attack

An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

The intentional act of attempting to bypass one or more security services or controls of an information system.

An intentional act by which an entity attempts to evade security services and violate the security policy of a system. That is, an actual assault on system security that derives from an intelligent threat. (See: penetration, violation, vulnerability.)

A method or technique used in an assault (e.g., masquerade). (See: blind attack, distributed attack.)

Tutorial: Attacks can be characterized according to intent:

• An "active attack" attempts to alter system resources or affect their operation.
• A "passive attack" attempts to learn or make use of information from a system but does not affect system resources of that system. (See: wiretapping.)

The object of a passive attack might be to obtain data that is needed for an off-line attack.

• An "off-line attack" is one in which the attacker obtains data from the target system and then analyzes the data on a different system of the attacker's own choosing, possibly in preparation for a second stage of attack on the target.

Attacks can be characterized according to point of initiation:

• An "inside attack" is one that is initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by the party that granted the authorization.
• An "outside attack" is initiated from outside the security perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments. Attacks can be characterized according to method of delivery:
• In a "direct attack", the attacker addresses attacking packets to the intended victim(s).
• In an "indirect attack", the attacker addresses packets to a third party, and the packets either have the address(es) of the intended victim(s) as their source address(es) or indicate the intended victim(s) in some other way. The third party responds by sending one or more attacking packets to the intended victims. The attacker can use third parties as attack amplifiers by providing a broadcast address as the victim address (e.g., "smurf attack"). (See: reflector attack. Compare: reflection attack, replay attack.)

The term "attack" relates to some other basic security terms as shown in the following diagram:

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • -+ | An Attack: | |Counter- | | A System Resource: | | i.e., A Threat Action | | measure | | Target of the Attack | | +----------+ | | | | +-----------------+ | | | Attacker |<==================||<========= | | | | i.e., | Passive | | | | | Vulnerability | | | | A Threat |<=================>||<========> | | | | Agent | or Active | | | | +-------|||-------+ | | +----------+ Attack | | | | VVV | | | | | | Threat Consequences |
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • -+