Security Basics: Threats and Attacks
The introduction of distributed systems and the use of networks and communications facilities—wireline and now increasingly wireless—have increased the need for network security measures to protect data—both real-time and non-real-time—during transmission. To assess the security needs effectively and evaluate and choose the most effective solution a systematic definition of the security goals or requirements and understanding of the threats is a necessity. In this article the security threats are discussed, whereas the next article will focus on the security goals and which goal will counter a given security threat.
Threats
Security threats or security issues can be divided into two types: passive and active threats. Passive threats stem from individuals attempting to gain information that can be used for their benefit or maybe to perform active attacks at a later time. Active threats are those where the intruder does some modification to the data, network, or traffic in the network. In the following section the most common active and passive threats are discussed.
Passive Threats
A passive threat is a situation when an intruder does not do anything to the network or traffic under attack but collects information for personal benefit or for future attack purposes. Two basic passive threats are described as follows:
- Eavesdropping: This has been a common security threat to human beings for ages. In this attack the intruder listens to things he or she is not supposed to listen to. This information could contain, for example, the session key used for encrypting data during the session. This kind of attack means that the intruder can get information that is at times strictly confidential.
- Traffic analysis: This is a subtle form of passive attack. It is possible that at times for the intruder knowing the location and identity of the communicating device or user is enough. An intruder might only require information like a message has been sent, who is sending the message to whom, and at the frequency or size of the message. Such a threat is known as traffic analysis.
Active Threats
An active threat arises when an intruder directly attacks the traffic and the network and causes a modification of the network, data, etc. A list of common active attacks follows:
- Masquerade: This is an attack in which an intruder pretends to be a trusted user. Such an attack is possible if the intruder captures information about the user like the authentication data, simply the username and the password. Sometimes the term spoofing is used for masquerade.
- Authorization violation: An intruder or even a trusted user uses a service or resources it is not intended to use. In the case of an intruder this threat is similar to the masquerading; having entered the network the intruder can access services it is not authorized to access. On the other hand a trusted user can also try to access unauthorized services or resources; this could be done by the user performing active attacks on the network or simply by lack of security in the network/system.
- Denial of service (DoS): DoS attacks are performed to prevent or inhibit normal use of communications facilities. In the case of wireless communications it could be as simple as causing interference or it could be done by sending data to a device and overloading the central processing unit (CPU) or draining the battery. Such attacks could also be performed on a network by, for example, flooding the network with unwanted traffic.
Sabotage is also a form of DoS attack. A DoS attack termed as sabotage could also mean the destruction of the system itself.
- Modification or forgery of information: An intruder creates new information in the name of a legitimate user or modifies or destroys the information being sent. It could also be that the intruder simply delays the information being sent. An example is an original message “Allow Neeli Prasad to read confidential Source Codes” modified to “Allow Anand Prasad to read confidential Source Codes.”
Anand R. Prasad
Dr. Anand R. Prasad is a global leader and expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, SOC, Wi-Fi, mobile devices, enterprise and built GRC processes from scratch.
Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry. Dr. Prasad is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF and Advisory to GuardRails. Prior to which he was Chief Information Security Officer of Rakuten Mobile, the world's leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations.
With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer reviewed publications. Anand was the Chairman of 3GPP SA3 where he led the standardization of 5G security. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands. He is a Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of Cybersecurity Magazine.