Table of ContentsSummarySTRIDERepudiation.Denial of ServiceEscalation of PrivilegeCommon Types of Network AttacksSummaryWithout security efforts and controls in place, your information may be subject to attack. Some attacks are latent, meaning the data is observed; others are dynamic, meaning the data is changed with the intent of degenerating or devastating the information or the system itself. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get an Original Essay Your systems and information are helpless against any of the types of attacks that come with them, in case you don't have a security design in place. .You can group threats into classifications to help you understand these types of advanced requests. One model you may find useful is STRIDE, derived from an acronym for the six risk classes that come with it.STRIDESidentity poofing. An example of identity theft is illegally accessing and then using another user's authentication information, such as username and password. Falsification of data. Data tampering involves the malicious modification of data. Examples include unauthorized modifications to persistent data, such as that contained in a database, and modification of data as it travels between two computers over an open network, such as the Internet. Repudiation. Repudiation threats are associated with users who deny having performed an action without other parties having any way to prove otherwise – for example, a user performs an illegal transaction in a system that does not have the ability to trace prohibited operations. Non-repudiation refers to the ability of a system to counter threats of repudiation. For example, a user purchasing an item may be required to sign for the item upon receipt. The seller can then use the signed receipt as proof that the user has received the package. Disclosure of Information. Information disclosure threats involve exposing information to people who are not supposed to have access to it - for example, the ability of users to read a file to which they did not have access, or the ability to an intruder to read data in transit. between two computers. Denial of Service Denial of service (DoS) attacks deny service to valid users, for example by rendering a web server temporarily unavailable or unusable. You need to protect against certain types of DoS threats simply to improve system availability and reliability. Privilege escalation In this type of threat, an unprivileged user gains privileged access and thus has sufficient access to compromise or destroy the entire system. Privilege escalation threats include situations where an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed. Common Types of Network Attacks Eavesdropping Typically, most system communications occur in an insecure or “plain text” format. , which allows an attacker who has accessed information on your system to “listen” or interpret (read) the movement. When an attacker listens to your communication, it is called sniffing or spying. The ability of an eavesdropper to monitor the system is essentially the biggest security issue that executives consider in an organization.Without the benefits of strong encryption that rely on cryptography, your information can be viewed by others as they navigate the system. Editing Data Once an attacker has viewed your information, the next legitimate step is to edit it. An attacker can modify the information contained in the packet without the sender or recipient knowing. Even if you don't require all communications to be confidential, you don't want any of your messages to be changed while traveling. For example, if you trade purchase orders, you don't need to adjust items, amounts, or billing data. Identity Theft (IPUsurpation Address) Most networks and operating systems use a PC's IP address to distinguish something substantial. In specific cases, it is possible that an IP address is falsely assumed: identity theft. An attacker can also use exceptional programs to create IP packets that appear to come from legitimate locations inside the company intranet. After accessing the system with a large IP address, the attacker can adjust, redirect or erase your information. The attacker can also direct different types of attacks, as described in the following sections. Password-Based Attacks The common denominator of most operating system and network security plans is password-based access control. This means that your access rights to a computer and network resources are determined by who you are, that is, your username and password. Legacy applications don't always protect identity information when it's transmitted over the network for validation. This could allow an eavesdropper to access the network pretending to be a valid user. When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker can also create accounts for further subsequent access. After accessing your network with a valid account, an attacker can do one of the following: Obtain lists of valid users. and computer names and network information. Modify server and network configurations, including access controls and routing tables. Edit, redirect or delete your data. Denial of Service Attack Unlike a password-based attack, a denial of service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do one of the following: Randomize the attention of your internal information systems personnel so that they do not see the intrusion immediately, allowing the attacker to launch more attacks during the hijacking. Send invalid data to applications or network services, causing applications or services to be interrupted or behave abnormally. Flood a computer or the entire network with traffic until a shutdown occurs due to overload. Block traffic, resulting in loss of access to network resources by authorized users. Man-in-the-Middle Attack As the name suggests, a man-in-the-middle attack occurs when someone comes between you and the person you are with. Communicating means actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can reroute a data exchange. When computers communicate at low levels of the network layer,.)