Question

•  Physical theft. Someone steals network hardware, like wires, hubs, or other equipment that keeps the network running.

•  Subversion. Someone modifies or otherwise takes over part of the network so that it enables an attack. For example, an attacker might reroute traffic to allow its interception. Note that in networking, this threat involves physical or logical changes to network components. It does not involve changes to network traffic.

•  Disclosure. An attacker’s computer intercepts copies of network data intended for others. While this may pose no risk for a lot of network traffic, this type of eavesdropping may yield passwords or other data that enables a more serious attack.

•  Forgery. Someone constructs a bogus message or modifies a legitimate message as part of an attack. For example, a bogus order could send merchandise without collecting payment.

•  Masquerade. A person tricks the network into sending messages claiming to be originated by someone else. In the networking environment, this behaves like a particular type of forgery.

•  Denial of service. An attack that makes some or all of the network unusable. Typical attacks either flood parts of the network with traffic or render network components unusable.

1) For each of the six types of attacks, give an example of how the attack occurs on a network.

Answer 1

1.
Physical theft. Someone steals network hardware, like wires, hubs, or other equipment that keeps the network running.

Example =>

Attempts to destroy or steal network architecture or systems in an old-school. Stolen laptops,hubs are a common example.


2. Subversion. Someone modifies or otherwise takes over part of the network so that it enables an attack. For example, an attacker might reroute traffic to allow its interception. Note that in networking, this threat involves physical or logical changes to network components. It does not involve changes to network traffic.

Example =>

Most malware(malicious software performs activities on the victim's computer system like worm can spreads actively by sending copies of itself via LAN or Internet, email communication so will spread by network to multple hosts) attacks represent subversion

3. Disclosure. An attacker’s computer intercepts copies of network data intended for others. While this may pose no risk for a lot of network traffic, this type of eavesdropping may yield passwords or other data that enables a more serious attack.

Example =>

These attacks are failures of confidentiality. The attacks may involve other classes. For example, a malware package represents subversion, but many of them try to collect login credentials found on an infected computer.

or passing password in text {non encrypted way}, or authentication token in apis if passed as unencrypted way and in network intercepted by some one.


4. Forgery. Someone constructs a bogus message or modifies a legitimate message as part of an attack. For example, a bogus order could send merchandise without collecting payment.

Example =>
CROSS SITE REQUEST FORGERY (CSRF) ATTACK
tokens can be exposed at a number of points, including in browser history, HTTP log files, network appliances logging the first line of an HTTP request and referrer headers, if the protected site links to an external URL. These potential weak spots make tokens a less than full-proof solution.

5. Masquerade. A person tricks the network into sending messages claiming to be originated by someone else. In the networking environment, this behaves like a particular type of forgery.

Example =>
The attempt may come from within an organization, for example, from an employee; or from an outside user through some connection to the public network. Weak authentication provides one of the easiest points of entry for a masquerade, since it makes it much easier for an attacker to gain access. Once the attacker has been authorized for entry, they may have full access to the organization's critical data, and (depending on the privilege level they pretend to have) may be able to modify and delete software and data, and make changes to network configuration and routing information.

6. Denial of service. An attack that makes some or all of the network unusable. Typical attacks either flood parts of the network with traffic or render network components unusable.

Example =>
network will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network busy.