The introduction of distributed systems and the use of networks and communications facilities—wireline and now increasingly wireless—have increased the need for network security measures to protect data—both real-time and non-real-time—during transmission. To assess the security needs effectively and evaluate and choose the most effective solution a systematic definition of the security goals or requirements and understanding of the threats is a necessity. In this article the security threats are discussed, whereas the next article will focus on the security goals and which goal will counter a given security threat.
Security threats or security issues can be divided into two types: passive and active threats. Passive threats stem from individuals attempting to gain information that can be used for their benefit or maybe to perform active attacks at a later time. Active threats are those where the intruder does some modification to the data, network, or traffic in the network. In the following section the most common active and passive threats are discussed.
A passive threat is a situation when an intruder does not do anything to the network or traffic under attack but collects information for personal benefit or for future attack purposes. Two basic passive threats are described as follows:
- Eavesdropping: This has been a common security threat to human beings for ages. In this attack the intruder listens to things he or she is not supposed to listen to. This information could contain, for example, the session key used for encrypting data during the session. This kind of attack means that the intruder can get information that is at times strictly confidential.
- Traffic analysis: This is a subtle form of passive attack. It is possible that at times for the intruder knowing the location and identity of the communicating device or user is enough. An intruder might only require information like a message has been sent, who is sending the message to whom, and at the frequency or size of the message. Such a threat is known as traffic analysis.
An active threat arises when an intruder directly attacks the traffic and the network and causes a modification of the network, data, etc. A list of common active attacks follows:
- Masquerade: This is an attack in which an intruder pretends to be a trusted user. Such an attack is possible if the intruder captures information about the user like the authentication data, simply the username and the password. Sometimes the term spoofing is used for masquerade.
- Authorization violation: An intruder or even a trusted user uses a service or resources it is not intended to use. In the case of an intruder this threat is similar to the masquerading; having entered the network the intruder can access services it is not authorized to access. On the other hand a trusted user can also try to access unauthorized services or resources; this could be done by the user performing active attacks on the network or simply by lack of security in the network/system.
- Denial of service (DoS): DoS attacks are performed to prevent or inhibit normal use of communications facilities. In the case of wireless communications it could be as simple as causing interference or it could be done by sending data to a device and overloading the central processing unit (CPU) or draining the battery. Such attacks could also be performed on a network by, for example, flooding the network with unwanted traffic.
Sabotage is also a form of DoS attack. A DoS attack termed as sabotage could also mean the destruction of the system itself.
- Modification or forgery of information: An intruder creates new information in the name of a legitimate user or modifies or destroys the information being sent. It could also be that the intruder simply delays the information being sent. An example is an original message “Allow Neeli Prasad to read confidential Source Codes” modified to “Allow Anand Prasad to read confidential Source Codes.”