What is an Attack Vector?

An attack vector is a mode of entry into a computer or networked system, allowing a person with malicious intent to damage, control, or otherwise interfere with operations. Much like disease vectors, attack vectors act as carriers, in this case for malicious code and other activities designed to cause harm to a computer system. There are a range of different vectors and as new developments in computing are made, especially online, additional vectors emerge; for example, really simple syndication (RSS) can act as an attack vector for people who want to hijack a feed to implant malicious code in it.

There are several ways people can exploit an attack vector. One is with programming. If people can identify a weakness in a system and program something to take advantage of it, they can successfully enter the system and cause damage. This can include everything from poor security to necessary security holes, like the ability to receive attachments in email. Programmers also take advantage of things like websites with scripts. Since many browsers are designed to run all scripts automatically, it is very easy to insert a malicious script into a page to attack a user unaware.

Other hackers and crackers use deception as their method for getting into a system. In this case, the attack vector is something a person comes into contact with. People can use tactics like conversations in instant messaging, deceptive emails, and websites constructed to look like something else to get people to give up information or compromise their networks. A classic example of deception is an ominous email purporting to be from someone's bank, directing the customer to log in right away and providing a link to a page designed to look like the bank's site. An unwary customer may enter a username and password, unwittingly entering it into the hacker's database.

As new attack vectors are identified, computer security professionals work on making computing safer. Some security firms hire hackers and crackers to develop and test new exploits, with the goal of thinking like the people who will take advantage of an attack vector. Highly skilled hackers can potentially command high fees for their services in the private sector and may have an opportunity to work on the cutting edge of computer security and development, a potentially appealing challenge.

Developers also try to think ahead of time about how products in development could be used as attack vectors. Programmers designing a new instant messaging program, for example, might think about ways to authenticate users to allow people to confirm identities, or might set up a blacklist of dangerous known users and IP addresses so these individuals cannot contact innocent users on the network.