Information Technology Reference
In-Depth Information
¾
pirate server that attacks some routers and assumes the identity of the
original server, this attack is based on changing the routing tables of a
router (spoofing);
¾
programs that emulate the services of the system recording at the
same time confidential information entered by the user (for example
the login program can be emulated when the user enters the
username and password to obtain the user's password (password
cracking)).
Eavesdropping attacks can exploit inherent weaknesses of protocols and
network software or unaware operating system configurations.
Interception attacks can exploit the fact that a user has violated any
standard of behaviour required by the security policy (such as writing the
password under the keyboard). In fact when the system does not provide
advanced tools for the user authentication (hardware key, fingerprint
reader, etc.), the more frequent intrusion attacks are given by an illegal
password.
•
Editing.
An unauthorized person comes into possession of a component of
the system, modifies it and introduces it back into the system. This is an
integrity attack.
•
Production
. An unauthorized person manufactures new components and
places them into the system. Attacks that use these techniques are not
designed to access information and services, but simply to degrade the
operating conditions of the system. They are considered sabotage acts,
and typically they threaten the integrity and availability, more rarely (and
indirectly) confidentiality. There are various techniques for disturbing:
¾
attacks by viruses;
¾
attacks by worms;
¾
attacks of 'DoS' type: this is a family of techniques designed to ensure
that the system denies access to information and services to duly
authorized users. Attacks that use these techniques then threaten the
availability requirements of the system. Two typical DoS techniques
consist for example in the paralyzing the traffic on the network by
generating false error messages or clogging it with specifically
generated disturbing traffic.
6.2
Sniffing
Sniffing could be classified as a passive attack to privacy. In short it is like
eavesdropping on the door of our neighbour. But in the case of sniffing the
consequences for the victim can be much heavier. Being able to intercept
packets that transit through a communication channel, it is possible to know
