Upload
hafiza-abas
View
248
Download
0
Embed Size (px)
Citation preview
Access Control Attacks
Access Control and Perimeter
Prepared by: Hong Kim Sheng
1
Agenda
In this session, we will discuss about the types of
access control attacks:
• Man-in-the Middle Attack
• Brute Force / Frequency Analysis Attack
• Trojan Horse Attack
Page 2
Introduction to
Access Control Attacks
3
Access Control Attacks
- Attackers intrude into the systems to
monitor/override/perform/records an activities.
- Gain unauthorized access to perform criminal activities on target
system.
- May intentionally cause damage to victim’s system depending on the
purpose of an attacks.
Man-in-the MiddleNormal Traffic Pattern
4
5
Man-in-the MiddleUnusual Traffic Pattern
Data Leakage and
Information Breach
6
Data Leakage
- Personal bank account
- Photos and Videos
- Documentations
Information Breach
- Customer Details
- Security policy
- Company strategy
Unauthorized Access
7
Unauthorized Access
- Account being hacked
- Illegal Activities
- System Vulnerability
- Spyware
- Virus
Brute Force
8
Brute Force Attacks
- Trying every possibility or conbinations on the text
to decrypt the possibilities of the ciphertext
- Often used to decrypt an encrypted text to reveal the
plaintext of the messages
- E.g 2 Letter combination will be
AA,AB,AC,AD,AE,AF until AZ and continued with
ZA,ZB. The brute force efforts will be permutations
of 26 letter of alphabets.
Frequency Analysis
Page 9
Monoalphabetic
Ciphertext
Page 10
- Mono alphabetic cipher is a technique where each letters are
substituted with another alphabets where the keys used for
encryption and decryption.
Page 11
Trojan Horse
Trojan Horse
• A program that is maliciously harmful to gain access or control to cause
damages such as ruining the file allocation on the hard disk
• Often harmful attacks may cause big impacts on stored data or informations
through modification or deletion of files, data corruption, formatting hard
disks or destroying contents, spread viruses across networks or spy activities
to gain access into sensitive informations. E.g customer data, bank account
details, personal informations.
Page 12
Thank You
13