Abstract image of a woman sitting on books and studying on a laptop

week#03 Lecture #02.pptx, computer scien

Download as PPTX, PDF
G
graphicsra41

The document discusses various types of software attacks categorized as active and passive. Active attacks include methods like man-in-the-middle, spam, mail bombing, phishing, and social engineering, which manipulate communication to access sensitive information or disrupt services. Passive attacks focus on monitoring and analyzing network traffic, unauthorized disclosure of message content, and observing user behavior to extract private information.

1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Information Security SE- 308 Week 3(Lecture#02)
Software Attacks – Introduction – Attack – Types of Attacks – Active Attacks – Passive Attacks
Active Attacks (Cont’d) 10. Man-in-the-Middle attack • In a Man-in-the-Middle (MitM) attack, the attacker places himself between two communicating persons or systems, serving as an intermediate to stop and change the shared data without their knowledge. • MitM attacks can occur in several scenarios, such as on unsecured Wi-Fi networks, compromised routers, or through the use of malicious software.
Man-in-the-Middle
Active Attacks (Cont’d) 11. Spam • Spam is unwanted advertisements or promotional e-mails. • Sometimes, spam emails can also be dangerous because they might contain viruses or other harmful software. • Many organizations try to manage these spam emails by using e-mail filtering technologies.
Active Attacks (Cont’d) 12. Mail Bombing • In a Mail Bombing attack, the attacker sends a large volume of emails to a target their email server or mailbox. • The goal is to damage the email service, consume server resources, and potentially make the target's email account or system inaccessible to users.
Mail Bombing
Active Attacks (Cont’d) 13. Phishing • In a phishing attack, attackers use fake emails, links or messages pretending to be from trusted places to trick you into giving away personal information such as usernames, passwords, or credit card details. • Relies on fake emails or websites that mimic trusted institutions (like banks, social media sites). • Example: • You receive an email claiming to be from your bank, asking you to click a link to verify your account. The link directs you to a fake website designed to steal your login details.
Active Attacks (Cont’d) 14. Social Engineering Attack: • Social engineering involves manipulating or tricking people into revealing confidential information. • Attackers use psychological manipulation to convince victims to provide sensitive data or perform actions (e.g., sharing passwords or installing malware). • This can happen through direct interaction, like a phone call, physical interactions, or indirectly through email or messaging. Example: • If someone calls you pretending to be from your bank and informs you about an issue with your ATM card, asking you to verify or provide personal details to unblock it, be careful. This could be a social engineering strategy aimed at tricking you into revealing sensitive information.
Passive Attacks 1. Traffic analysis • Traffic analysis is a method used to monitor and analyze patterns, volumes, and trends in network traffic without capturing the actual content of the data packets. • Instead of examining the content of communications, traffic analysis focuses on observing communication patterns to gain insights into network behavior, user activities, and communication dynamics.
Passive Attacks (Cont’d) 2. Release of message content • The release of message content refers to the unauthorized disclosure, or exposure of the actual content of a message, communication, or data transmission to unauthorized entities. • This can occur when sensitive or confidential information in a message is exposed, made public, or accessed without authorization.
Release of message content
Passive Attacks (Cont’d) 3. Sniffer • The attacker captures and analyzes the actual data packets transmitted over a network to inspect their content for extraction of information especially on TCP/IP networks where they are often referred to as packets. • Example: Capturing and examining the data packets exchanged between a user's device and a web server.
Passive Attack (Cont’d) 4. Timing Attack • A timing attack is a type of attack where an attacker attempts to observe secret information such as a cryptographic or secret key by analyzing the time taken by a system to perform cryptographic operations.
Passive Attack (Cont’d) 5. Shoulder Surfing • Observing or spying on individuals as they enter or view sensitive information such as passwords, and personal identification numbers PINs in public places or shared environments. • Example: • An example of shoulder surfing would be if you're at an ATM and someone behind you is watching as you enter your PIN. They can later use that information to access your bank account.
Shoulder Surfing
Passive Attack (Cont’d) 6. Video Surveillance: • Monitoring and recording video footage of individuals, locations, or activities using surveillance cameras, CCTV systems, or other monitoring devices without their knowledge or consent. Example: • Use hidden cameras or surveillance systems to spy on employees, customers, or visitors in public or private spaces.
Thank you

More Related Content

DOCX
CNS unit -1.docx
Padamata Rameshbabu
 
PDF
A mit m
Hai Nguyen
 
PPTX
Attacks Types
RajuPrasad33
 
PPTX
Active and Passive Network Attacks
Pradipta Poudel
 
PPTX
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 
PPTX
typesofattacks-180418113629 255536155.pptx
abduganiyevbekzod011
 
PPTX
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
PPT
COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt
gadisaAdamu
 
CNS unit -1.docx
Padamata Rameshbabu
 
A mit m
Hai Nguyen
 
Attacks Types
RajuPrasad33
 
Active and Passive Network Attacks
Pradipta Poudel
 
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 
typesofattacks-180418113629 255536155.pptx
abduganiyevbekzod011
 
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt
gadisaAdamu
 

Similar to week#03 Lecture #02.pptx, computer scien(20)

PDF
typesofattacks-180418113629.pdf
surajthakur474818
 
PPTX
Types of attacks
Vivek Gandhi
 
PPTX
Lecture 3.pptx
MuhammadRehan856177
 
PPTX
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
PPTX
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
PPTX
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
PPTX
CNS Module 1 in cryptography and network security
bodamaddy
 
PPTX
Information security ist lecture
Zara Nawaz
 
PPTX
information security (network security methods)
Zara Nawaz
 
PPTX
cyber security.pptx
Tapan Khilar
 
PPT
Unauthorized access, Men in the Middle (MITM)
Balvinder Singh
 
PPTX
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
NiharikaGuptas
 
PPTX
week#03 Lecture #01.pptx computer scienc
graphicsra41
 
PPTX
NIS1ppt (1).pptxhgfchgfhgfhgfgjdgfdhgdhgfehft
balajihegade1648
 
PPTX
cryptography Threat - Attack presentation.pptx
sreepriyap9
 
PPT
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
PPTX
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
PDF
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
PPT
Security Attacks.ppt
Zaheer720515
 
PPTX
INFO.pptx this is reagarding to the information system security and types of ...
sagar490070
 
typesofattacks-180418113629.pdf
surajthakur474818
 
Types of attacks
Vivek Gandhi
 
Lecture 3.pptx
MuhammadRehan856177
 
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
CNS Module 1 in cryptography and network security
bodamaddy
 
Information security ist lecture
Zara Nawaz
 
information security (network security methods)
Zara Nawaz
 
cyber security.pptx
Tapan Khilar
 
Unauthorized access, Men in the Middle (MITM)
Balvinder Singh
 
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
NiharikaGuptas
 
week#03 Lecture #01.pptx computer scienc
graphicsra41
 
NIS1ppt (1).pptxhgfchgfhgfhgfgjdgfdhgdhgfehft
balajihegade1648
 
cryptography Threat - Attack presentation.pptx
sreepriyap9
 
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
Security Attacks.ppt
Zaheer720515
 
INFO.pptx this is reagarding to the information system security and types of ...
sagar490070
 

Recently uploaded(20)

PDF
TrustArc Webinar - Data Minimization in Practice_ Reducing Risk, Enhancing Co...
TrustArc
 
PPTX
Blending method and technology for hydrogen.pptx
PradipChanda5
 
PDF
The Digital Engine Room: Unlocking APAC’s Economic and Digital Potential thro...
flintglobalapac
 
PDF
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
PDF
Uncertainty-aware contextual multi-armed bandits for recommendations in e-com...
IAESIJAI
 
PDF
“Introduction to Designing with AI Agents,” a Presentation from Amazon Web Se...
Edge AI and Vision Alliance
 
PPTX
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
PDF
Revolutionizing recommendations a survey: a comprehensive exploration of mode...
IAESIJAI
 
PDF
Examining Bias in AI Generated News Content.pdf
Government
 
PDF
TicketRoot: Event Tech Solutions Deck 2025
TicketRoot
 
PDF
Altius execution marketplace concept.pdf
Wandor
 
PDF
State of AI in Business 2025 - MIT NANDA
Razin Mustafiz
 
PDF
【AI論文解説】高速・高品質な生成を実現するFlow Map Models(Part 1~3)
Sony - Neural Network Libraries
 
PDF
eBook Outline_ AI in Cybersecurity – The Future of Digital Defense.pdf
samalmaheswar155
 
PPT
Overviiew on Intellectual property right
Ritu Maity
 
PPTX
Slides World Game (s) Great Redesign Eco Economic Epochs.pptx
Steven McGee
 
PDF
GDG Cloud Southlake #45: Patrick Debois: The Impact of GenAI on Development a...
James Anderson
 
PDF
Decision Optimization - From Theory to Practice
Eray Cakici
 
PPTX
Strategic Picks — Prioritising the Right Agentic Use Cases [2/6]
suhanisingh58689
 
PPTX
From XAI to XEE through Influence and Provenance.Controlling model fairness o...
Paolo Missier
 
TrustArc Webinar - Data Minimization in Practice_ Reducing Risk, Enhancing Co...
TrustArc
 
Blending method and technology for hydrogen.pptx
PradipChanda5
 
The Digital Engine Room: Unlocking APAC’s Economic and Digital Potential thro...
flintglobalapac
 
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
Uncertainty-aware contextual multi-armed bandits for recommendations in e-com...
IAESIJAI
 
“Introduction to Designing with AI Agents,” a Presentation from Amazon Web Se...
Edge AI and Vision Alliance
 
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
Revolutionizing recommendations a survey: a comprehensive exploration of mode...
IAESIJAI
 
Examining Bias in AI Generated News Content.pdf
Government
 
TicketRoot: Event Tech Solutions Deck 2025
TicketRoot
 
Altius execution marketplace concept.pdf
Wandor
 
State of AI in Business 2025 - MIT NANDA
Razin Mustafiz
 
【AI論文解説】高速・高品質な生成を実現するFlow Map Models(Part 1~3)
Sony - Neural Network Libraries
 
eBook Outline_ AI in Cybersecurity – The Future of Digital Defense.pdf
samalmaheswar155
 
Overviiew on Intellectual property right
Ritu Maity
 
Slides World Game (s) Great Redesign Eco Economic Epochs.pptx
Steven McGee
 
GDG Cloud Southlake #45: Patrick Debois: The Impact of GenAI on Development a...
James Anderson
 
Decision Optimization - From Theory to Practice
Eray Cakici
 
Strategic Picks — Prioritising the Right Agentic Use Cases [2/6]
suhanisingh58689
 
From XAI to XEE through Influence and Provenance.Controlling model fairness o...
Paolo Missier
 

week#03 Lecture #02.pptx, computer scien

  • 1.
  • 2.
    Software Attacks – Introduction –Attack – Types of Attacks – Active Attacks – Passive Attacks
  • 3.
    Active Attacks (Cont’d) 10.Man-in-the-Middle attack • In a Man-in-the-Middle (MitM) attack, the attacker places himself between two communicating persons or systems, serving as an intermediate to stop and change the shared data without their knowledge. • MitM attacks can occur in several scenarios, such as on unsecured Wi-Fi networks, compromised routers, or through the use of malicious software.
  • 4.
  • 5.
    Active Attacks (Cont’d) 11.Spam • Spam is unwanted advertisements or promotional e-mails. • Sometimes, spam emails can also be dangerous because they might contain viruses or other harmful software. • Many organizations try to manage these spam emails by using e-mail filtering technologies.
  • 6.
    Active Attacks (Cont’d) 12.Mail Bombing • In a Mail Bombing attack, the attacker sends a large volume of emails to a target their email server or mailbox. • The goal is to damage the email service, consume server resources, and potentially make the target's email account or system inaccessible to users.
  • 7.
  • 8.
    Active Attacks (Cont’d) 13.Phishing • In a phishing attack, attackers use fake emails, links or messages pretending to be from trusted places to trick you into giving away personal information such as usernames, passwords, or credit card details. • Relies on fake emails or websites that mimic trusted institutions (like banks, social media sites). • Example: • You receive an email claiming to be from your bank, asking you to click a link to verify your account. The link directs you to a fake website designed to steal your login details.
  • 9.
    Active Attacks (Cont’d) 14.Social Engineering Attack: • Social engineering involves manipulating or tricking people into revealing confidential information. • Attackers use psychological manipulation to convince victims to provide sensitive data or perform actions (e.g., sharing passwords or installing malware). • This can happen through direct interaction, like a phone call, physical interactions, or indirectly through email or messaging. Example: • If someone calls you pretending to be from your bank and informs you about an issue with your ATM card, asking you to verify or provide personal details to unblock it, be careful. This could be a social engineering strategy aimed at tricking you into revealing sensitive information.
  • 10.
    Passive Attacks 1. Trafficanalysis • Traffic analysis is a method used to monitor and analyze patterns, volumes, and trends in network traffic without capturing the actual content of the data packets. • Instead of examining the content of communications, traffic analysis focuses on observing communication patterns to gain insights into network behavior, user activities, and communication dynamics.
  • 11.
    Passive Attacks (Cont’d) 2.Release of message content • The release of message content refers to the unauthorized disclosure, or exposure of the actual content of a message, communication, or data transmission to unauthorized entities. • This can occur when sensitive or confidential information in a message is exposed, made public, or accessed without authorization.
  • 12.
  • 13.
    Passive Attacks (Cont’d) 3.Sniffer • The attacker captures and analyzes the actual data packets transmitted over a network to inspect their content for extraction of information especially on TCP/IP networks where they are often referred to as packets. • Example: Capturing and examining the data packets exchanged between a user's device and a web server.
  • 14.
    Passive Attack (Cont’d) 4.Timing Attack • A timing attack is a type of attack where an attacker attempts to observe secret information such as a cryptographic or secret key by analyzing the time taken by a system to perform cryptographic operations.
  • 15.
    Passive Attack (Cont’d) 5.Shoulder Surfing • Observing or spying on individuals as they enter or view sensitive information such as passwords, and personal identification numbers PINs in public places or shared environments. • Example: • An example of shoulder surfing would be if you're at an ATM and someone behind you is watching as you enter your PIN. They can later use that information to access your bank account.
  • 16.
  • 17.
    Passive Attack (Cont’d) 6.Video Surveillance: • Monitoring and recording video footage of individuals, locations, or activities using surveillance cameras, CCTV systems, or other monitoring devices without their knowledge or consent. Example: • Use hidden cameras or surveillance systems to spy on employees, customers, or visitors in public or private spaces.
  • 18.