Difference between revisions of "Attack"
From MgmtWiki
(→Full Title or Meme) |
(→Models) |
||
| Line 4: | Line 4: | ||
==Models== | ==Models== | ||
Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system: | Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system: | ||
| − | + | * Online/offline guessing (repeatedly trying out the credentials or keys) | |
| − | + | * Credential duplication (copy of credentials and their keys) | |
| − | + | * Phishing (interception of credentials via fake websites/emails and social manipulation) | |
| − | + | * Eavesdropping | |
| − | + | * Replay attack (reuse of recorded messages) | |
| − | + | * Session hijacking | |
| − | + | * Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counterparty) | |
| − | to be the respective | + | * Credential theft |
| − | + | * Spoofing and masquerading | |
| − | |||
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] | ||
Revision as of 11:23, 19 January 2024
Full Title or Meme
A program that attempts to exploit a Vulnerability
Models
Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system:
- Online/offline guessing (repeatedly trying out the credentials or keys)
- Credential duplication (copy of credentials and their keys)
- Phishing (interception of credentials via fake websites/emails and social manipulation)
- Eavesdropping
- Replay attack (reuse of recorded messages)
- Session hijacking
- Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counterparty)
- Credential theft
- Spoofing and masquerading
