Different Types of Attacks on a System
Before discussing different types of attacks on a system, let us define the following
- What is an attack?
- What is Operating System?
Attack:- An Attack is defined as “any attempt that made on a network to gain unauthorized access”. This is also called as cyber attack as the attacker may steal, alter or destroy the information.
Operating System:- Operating System is defined as “the system software that manages computer hardware, software resources, and provides common services for computer programs”. We can also define it as a program that acts as an intermediary between a user of a computer and the computer hardware. The main goal of Operating system is to solve user problems and execute user programs.
Now let us discuss different types of attacks on a system. There exist several approaches for an attacker to gain access to the system. One of the most common approach is to find the system’s weakness or vulnerabilities in the system and exploit the system. The following are the different types of attacks on a system.
- Operating System Attacks
- MisConfiguration Attacks
- Application Level Attacks
- Shrink-Wrap Code Attacks
Operating Systems Attacks:- As discussed above in the definition that operating system runs many services such as graphical user interfaces (GUI’s) that support applications and system tools, and enable internet access. In Operating Systems attacks, “attackers look for vulnerabilities in OS such that they can exploit through vulnerabilities and gain access to the target system or network”.
The vulnerabilities in the OS can be open ports and services as most of the operating systems install these services and ports by default. These are the most common vulnerabilities found by attackers to gain access to an operating system. So, to prevent Operating System Attacks, we need to remove or disable those services and ports which are unnecessary for time being. The following figure depicts different kinds of operating systems.
Below are some of the OS Vulnerabilities listed
- Buffer Overflow Vulnerabilities
- Bugs in the Operating System
- An unpatched Operating System
Below are some attacks performed at the OS level
- Exploiting Specific Network Protocol implementations
- Attacking built-in Authentication Systems
- Breaking file-system security
- Cracking passwords and Encryption mechanisms
MisConfiguration Attacks:- MisConfiguration can be defined as “occurrence of errors while implementing all the security controls”. It may occur either at any stage like developing, deploying, or maintaining, etc. Due to this attackers gain unauthorized access to the systems and affect web servers, databases, etc. To prevent these kind of attacks, administrators need to change the default configuration of devices and deploy automated scanners.
Application-level Attacks:- We can define Application as “a program or software which can perform a specific function to an end user or for some another application”. The code for an application resides on the server and user access the application through web browser.
Since, the code for an application comes with more features and functionalities, there may be some undiscovered security holes or vulnerabilities leaving behind. This is the opportunity for an attacker to find these vulnerabilities and exploit using different techniques to gain access and steal data. To prevent these kind of attacks error checking or handling of applications must be strict.
Some of the examples of Application-level attacks are listed below
- Buffer Overflow attacks
- Cross-site scripting
- Session Hijacking
- SQL Injection
- Phishing
- Denial-of-Service Attacks
- Man-in-the-middle Attacks
- Directory Traversal Attacks
Shrink Wrap Code Attacks:- We know that the developers use free libraries and licensed code from other sources in their programs to reduce time and cost. Due to this importing, default configuration and settings of the libraries and code are unchanged which leads to shrink wrap code attacks.
Shrink Wrap Code Attacks are defined as “exploiting the default configuration and settings of the libraries and code”. To prevent these kind of attacks, we have to fine-tune every part of the code and make it more secure.
