An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):
Click on the arrows to vote for the correct answer
A. B. C. D.C.
An inside attack is an attack initiated by an entity inside the security perimeter, an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization whereas an outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system.
An active attack attempts to alter system resources to affect their operation and a passive attack attempts to learn or make use of the information from the system but does not affect system resources.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
The correct answer to the question is option C: inside attack.
An inside attack is a type of cyber attack that is initiated by an individual or group with authorized access to the system or network, but uses that access to compromise the security of the system. The attacker may be an employee, a contractor, a vendor, or anyone else who has legitimate access to the system.
The main characteristic of an inside attack is that the attacker has already gained some level of trust and access to the system, making it easier for them to carry out the attack. This type of attack is also sometimes referred to as an insider threat.
Examples of inside attacks include:
Malicious insiders: These are employees or contractors who intentionally breach security protocols to cause harm to the organization. They may steal sensitive data, plant malware, or disrupt critical systems.
Careless insiders: These are individuals who inadvertently cause a security breach due to negligence or lack of awareness. They may leave their workstation unlocked, share their login credentials, or fall for a phishing scam.
Third-party vendors: These are companies that provide services to the organization and have access to its systems. A vendor may accidentally or intentionally compromise the organization's security, either through negligence or malice.
In contrast, an outside attack is initiated by an entity that does not have authorized access to the system or network. Active attacks involve attempts to modify or disrupt the normal operation of a system, while passive attacks involve attempts to gather information without modifying or disrupting the system.
Therefore, option C, inside attack, is the most appropriate answer to the question.