Information Technology Reference
In-Depth Information
the techniques of attack on the other. A cell of this matrix makes it possible
to describe if and how a certain technique can be used to attack a certain
component.
The attacks on the physical level are mainly aimed at removing or
damaging the resources. The main types of physical attack are theft (it is an
attack on the availability and confidentiality) and damage (attack on the
availability and integrity).
The logical level attacks are mainly designed to steal information or
degrade the system operation. To characterize the possible attacks on the
security of a system, it is convenient to consider as in any system there is a
flow of information from a source to a destination. Then there are four
possible types of attacks (Figure 5):
•
Interruption
. Part of the system is destroyed or becomes non-usable. This
is an attack on the availability of the system.
•
Eavesdropping
. An unauthorized person obtains access to a component of
the system. This is an attack on confidentiality. Interception attacks (and
those of changes described in section below) may request a pre-emptive
attack on the physical level to install pirate devices to engage the network
and to install software to intercept data. The techniques commonly used
are based on:
¾
analysis of traffic on the network (local or geographical);
¾
application of analysis of network traffic (sniffing);
Destination
Source
Normal flow
Source
Source
Destination
Destination
(a) Interruption
(b) Eavesdropping
Source
Destination
Destination
Source
(c) Editing
(d) Production
Figure 5: Types of attack.
