Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Suppose you are doing some online banking using your bank\'s website. An attacke

ID: 3841749 • Letter: S

Question

Suppose you are doing some online banking using your bank's website. An attacker has set up an active wiretap between your computer and your bank's server. After checking your balance and reading through your transactions, you attempt to log out. However, the attacker uses the active wiretap to send a message requesting to the bank a transfer from your account to an account they control. In the process, this causes your logout message to time out. Describe the ways in which this is an example of attacks on confidentiality, integrity, and/or availability.

Explanation / Answer

It is a Confidentiality Port Scanning attack.

Confidentiality, Integrity and Availability are the main three pillars of the network security.

Network Attacks against Confidentiality: Below listed are some methods of confidentiality attackers.

Packet Capturing (Packet Snifng): The attacker captures the data packets in travel and once captured able read the sensitive data like passwords or card numbers if the network traffic not encrypted, in this way Wireshark widely used as packet capture software.

Password Attacks: Such attacks are used to hack the passwords of users for computer to gain access. Two types of password attacks are dictionary based attack here an attacker tries each of the words in a dictionary or commonly used passwords to hack the user password and brute force attack here an attacker tries every single possible password combinations using Brute Force hacking tools to hack the user password.

Port Scanning: such case the attacker tries to discover the services running on a target computer by scanning the TCP/UDP ports and the attacker tries to establish connection to the TCP/UDP ports to find out which ports are open on a target computer. After finding the attacker can find out which service is running on a target computer and which software product is running on a target computer. Finally attacker can attack and hack the target computer negotiating vulnerability in that software product.

Ping Sweeps: Here the intruder sends ping ICMP ECHO packets to a range of IP addresses to find out which one respond with an ICMP ECHO REPLY. Hence the attacker can identify which computers are up and which computers are down.

Dumpster Diving: It is searching through company dumpsters for any information that can be useful for an attacker for attacking the network.

Wiretapping: A type of network attack where the attacker hacks the telecommunication devices listen to the phone calls of others.

Keylogger: A program that runs in the background of a computer, logging the user’s keystrokes, after a user enters a password, it is stored in the log created by the keylogger and forwarded to the attacker.

Phishing and Pharming: Phishing is an attempt to hack sensitive information by sending unsolicited emails with fakes URLs. Pharming is aimed at redirecting the traffic of one website to another website.

Social Engineering: Here someone with very good interactive skills manipulates others into revealing information about network that can be used to steal data.

Network Attacks against Integrity:

Salami attacks: A series of minor data security attacks that together result in a larger attack.

Data diddling attacks: An illegal or unauthorized data alteration. Changing data before or as it is input into a computer or output.

Trust relationship attacks: This exploit the trust between different devices in a network.

Man-in-the-middle attacks: The attacker sits between two devices that are communicating to manipulate the data as it moves between them.

Session hijacking attacks: The attacker hacks a computer session to gain unauthorized access to information or services in a computer system.

Network Attacks against Availability:

DoS (Denial of Service attacks): A type of attack to a network server with large number or service requests with it cannot handle. DoS (Denial of Service Attack) can causes the server to crash the server and legitimate users are denied the service.

DDoS (Distributed Denial of Service attacks): A type of DoS attack, originating from many attacking computers from different geographical regions.

SYN flood attacks and ICMP flood attacks: Here the attacker sends many TCPSYN packets to initiate a TCP connected, but never send a SYN-ACK pack back. In ICMP flood attack the victim computer is sent with many false ICMP packets.

Electrical power attacks: Attacks involve power loss, reduction, or spikes.

Server Room Environment attacks: Fire, Temperature, water, humidity etc

Related Questions

Suppose you are climbing a hill whose shape is given by the equation below, wher
Question #3031214
Suppose you are climbing a hill whose shape is given by the equation below, wher
Question #3186765
Suppose you are climbing a hill whose shape is given by the equation z = 1200 -
Question #2839105
Suppose you are climbing a hill whose shape is given by the equation z = 1300 -
Question #2859327
Suppose you are climbing a hill whose shape is given by the equation z = 1400 -
Question #2874019
Suppose you are climbing a hill whose shape is given by the equation z = 1500 -
Question #3006152
Suppose you are climbing a hill whose shape is given by the equation z-1200-0.00
Question #2895130
Suppose you are climbing a hill whose shape is given by the equation z=1000-0.00
Question #2856932
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Suppose you are doing research on whether maternal income affects newborn birth
Next
Suppose you are done eating at a restaurant and have some food leftover that you

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.