What is Information Security?CHAPTER 1 9 on the attack in question,we might argue for it to be included in more than one category,or have more than one type of effect INTERCEPTION Interception attacks allow unauthorized users to access our data.applica tions,or environments,and are primarily an attack against confidentiality. Inte erception might take the fo rm of unauthorized file vie ewing or copying phone conversations,or reading e-mail,and can be con data at rest or in motion.Properly executed,interception attacks can be very difficult to detect. INTERRUPTION Interruption attacks cause our assets to become unusable or unavailable for our use,on a temporary or permanent basis.Interruption attacks often affec availability but can be an attack on integrity as well.In the case of a DoS attack on a mail server,we would classify this as an availability attack.In the case of an attacker manipulating the processes on which a database runs in order e to te poleupom o mbination of the wo.We might alsc such a database attack to be a modific ation attack n an interruption atta MODIFICATION Modification attacks involve tar g with our asset.Such attacks might pri marily be considered attack.If ould also represent a vailability we access a file in an unautho orized manner and alter the data it con tains,we have affected the integrity of the data contained in the file.However if we consider the case where the file in question is a configuration file that manages how a particular service behaves,perhaps one that is acting as a Web server.we might affect the availability of that service by changing the con- tents of the file if we continue with this concept and say the configuration we altered in the file for our web se er is one that alters ho the s rver deals with encrypted con ould even ake this entiality attack. FABRICATION Fabrication attacks involve generating data,processes,communications,or other similar activities with a syste attacks ty bu could be considered an availabili attack well.If we gen mation in a database,this would be considered to be a fabrication attack.We could also generate e-mail,which is commonly used as a method for propagat ing malware,such as we might find being used to spread a worm.In the sense of an availability attack,if we generate enough additional processes,network traf fic,e-mail,Web traffic,or nearly anything else that consumes resources,we can potentially render the service that handles such traffic unavailable to legitimate users of the system What is Information Security? CHAPTER 1 9 on the attack in question, we might argue for it to be included in more than one category, or have more than one type of effect. Interception Interception attacks allow unauthorized users to access our data, applica￾tions, or environments, and are primarily an attack against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be con￾ducted against data at rest or in motion. Properly executed, interception attacks can be very difficult to detect. Interruption Interruption attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an availability attack. In the case of an attacker manipulating the processes on which a database runs in order to prevent access to the data it contains, we might consider this an integrity attack, due to the possible loss or corruption of data, or we might consider it a combination of the two. We might also consider such a database attack to be a modification attack rather than an interruption attack. Modification Modification attacks involve tampering with our asset. Such attacks might pri￾marily be considered an integrity attack but could also represent an availability attack. If we access a file in an unauthorized manner and alter the data it con￾tains, we have affected the integrity of the data contained in the file. However, if we consider the case where the file in question is a configuration file that manages how a particular service behaves, perhaps one that is acting as a Web server, we might affect the availability of that service by changing the con￾tents of the file. If we continue with this concept and say the configuration we altered in the file for our Web server is one that alters how the server deals with encrypted connections, we could even make this a confidentiality attack. Fabrication Fabrication attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an availability attack as well. If we generate spurious infor￾mation in a database, this would be considered to be a fabrication attack. We could also generate e-mail, which is commonly used as a method for propagat￾ing malware, such as we might find being used to spread a worm. In the sense of an availability attack, if we generate enough additional processes, network traf￾fic, e-mail, Web traffic, or nearly anything else that consumes resources, we can potentially render the service that handles such traffic unavailable to legitimate users of the system