Ver:
Tentativa de destruir, exponer, alterar, inhabilitar, robar, acceder
sin autorización o hacer un uso no autorizado de un activo [UNE-ISO/IEC 27000:2014]
Intento de
destruir, exponer, alterar o inhabilitar un sistema de información o la
información que el sistema maneja, o violar
alguna política de seguridad de
alguna otra manera. [ISO-18043:2006]
Explotación
de una o varias vulnerabilidades utilizando un método de ataque con una
oportunidad dada.
Ejemplos:
· gran oportunidad de uso de software falsificado o copiado debido a la ausencia total de concienciación o de información sobre la legislación referida a los derechos de autor;
· alteración del software por un virus debido a la facilidad para introducir programas de efectos dañinos en la red ofimática del organismo;
· ...
[EBIOS:2005]
Acción que
puede violar los sistemas y mecanismos de seguridad de un sistema de
información.
Tradicionalmente
los ataques se dividen, según el efecto que producen, en: interrupción,
interceptación, modificación y fabricación. Si se categorizan por el modo de actuación, se clasifican en: pasivos
(no modifican el estado atacando) y activos (alteran el sistema atacado).
[Ribagorda:1997]
1. Acciones
encaminadas a descubrir las claves secreta o privada de un criptosistema.
2. Cualquier
acción deliberada encaminada a violar los mecanismos de seguridad de un sistema
de información.
[CESID:1997]
attempt to
destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset [ISO/IEC 27000:2014]
Any kind of
malicious activity that attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself . [CNSSI_4009:2010]
1. (I) An
intentional act by which an entity attempts to evade security services and
violate the security policy of a system. That is, an actual assault on system
security that derives from an intelligent threat. (See: penetration, violation,
vulnerability.)
2. (I) A method
or technique used in an assault (e.g., masquerade).
Tutorial: Attacks
can be characterized according to intent:
·
An
"active attack" attempts to alter system resources or affect their
operation.
· A "passive attack" attempts to learn or make use of information from a system but does not affect system resources of that system. (See: wiretapping.)
The object of a
passive attack might be to obtain data that is needed for an off-line attack.
·
An
"off-line attack" is one in which the attacker obtains data from the
target system and then analyzes the data on a different system of the
attacker's own choosing, possibly in preparation for a second stage of attack
on the target.
Attacks can be
characterized according to point of initiation:
·
An
"inside attack" is one that is initiated by an entity inside the security
perimeter (an "insider"), i.e., an entity that is authorized to
access system resources but uses them in a way not approved by the party that granted
the authorization.
·
An
"outside attack" is initiated from outside the security perimeter, by
an unauthorized or illegitimate user of the system (an "outsider").
In the Internet, potential outside attackers range from amateur pranksters to
organized criminals, international terrorists, and hostile governments.
Attacks can be
characterized according to method of delivery:
·
In
a "direct attack", the attacker addresses attacking packets to the
intended victim(s). In an "indirect attack", the attacker addresses
packets to a third party, and the packets either have the address(es) of the
intended victim(s) as their source address(es) or indicate the intended
victim(s) in some other way. The third party responds by sending one or more
attacking packets to the intended victims. The attacker can use third parties
as attack amplifiers by providing a broadcast address as the victim address
(e.g., "smurf attack"). (See: reflector attack. Compare: reflection
attack, replay attack.)
[RFC4949:2007]
Any person
deliberately exploiting vulnerabilities in technical and non-technical security
controls in order to steal or compromise information systems and networks, or
to compromise availability to legitimate users of information system and
network resources. [ISO-18028-1:2006]
Attempts to
destroy, expose, alter, or disable an Information System and/or information
within it or otherwise breach the security policy. [ISO-18043:2006]
The activities
undertaken to bypass or exploit deficiencies in a system's security mechanisms.
By a direct attack on a system they exploit deficiencies in the underlying
algorithms, principles, or properties of a security mechanism. Indirect attacks
are performed when they bypass the mechanism, or when they make the system use
the mechanism incorrectly. [H.235:2005]
Exploiting one or
more vulnerabilities using an attack method with a given opportunity.
Examples:
·
strong
opportunity of using counterfeit or copied software resulting from total
absence of awareness or information concerning copyright legislation;
·
software
damaged by a virus through easy loading of malicious programmes onto the organisation's
office network;
·
etc.
[EBIOS:2005]
An attack is the
act of carrying out an exploit.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590-BSI.html
steps that an
adversary takes or may take to plan, prepare for, and execute an attack
Annotation: An
attack path may include recruitment, radicalization, and training of
operatives, selection and surveillance of the target, construction or
procurement of weapons, funding, deployment of operatives to the target,
execution of the attack, and related post-attack activities.
DHS Risk Lexicon,
September 2008
An attack path is
a path in an attack tree from a leaf node to the root node. An attack path can
be a simplistic representation of an attack pattern.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590-BSI.html
An attack pattern
is a general framework for carrying out a particular type of attack such as a
particular method for exploiting a buffer overflow or an interposition attack
that leverages architectural weaknesses. In this paper, an attack pattern
describes the approach used by attackers to generate an exploit against
software.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590-BSI.html
An attacker is
the person that actually executes an attack. Attackers may range from very
unskilled individuals leveraging automated attacks developed by others (script
kiddies) to well-funded government agencies or even large international
organized crime syndicates with highly skilled software experts.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590-BSI.html
An attempt by an unauthorized individual to fool
a Verifier or a Relying Party into believing that the unauthorized individual
in question is the Subscriber. [NIST SP-800-63:2013]
A party who acts with malicious intent to
compromise an information system. [NIST SP-800-63:2013]
An attack where
the Attacker obtains some data (typically by eavesdropping on an authentication
protocol run or by penetrating a system and stealing security files) that
he/she is able to analyze in a system of his/her own choosing. [NIST SP-800-63:2013]
An attack against
an authentication protocol where the Attacker either assumes the role of a
Claimant with a genuine Verifier or actively alters the authentication channel.
[NIST SP-800-63:2013]
The attack
surface of a system or asset refers to the collectively exposed portions of
that system or asset. A large attack surface means that there are many exposed
areas that an attack could target, while a small attack surface means that the
target is relatively unexposed. [knapp:2014]
An attack vector
is the direction(s) through which an attack occurs, often referring to specific
vulnerabilities that are used by an attacker at any given stage of an
attack.[knapp:2014]
Exploitation d'une ou
plusieurs vulnérabilités à l'aide d'une méthode d'attaque avec une opportunité
donnée.
Exemples:
·
forte
opportunité d'utilisation de logiciels contrefaits ou copiés du fait de
l'absence totale de sensibilisation ou d'information sur la législation des
droits d'auteur ;
·
altération
du logiciel par un virus du fait de la facilité d'introduire des logiciels à
effets malicieux sur le réseau bureautique de l'organisme ;
· ...
[EBIOS:2005]
Une tentative
d'exploitation d'une vulnérabilité d'un système IT [ISO-15947:2002]
Temas relacionados