*** Welcome to piglix ***

Attack (computing)


In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.

Internet Engineering Task Force defines attack in RFC 2828 as:

CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America defines an attack as:

The increasing dependencies of modern society on information and computers networks (both in private and public sectors, including military) has led to new terms like cyber attack and cyberwarfare.

CNSS Instruction No. 4009 define a cyber attack as:

An attack can be active or passive.

An attack can be perpetrated by an insider or from outside the organization;

The term "attack" relates to some other basic security terms as shown in the following diagram:

A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the confidentiality, integrity or availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).

The so-called CIA triad is the basis of information security.

The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises confidentiality.


...
Wikipedia

...