An attack can be active or passive.
- An "active attack" attempts to alter system resources or affect their operation.
- A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. (E.g., see: wiretapping.)
An attack can be perpetrated by an insider or from outside the organization;
- An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
- An "outside attack" is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
The term "attack" relates to some other basic security terms as shown in the following diagram:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
A
resource (both physical or logical), called an asset, can have one or
more vulnerabilities that can be exploited by a threat agent in a
threat action. The result can potentially compromises the
Confidentiality, Integrity or Availability
properties of resources (potentially different that the vulnerable one)
of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of Information Security.
The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. A "passive attack"
attempts to learn or make use of information from the system but does
not affect system resources: so it compromises Confidentiality.
A Threat is a potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could breach
security and cause harm. That is, a threat is a possible danger that
might exploit a vulnerability. A threat can be either "intentional"
(i.e., intelligent; e.g., an individual cracker or a criminal
organization) or "accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of an "act of God" such as an
earthquake, a fire, or a tornado).
A
set of policies concerned with information security management, the
information security management systems (ISMS), has been developed to
manage, according to Risk management principles, the countermeasures in
order to accomplish to a security strategy set up following rules and
regulations applicable in a country.
An attack should led to a security incident i.e. a security event that involves a security violation. In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached.
The overall picture represents the risk factors of the risk scenario.
An
organization should make steps to detect, classify and manage security
incidents. The first logical step is to set up an Incident response
plan and eventually a Computer emergency response team.
In order
to detect attacks, a number of countermeasures can be set up at
organizational, procedural and technical levels. Computer emergency
response team, Information technology security audit and Intrusion
detection system are example of these.
Tidak ada komentar:
Posting Komentar