Page 1033 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1033
Understanding Access Control Attacks
As mentioned in Chapter 13, one of the goals of access control is to
prevent unauthorized access to objects. This includes access into any
information system, including networks, services, communications
links, and computers, and unauthorized access to data. In addition to
controlling access, IT security methods seek to prevent unauthorized
disclosure and unauthorized alteration, and to provide consistent
availability of resources. In other words, IT security methods attempt
to prevent loss of confidentiality, loss of integrity, and loss of
availability.
Security professionals need to be aware of common attack methods so
that they can take proactive steps to prevent them, recognize them
when they occur, and respond appropriately. The following sections
provide a quick review of risk elements and cover some common
access control attacks.
While this section focuses on access control attacks, it’s important to
realize that there are many other types of attacks, which are covered in
other chapters. For example, Chapter 6, “Cryptography and Symmetric
Key Algorithms,” covers various cryptanalytic attacks.
Crackers, Hackers, and Attackers
Crackers are malicious individuals who are intent on waging an
attack against a person or system. They attempt to crack the
security of a system to exploit it, and they are typically motivated
by greed, power, or recognition. Their actions can result in loss of
property (such as data and intellectual property), disabled systems,
compromised security, negative public opinion, loss of market
share, reduced profitability, and lost productivity. In many
situations, crackers are simply criminals.
In the 1970s and 1980s, hackers were defined as technology
enthusiasts with no malicious intent. However, the media now uses
the term hacker in place of cracker. Its use is so widespread that
