Impersonation
Impersonation is a disguise. In terms of communications security issues, an impersonation is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for.
Impersonation may be attempted through the use of stolen login IDs and passwords, through finding security gaps in programs, or through bypassing the authentication mechanism. The attempt may come from within an organization, for example, from an employee;or from an outside user through some connection to the public network. Weak authentication provides one of the easiest points of entry since it makes it much easier for an attacker to gain access.
Once the attacker has been authorized for entry, they may have full access to the organization’s critical data, and (depending on the privilege level they pretend to have) may be able to modify and delete software and data, and make changes to network configuration and routing information.
Categories
- Spoofing
- Hijacking
Matrix techniques
- VPN tunneling
- Trusted third party
- Reverse RDP tunnel
- Certificate impersonation
- Domain spoofing
- ARP spoofing