Add to collection(s) Add to saved
  1. No category
Uploaded by Cod Mobile

CS219 TUTORIAL SOLUTION 4

advertisement 
1
CS219 TUTORIAL SOLUTION
PREPARED BY: NIKHIL NITESH LAL
ID: S11200084
Tutorial (Week 04)
1
2
1. Anonymous Attacker: An anonymous attacker is an individual or group that attempts to
compromise a system or organization's security without revealing their true identity. They often
leverage various techniques to hide their tracks and mask their origin. Their motivations can
range from curiosity and personal challenge to more malicious intents like cybercrime,
hacktivism, or cyber espionage.
Characteristics:
•
•
•
•
Identity: Their identity is concealed, making it challenging to attribute the attack to a
specific person or group.
Motivation: Can be driven by a wide range of reasons, from financial gain to ideological
beliefs.
Access: Typically exploit vulnerabilities remotely to gain unauthorized access.
Impact: Can cause significant damage if successful, depending on their goals and
capabilities.
2. Malicious Insider: A malicious insider is an individual who already has authorized access to
an organization's systems or data, but misuses that access for personal gain, harm, or to leak
sensitive information. Insiders can be employees, contractors, or partners with legitimate access
to the system.
Characteristics:
•
•
•
•
Identity: Known within the organization, which can make their actions harder to detect
since they're already trusted.
Motivation: May be motivated by grievances, financial gain, espionage, or personal
vendettas.
Access: Exploits their authorized access to carry out attacks, making detection more
challenging.
Impact: Can cause severe damage due to their knowledge of the organization's systems
and potential access to sensitive data.
3. Trusted Attacker: A trusted attacker is an individual or entity that has been granted a higher
level of access or privileges within a system or organization, often due to their role or position.
This elevated access level can be abused to carry out attacks that might be harder to detect, as
they operate from a position of trust.
Characteristics:
•
Identity: Known and trusted within the organization, potentially making their actions even
harder to detect.
• Motivation: May abuse their higher access for financial gain, industrial espionage, or other
malicious activities.
• Access: Exploits their legitimate elevated access rights to execute attacks.
• Impact: Can cause significant damage due to their extensive access and potential insider
knowledge.
Comparison:
2
3
•
Identity: Anonymous attackers conceal their identity, while malicious insiders and trusted
attackers are known within the organization.
• Access: Anonymous attackers often exploit vulnerabilities remotely, while insiders and
trusted attackers leverage their authorized access.
• Motivation: All three categories can have varying motivations, but insiders and trusted
attackers might have better understanding and knowledge of the organization's motives.
• Detection: Insiders and trusted attackers can be harder to detect due to their legitimate
access, while anonymous attackers are harder to attribute.
• Impact: All three can cause substantial damage, but insiders and trusted attackers
potentially have more knowledge to cause targeted harm.
Contrast:
•
•
•
•
Identity: Anonymous attackers vs. known insiders/trusted attackers.
Access: Unauthorized access vs. authorized access.
Detection: Anonymity vs. difficulty in detecting insiders/trusted attackers.
Impact: Varies, but insiders/trusted attackers may have a higher potential for tailored and
sophisticated attacks.
In all cases, organizations must implement robust security measures, access controls, and
monitoring systems to mitigate the risks posed by these different types of attackers.
A **Denial-of-Service (DoS) attack** and a **Distributed Denial-of-Service (DDoS) attack**
are both malicious activities that aim to disrupt the availability of a target system, network, or
service. However, they differ in how they are executed and the scale of their impact.
**Denial-of-Service (DoS) Attack: **
In a DoS attack, a single source, which could be a single computer or a small network of
computers, attempts to overwhelm a target system or network with a flood of traffic, requests,
or data. The goal is to consume the target's resources, such as bandwidth, memory, or
processing power, to the point where it becomes unavailable to legitimate users. Common
methods used in DoS attacks include sending an excessive amount of traffic, exploiting
vulnerabilities to crash services, or flooding the target with malicious requests.
**Distributed Denial-of-Service (DDoS) Attack: **
A DDoS attack takes the concept of a DoS attack to a larger scale by involving multiple
sources. In a DDoS attack, a network of compromised computers (called a botnet) is used to
simultaneously flood the target with a massive volume of traffic, requests, or data. Each
compromised computer in the botnet, known as a "bot," sends a relatively small amount of
traffic, but when combined, their collective strength overwhelms the target's resources. These
bots can be computers infected with malware that grants control to the attacker.
3
4
**Key Differences: **
1. **Source of Attack Traffic: **
- DoS Attack: Traffic comes from a single source, often a single computer or a small network
of computers.
- DDoS Attack: Traffic comes from a distributed network of compromised computers,
forming a botnet.
2. **Traffic Volume: **
- DoS Attack: Generally, involves a lower volume of traffic compared to DDoS attacks.
- DDoS Attack: Involves a massive volume of traffic due to the combined efforts of multiple
compromised computers.
3. **Impact and Scalability: **
- DoS Attack: Can disrupt smaller systems, but the impact is limited by the resources of the
single attacking source.
- DDoS Attack: Can cause much larger disruptions due to the collective strength of the botnet,
making it more scalable and impactful.
4. **Detection and Mitigation:**
- DoS Attack: Easier to detect and mitigate since the source is limited and often identifiable.
- DDoS Attack: More challenging to mitigate as the traffic comes from various sources,
making it harder to distinguish between legitimate and malicious traffic.
5. **Efficiency for Attacker:**
- DoS Attack: Requires fewer resources to launch but has a more limited impact.
- DDoS Attack: Requires a larger effort to assemble and manage a botnet but can have a
significantly higher impact.
Both types of attacks aim to disrupt services, cause financial losses, or achieve other malicious
goals. To defend against these attacks, organizations deploy various strategies such as traffic
filtering, rate limiting, content delivery networks (CDNs), and cloud-based protection services.
1.
4
Related documents
Ch10
Ch10
Abstract
Abstract
01 Computer security overview - Department of Computer Science
01 Computer security overview - Department of Computer Science
Download
advertisement