An unauthorized user gaining physical access to a computer is often able to compromise security by making operating system modifications, installing software worms, keyloggers, or covert listening devices. They may be able to easily download data. Even when the system is protected by standard security measures, these may be able to be by passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.
Eavesdropping[edit]
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks.
Spoofing[edit]
Spoofing of user identity describes a situation in which one person or program successfully masquerades as another by falsifying data.
Tampering[edit]
Tampering describes an malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers[3]are examples.
Repudiation[edit]
Repudiation describes a situation where the authenticity of a signature is being challenged.
Information disclosure[edit]
Information disclosure (privacy breach or data leak) describes a situation where information, thought to be secure, is released in an untrusted environment.
Privilege escalation[edit]
Privilege escalation describes a situation where an attacker gains elevated privileges or access to resources that were once restricted to them.
Exploits[edit]
Main article: Exploit (computer security)
An exploit is a software tool designed to take advantage of a flaw in a computer system. This frequently includes gaining control of a computer system, allowingprivilege escalation, or creating a denial of service attack. The code from exploits is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs.
Social engineering and trojans[edit]
Main article: Social engineering (security)
See also: Category:Cryptographic attacks
social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.[4]
Indirect attacks[edit]
An indirect attack is an attack launched by a third-party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the Tor onion router system.
No comments:
Post a Comment