Definitions[]
Computer security[]
An attack is
“ | [a]ny kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.[1] | ” |
“ | [a]n attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, system availability, or confidentiality.[2] | ” |
“ | [a] deliberate attempt to compromise the security of a computer system or deprive others of the use of the system.[3] | ” |
Cybersecurity[]
“ | any type of intentional exploitation of a vulnerability by a source of threat, including for breach of confidentiality.[4] | ” |
Overview[]
Attacks may be passive or active. The fact that an attack occurs does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures.
“ | Tracing attacks is generally difficult, because serious attackers are likely to launder their connections to the target. That is, an attacker will compromise some intermediate targets whose vulnerabilities are easy to find and exploit, and use them to launch more serious attacks on the ultimate intended target.[5] | ” |
Network or system owners can adopt practices and technologies that improve resistance to attacks or that prevent attacks from disrupting communications or operations, or from compromising or corrupting information.
Attack protection, prevention, and preemption are essential functional cyber security capabilities. Their goal is to provide an enterprise-wide capability to intercept a malicious attack, thereby preventing disruption, compromise, or misappropriation of networks, systems, or information. Robust attack protection, prevention, and preemption capabilities help mitigate threats and reduce the ability of adversaries to exploit vulnerabilities.
There are two different attack protection, prevention, and preemption strategies. The proactive strategy shields healthy network or system components or services to prevent them from becoming contaminated, corrupted, or compromised. The reactive strategy temporarily isolates compromised network or system components or services to prevent them from contaminating, corrupting, or compromising healthy assets. To be effective, both the proactive and the reactive security capabilities need to be deployed at all levels of enterprise systems.
In addition, attack protection, prevention, and preemption capabilities should be governed by a flexible, adaptable concept of operations. Not all attacks have the same scope or operational impact. Accordingly, the configuration and operation of the attack protection, prevention, and preemption capability should change in accordance with attack severity and intent (i.e., the approach must be adaptable to the nature of the attack and the assets being attacked).
State of the art[]
A variety of laws, regulations, and/or institutional policies require agencies and other organizations to be able to respond to security incidents, prevent disruption to normal operations, and isolate compromised networks and systems. Many current commercial offerings are primarily limited to reactive intrusion-detection tools using signature- and rule-based algorithmic techniques, which use preset identification rules to distinguish authorized from unauthorized access. These tools are labor-intensive to use, require constant updating, and provide only limited protection. Even though updates are released much more quickly today than in the past, the result is an arduous configuration control and patch management task.
For example, major vendors are constantly issuing updates and patches to operating systems or applications to fix security holes. In some instances, these updates and patches reopen existing vulnerabilities or create new ones while fixing the targeted problem. Many organizations, such as those operating safety-critical infrastructure systems, have policies that require all upgrades and patches to be thoroughly tested before being deployed to operational systems. But hackers now are also able to reverse-engineer patches to discover the vulnerabilities and rapidly launch attacks that exploit them before the patches can be widely deployed. This becomes a recurring cycle as new upgrades and patches are released more frequently and reverse engineering methods used by hackers improve.
References[]
- ↑ CNSSI 4009, at 8.
- ↑ NIST Special Publication 800-82, at B-1.
- ↑ Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
- ↑ Cybersecurity Policy Making at a Turning Point: Analysing a New Generation of National Cybersecurity Strategies for the Internet Economy, at 16 n.10.
- ↑ Cybersecurity Today and Tomorrow: Pay Now or Pay Later, at 4, n.9.
See also[]
- Account take over attack
- Active attack
- Application server attack
- Attack assessment
- Attack program
- Attack signature
- Attack surface
- Attack vector
- Attacker
- Attacker toolkit
- Attacker tools
- Blended attack
- Border Gateway Protocol attack
- Brute force attack
- Brute force password attack
- Buffer overflow attack
- Common Attack Pattern Enumeration and Classification
- Computer attack
- Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress
- Computer network attack
- Coordinated cyber-physical attack
- Content injection attack
- Council Framework Decision on Combating Serious Attacks Against Information Systems
- Cross-site scripting
- Cyberattack
- Data driven attack
- Denial-of-service attack
- Dictionary attack
- Direct attack
- Distributed denial-of-service attack
- Dual-connect attack scenario
- Electronic attack
- Email social engineering attack
- Evil twin attack
- Flood attack
- Fuzzing attack
- Guest-hopping attack
- Hazardous file type
- Hostname lookup attack
- Hypervisor attack
- Indirect attack
- Information attack
- Information Security—Computer Attacks at Department of Defense Pose Increasing Risks: A Report to Congressional Requesters
- Insider attack
- Instant messaging attack
- Internet infrastructure attacks
- Laboratory attack
- Leapfrog attack
- Local denial-of-service attack
- Local penetration attack
- Man-in-the-middle attack
- Mass-injection attack
- Message replay attack
- Network attack
- Nitro attacks
- Nontargeted attack
- Off-line attack
- On-line attack
- Operating system command injection
- Outside attack
- Passive attack
- Password guessing attack
- Penetration attack
- Physical attack
- Piggyback attack
- Protecting Europe Against Large-scale Cyber-attacks
- Protecting Europe from Large-scale Cyber-attacks and Disruptions: Enhancing Preparedness, Security and Resilience
- Proxy attack
- Random attack
- Reflection attack
- Remote penetration attack
- Replay attack
- Reply attack
- Side channel attack
- Size correlation attack
- Smartphone data attack scenario
- Smurf attack
- SQL injection
- Supply chain attack
- Sybil attack
- System reconfiguration attack
- Targeted attack
- Technical attack
- Untargeted attack
- Verifier impersonation attack
- Warehouse attack
- Web application attack
- Web attack
- Web client attack
- Whitewashing attack
- Wireless man-in-the-middle attack