An access attack is an attempt to access another user account or network device through improper, unauthorized means. Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. After gaining access to your network with a valid account, an attacker can obtain lists of valid user and computer names and network information, modify server and network configurations, including access controls and routing tables, and modify, reroute, or delete your data.
There are many attacks which can lead to a system being compromised, and allowing the attacker to gain unauthorized access to the system. The following are some prominent types of attacks:
- Password attack is typically used to obtain system access. When access is obtained, the attacker is able to read, modify, or delete data, and add, modify, or remove network resources. For example, tools like “John the ripper,” and “Cain and Abel” are password cracker tools.
- Spoofing/masquerading attack is a situation in which one person or program successfully masquerades as another by falsifying data and gaining illegitimate access.
- Session hijacking is an attack in which the session established by the client to the server is taken over by a malicious person or process.
- Malware is used to infect the victim’s system with malicious software.