A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. It is a potential violation of security, means that it is a possible danger that might exploit the vulnerability.
The attack is an assault on system security that derives from an intelligent threat, an i.e. attack is an intelligent act that is an intentional attempt to evade security services and violate the security policy of a system.
Threats can be categorized into four classes:
- Disclosure- Unauthorized access to information Snooping
- Deception- Acceptance of false data Modification, Spoofing, denial of receipt, Repudiation of origin
- Disruption- Interruption of correct operation Modification
- Usurpation- Unauthorized control of some part of system
- Modification, Spoofing, denial of service, delay
Snooping- It is an unauthorized interception of information. It is passive, means that some entity is listening to communications or browsing the system information. Passive wiretapping is an example of snooping where attackers monitors the network communications.
Modification- It is an unauthorized change of information. It is active, means that some entity is changing the information. Active wiretapping is an example of modification where data across the network is altered by the attackers.
Spoofing / Masquerading- It is an impersonation of one entity by another. E.g.: if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. Delegation is basically authorized spoofing. The difference is that the ones to which authority is delegated does not impersonate the delegator; he/she simply asserts authority to act as an agent for the delegator. So masquerading is a violation of security, whereas delegation is not.
Repudiation of origin- A false denial that an entity sent something, is a form of deception.
Denial of receipt- A false denial that an entity received some message or information, is a form of deception.
Delay- It is a temporal forbiddance of service. E.g.: If delivery of a message or a service requires time t; if an attacker can force the delivery time to be more than t, then there is delayed delivery.
Denial of service- It is an infinite delay i.e., a long-term inhibition of service. E.g., an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade the performance.