Network Attacks: Classification and Types



  • Over the past twenty years, the Internet has radically changed our lives. Today it is difficult to imagine existence without social networks, instant messengers, electronic mailboxes and wallets, sites on any topic, and all that. On the Internet you can find any information, buy any product, find the right person, study or play, conduct money transactions, work and communicate ...

    But with the benefits that the Internet carries, the dark side is growing. I now mean that the danger of the disclosure of personal data, theft of money, important resources, and even state secrets is constantly growing. Every day attacks are made on various resources, many of which are successful. Due to the widespread distribution and use of the Internet, there is always a risk of damage from hacker attacks.

    This article will discuss the types of basic network attacks aimed at various types of devices and applications.

    Attack Classification

    First of all, it is worth saying that all network attacks can be classified into several categories. Namely:

    • By the nature of the impact
    • By purpose of impact
    • By the presence of feedback with the attacked object
    • By the condition of the beginning of the impact
    • By the location of the subject of attack relative to the attacked object
    • By the level of the reference model ISO / OSI, on which the impact

    Let's consider a little more

    By nature of attack
    This category is divided into two types:

    Passive

    Active

    A passive attack means an impact that does not directly affect the operation of the system, but which can violate its security policy. Since there is no direct effect on the attacked computing system, such an attack is difficult to detect.

    An active attack, unlike a passive one, has a direct effect on the operation of the attacked system, disrupting operability, changing the configuration, or violating the security policy. Unlike a passive attack, an active one is easy to detect because specific changes occur in the system, while a passive one leaves no trace.

    Attack target

    Such attacks can be conditionally divided into the following types: disruption of functioning or access to the system, violation of the integrity of information, or its confidentiality.

    Which of these options a particular attack belongs to depends on which particular threat lies in it: denial of service, disclosure, or integrity violation.

    Will explain. As a rule, in any attack, the main goal is to gain access to information. There are two main ways - this is distortion, or interception. If we intercept information, then we get access to it, but without the possibility of changing it. But this already leads to a violation of its confidentiality. As an example, I already mentioned listening to a network channel earlier - you know what it is about, but there is nothing you can do about it. And this is the previously described passive effect.

    But in the case of information substitution, control over the exchange of data between system objects is already possible. Accordingly, the substitution of information leads to a violation of integrity, and this is already a variant of active influence.

    By the presence of feedback with the attacked object
    There are also two options for the development of events:

    With feedback

    No feedback (unidirectional attack)

    I think the difference is obvious. In the first case, the attacker sends requests to the target, and expects a specific response. They are needed in order to respond to various changes in the attacked object. However, in this case, feedback is established between the hacker and the attacker.

    But attacks without feedback do not allow timely responses to changes that occur during the process. But then the attacker does not need to receive and analyze the answers.

    By the condition of the beginning of the attack
    Again options:

    Attack on receiving a request from a target
    attack on the occurrence of an expected event on the attacked object.

    Unconditional attack

    It all depends on what is considered the beginning of the attack in this particular case. If we are talking about an attack on request from an object, it means that the hacker will start his business after the target sends a request of a certain type. Alternatively, such queries can be DNS or ARP queries.

    If the attacker has been continuously monitoring the state of the operating system for the purpose of his attack for a long time, then he can start the process when a specific event in the system occurs. Well, an unconditional attack is an immediate start of action without any expectation or event.

    By location of hacker and target
    This type of attack may vary based on the location of the attacker and the target. Therefore, this type of attack is divided into inter-segment and intra-segment.

    In the first case, the hacker and the target are in the same network segment. Otherwise - in different.

    Of course, an intra-segment attack is much easier to carry out than an inter-segment attack.

    By the level of the reference model ISO / OSI
    The International Organization for Standardization (ISO) has adopted the ISO 7498 standard, which describes the relationship


Log in to reply
 


LIVE Chat
Login in your account to Start Chat