CHAPTER
2
Types of Attacks
15
Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
B
ad things can happen to an organization’s information or computer systems in
many ways. Some of these bad things are done on purpose (maliciously) and others
occur by accident. No matter why the event occurs, damage is done to the organiza
-
tion. Because of this, we will call all of these events “attacks” regardless of whether there
was malicious intent or not.
There are four primary categories of attacks:
▼
Access
■
Modification
■
Denial of service
▲
Repudiation
We will cover each of these in detail in the following sections.
Attacks may occur through technical means (a vulnerability in a computer system) or
they may occur through social engineering. Social engineering is simply the use of
non-technical means to gain unauthorized access—for example, making phone calls or
walking into a facility and pretending to be an employee. Social engineering attacks may
be the most devastating.
Attacks against information in electronic form have another interesting characteristic:
information can be copied but it is normally not stolen. In other words, an attacker may
gain access to information, but the original owner of that information has not lost it. It just
now resides in both the original owner’s and the attacker’s hands. This is not to say that

Information in transit
over the Internet or
phone lines
Desktop computer
Fax
City
Information coming
off fax machines or
printers
Information on
local hard drives
Information on
file servers
Information stored on
media and left in the
office or on backups
taken off-site
Information on
paper in the office
Mainframe
Figure 2-1.
Places where access attacks can occur
18
Network Security: A Beginner’s Guide
How Access Attacks Are Accomplished
Access attacks take different forms depending on whether the information is stored on
paper or electronically in a computer system.
Information on Paper
If the information the attacker wishes to access exists in physical form on paper, he needs
to gain access to the paper. Paper records and information are likely to be found in the fol

someone with knowledge of locks.
Physical access is the key to gaining access to physical records. Good site security may
prevent an outsider from accessing physical records but will likely not prevent an em
-
ployee or insider from gaining access.
Electronic Information
Electronic information may be stored:
▼
In desktop machines
■
In servers
■
On portable computers
Chapter 2: Types of Attacks
19
Desktop computer
Mainframe
Attacker’s computer
The attacker’s system sits in the
path of the traffic and captures it.
The attacker may choose to allow
the traffic to continue or not.
Traffic from the desktop to
the mainframe travels over
the local area network.
Figure 2-3.
Interception
■
On floppy disks
■

successful, the attacker must insert his system in the communication path between the
sender and the receiver of the information. On the Internet, this could be done by causing
a name resolution change (this would cause a computer name to resolve to an incorrect
address—see Figure 2-4). The traffic is then sent on to the attacker’s system instead of to
the real destination. If the attacker configures his system correctly, the sender or origina
-
tor of the traffic may never know that he was not talking to the real destination.
Interception can also be accomplished by an attacker taking over or capturing a ses
-
sion already in progress. This type of attack is best performed against interactive traffic
such as telnet. In this case, the attacker must be on the same network segment as either the
client or the server. The attacker allows the legitimate user to begin the session with the
server and then uses specialized software to take over the session already in progress.
This type of attack gives the attacker the same privileges on the server as the victim.
20
Network Security: A Beginner’s Guide
TEAMFLY



Team-Fly
®

Chapter 2: Types of Attacks
21
MODIFICATION ATTACKS
A modification attack is an attempt to modify information that an attacker is not autho
-
rized to modify. This attack can occur wherever the information resides. It may also be at
-
tempted against information in transit. This type of attack is an attack against the
integrity of the information.
Changes
One type of modification attack is to change existing information, such as an attacker
changing an existing employee’s salary. The information already existed in the organiza
-
tion but it is now incorrect. Change attacks can be targeted at sensitive information or
public information.
Figure 2-4.
Interception using incorrect name resolution information