Sometimes, an event that occurs on a computer or network is part of a series of steps to produce an unauthorized event. This event is then considered as part of an attack. An attack has several elements. First, it consists of several steps that the attacker makes. Among these steps we find an action brought by a target and the use of a tool to exploit a vulnerability. Secondly, an attack is intended to obtain an unauthorized result, viewed from the perspective of the user or administrator of the system in question. Finally, an attack is a series of voluntary steps that the attacker performs, so we have to distinguish an attack by a sequence of common actions.
Attacks have 5 parts which are logical steps that an attacker must make. The attacker uses a tool to exploit a vulnerability in order to obtain unauthorized result. To be successful, an attacker must find ways that can be connected simultaneously and repeatedly. The first two steps in an attack. tool and vulnerability, are used to cause an event to a computer or a network. More specifically, during a single attack, the attacker uses a tool to exploit a vulnerability that causes an action to an end. The logical end of a successful attack is an unauthorized result. If the logical end result of the previous steps is authorized, then virtually no attack took place.
The concept of authorized versus unauthorized is the key to understand what differentiates an attack from a normal events that occur.
- Authorized – approved by the user or administrator.
- Unauthorized – not approved by the user or administrator.
The tool is a way to exploit the vulnerability of a computer or network.
The types od used tools are:
- Physical atack – a way to escape or destroy a computer, network components and support systems (air conditioning, electricity, etc..)
- Information exchange – a way to get information either from other attackers (eg IRC), or from people who are attacked (social engineering)
- User command – way to exploit a weakness by placing scripts in a program.
- Script or program – exploitation of vulnerabilities by executing a batch file (script) or a program.
- Autonomous agent – use of a program or piece of software that operate independently of the user, examples are network viruses and worms.
- Viruses are small pieces of software that auto-reply or insert copies of its code in other programs when running an infected application. A different type of virus is “worm” that does not infect files on the disc, but is spreading with the network.
- Trojans are also fragments of programs but not self-replication ability, being inserted into normal programs. When the user runs the program, unintentionally is running the code snippet of “Trojan horse”, almost always with negative effects.
- Toolkit – a software package that contains commands, programs or independent agents that exploi the system weaknesses.
- Distributed tools – tools that are spread across multiple computers, which can be coordinated to conduct simultaneous attacks fot the same target.
- Data tap – means to monitor electromagnetic radiation emanated by a computer or network using external equipment.