There are many forms of attacks that leads to the violation of confidentiality. These can be divided into two parts a. Directed attacks and b. Non-directed attacks
Direct Attacks
- Capturing network traffic,
- Stealing password files
- Social engineering,
- Port scanning,
- Shoulder surfing,
- Eavesdropping,
- Sniffing,
- Privilege escalation
Non-directed Attacks
- Human error, oversight, or ineptitude
- Failing to properly encrypt a transmission,
- Failing to fully authenticate a remote system before transferring data,
- Leaving open otherwise secured access points,
- Accessing malicious code that opens a back door,
- Misrouted faxes,
- Documents left on printers, or
- Even walking away from an access terminal while data is displayed on the monitor
Countermeasures
- Encryption,
- Network traffic padding,
- Access control,
- Rigorous authentication procedures,
- Data classification, and
- Extensive personnel training
No comments:
Post a Comment