Week 3: Lec Activity 2 - M199205zn/IAS-CS4 GitHub Wiki

Laboratory Activity: Analyzing Security Attacks and Mechanisms

Objective:
Understand the differences between passive and active attacks, analyze their impacts, and suggest appropriate security mechanisms to prevent or mitigate these attacks.

Instructions:

  1. Part 1: Categorizing Attacks
    Below are several scenarios. Categorize each as either a passive attack or an active attack, and explain your reasoning.

    Scenarios:

    • A hacker monitors unencrypted network traffic to gather login credentials.
    • An attacker floods a website with requests, causing it to crash.
    • A malicious actor intercepts and alters the details of a financial transaction between two parties.
    • An unauthorized user reads sensitive files from a shared folder without making changes.
    • An attacker reuses a captured session token to impersonate a legitimate user.

  2. Part 2: Impact Analysis
    For each scenario above, analyze the following:

    • What aspect of security is violated (Confidentiality, Integrity, Authentication, or Availability)?
    • What potential damage or consequences could occur as a result of the attack?

  3. Part 3: Security Mechanism Suggestions
    Propose a security mechanism to prevent or mitigate each scenario. Choose from options like encryption, firewalls, multi-factor authentication, intrusion detection systems, etc.