

Malicious program that reproduces by attaching itself to a computer program.

·         Destroys information on a system or makes it run very slowly.

·         Anti-virus software

·         User Training (2)

·         Backup (2)

·         Redundant Systems (2)

 

(2) - Refers to a secondary countermeasure that may help you recover from the problem or may indirectly help to prevent it.