Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
36 views18 pages

Week#03 Lecture #02

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
36 views18 pages

Week#03 Lecture #02

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Information Security

SE-308
Week 3(Lecture#02)
Software Attacks

– Introduction
– Attack
– Types of Attacks
– Active Attacks
– Passive Attacks
Active Attacks (Cont’d)
10. Man-in-the-Middle attack

• In a Man-in-the-Middle (MitM) attack, the attacker


places himself between two communicating
persons or systems, serving as an intermediate
to stop and change the shared data without their
knowledge.

• MitM attacks can occur in several scenarios, such


as on unsecured Wi-Fi networks, compromised
routers, or through the use of malicious software.
Man-in-the-Middle
Active Attacks (Cont’d)
11. Spam
• Spam is unwanted advertisements or
promotional e-mails.

• Sometimes, spam emails can also be


dangerous because they might contain
viruses or other harmful software.

• Many organizations try to manage these


spam emails by using e-mail filtering
technologies.
Active Attacks (Cont’d)

12. Mail Bombing


• In a Mail Bombing attack, the attacker
sends a large volume of emails to a target
their email server or mailbox.

• The goal is to damage the email service,


consume server resources, and potentially
make the target's email account or system
inaccessible to users.
Mail Bombing
Active Attacks (Cont’d)
13. Phishing
• In a phishing attack, attackers use fake emails,
links or messages pretending to be from trusted
places to trick you into giving away personal
information such as usernames, passwords, or
credit card details.
• Relies on fake emails or websites that mimic
trusted institutions (like banks, social media sites).

• Example:
• You receive an email claiming to be from your
bank, asking you to click a link to verify your
account. The link directs you to a fake website
designed to steal your login details.
Active Attacks (Cont’d)
14. Social Engineering Attack:
• Social engineering involves manipulating or tricking
people into revealing confidential information.
• Attackers use psychological manipulation to convince
victims to provide sensitive data or perform actions
(e.g., sharing passwords or installing malware).
• This can happen through direct interaction, like a phone
call, physical interactions, or indirectly through email or
messaging.

Example:
• If someone calls you pretending to be from your bank
and informs you about an issue with your ATM card,
asking you to verify or provide personal details to
unblock it, be careful. This could be a social engineering
strategy aimed at tricking you into revealing sensitive
Passive Attacks

1. Traffic analysis
• Traffic analysis is a method used to
monitor and analyze patterns, volumes,
and trends in network traffic without
capturing the actual content of the data
packets.

• Instead of examining the content of


communications, traffic analysis focuses
on observing communication patterns to
gain insights into network behavior, user
activities, and communication dynamics.
Passive Attacks (Cont’d)
2. Release of message content
• The release of message content refers to
the unauthorized disclosure, or exposure
of the actual content of a message,
communication, or data transmission to
unauthorized entities.

• This can occur when sensitive or


confidential information in a message is
exposed, made public, or accessed without
authorization.
Release of message content
Passive Attacks (Cont’d)
3. Sniffer
• The attacker captures and analyzes the
actual data packets transmitted over a
network to inspect their content for
extraction of information especially on
TCP/IP networks where they are often
referred to as packets.

• Example: Capturing and examining the


data packets exchanged between a user's
device and a web server.
Passive Attack (Cont’d)

4. Timing Attack

• A timing attack is a type of attack


where an attacker attempts to
observe secret information such as a
cryptographic or secret key by
analyzing the time taken by a system
to perform cryptographic operations.
Passive Attack (Cont’d)
5. Shoulder Surfing
• Observing or spying on individuals as they
enter or view sensitive information such as
passwords, and personal identification
numbers PINs in public places or shared
environments.

• Example:
• An example of shoulder surfing would be if
you're at an ATM and someone behind you
is watching as you enter your PIN. They can
later use that information to access your
bank account.
Shoulder Surfing
Passive Attack (Cont’d)

6. Video Surveillance:
• Monitoring and recording video footage of
individuals, locations, or activities using
surveillance cameras, CCTV systems, or
other monitoring devices without their
knowledge or consent.

Example:
• Use hidden cameras or surveillance
systems to spy on employees, customers,
or visitors in public or private spaces.
Thank you

You might also like