Chapter 3 Malicious attacks, threats and Vulnerabilities.

¡Supera tus tareas y exámenes ahora con Quizwiz!

Promiscuous mode

means it is nonintrusive and does not generate network traffic

intellectual property

Sensitive data like patents, source code, formulas, or engineering plans

Backdoor

Software developers sometimes include hidden access methods in their programs, called backdoors. Backdoors give developers or support personnel easy access to a system, without having to struggle with security controls

Spyware

Spyware is a type of malware that specifically threatens the confidentiality of information. It gathers information about a user through an Internet connection without his or her knowledge. Spyware is sometimes bundled as a hidden component of freeware or shareware programs that users download from the Internet, similar to a Trojan horse

Netcat

The netcat utility is one of the most popular backdoor tools in use today.

Smurfing

The smurf attack uses a directed broadcast to create a flood of network traffic for the victim computer

True downtime cost

aka opportunity cost

Protocol analyzer

aka packet sniffer

RootKit

are malicious software programs designed to be hidden from normal methods of detection. They allow an attacker to gain access to a computer system. Rootkits are installed by attackers once they obtain root or system administrator access privileges. Rootkits commonly include backdoors. Traditional rootkits replace critical programs to give attackers backdoor access and enable them to hide on the host system. Because they replace system software components, rootkits can be more powerful than application-level Trojan horse backdoors

Wiretapping

attackers can also use wiretapping to intercept data communications. When referring to the interception of data communications, however, the more commonly used term is sniffing (although sniffing extends beyond simple wiretapping to include intercepting wireless transmissions).

Adware

gathers information about a user through an Internet connection without his or her knowledge, but it does not transmit personally identifiable information

Intrusive penetration testing

generates malicious network traffic. Penetration testing is what a black-hat or white-hat hacker performs to penetrate a computer system or IP host device. This can lead to gaining system access as well as access to data

Dictionary password attack

hackers try shorter and simpler combinations, including actual words (hence the name), because such passwords are so common.

Cracker

has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources

Personally identifiable information PII

include driver's license numbers, Social Security numbers, credit card numbers, and so on.

Replay attack

involve capturing data packets from a network and retransmitting them to produce an unauthorized effect. The receipt of duplicate, authenticated IP packets may disrupt service or have some other undesired consequence.

Wardialer

is a computer program that dials telephone numbers, looking for a computer on the other end. The program works by automatically dialing a defined range of phone numbers.

Gray Hat hacker

is a hacker with average abilities who may one day become a black-hat hacker, but could also opt to become a white-hat hacker.

Phreaking

is a slang term that describes the activity of a subculture of people who study, experiment with, or explore telephone systems, telephone company equipment, and systems connected to public telephone networks. Phreaking is the art of exploiting bugs and glitches that exist in the telephone system

Operating system fingerprint scanner

is a software program that allows an attacker to send logon packets to an IP host device. These logon packets mimic various operating systems used in workstations, servers, and network devices. When an IP host device responds to these logon packets, then the OS fingerprint scanner can guess what operating system is installed on the device

Packet sniffer

is a software program that enables a computer to monitor and capture network traffic. This can be either a wired LAN or a wireless LAN. Attackers can capture and compromise passwords and cleartext data.

Vulnerability scanner

is a software program that is used to identify and detect what operating system and software is installed on an IP host device (i.e., computer, server, router, etc.). From this information, a vulnerability scanner compares known software vulnerabilities in its database with what it has just found

Port scanner

is a tool used to scan IP host devices for open ports that have been enabled. A port is like a channel selector switch in the IP packet.used to identify open ports or applications and services that are enabled on the IP host device

Hijacking

is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them

Phishing

is a type of fraud in which an attacker attempts to trick the victim into providing private information such as credit card numbers, passwords, dates of birth, bank-account numbers, automated teller machine (ATM) PINs, and Social Security numbers. Via email and IM

keystroke logger

is a type of surveillance software or hardware that can record every keystroke a user makes with a keyboard to a log file. The keystroke logger can then send the log file to a specified receiver or retrieve it mechanically. Employers might use keystroke loggers to ensure that employees use work computers for business purposes only. However, spyware can also embed keystroke logger software, enabling it to transmit information to an unknown third party. Can also be done by social engineering.

Exploit Software

is an application that incorporates known software vulnerabilities, data, and scripted commands to "exploit" a weakness in a computer system or IP host device. It is a program that can be used to carry out some form of malicious intent. This includes things like a denial of service attack, unauthorized access, brute-force password attack, or buffer overflow

Pharming

is another type of attack that seeks to obtain personal or private financial information through domain spoofing. A pharming attack doesn't use messages to trick victims into visiting spoofed Web sites that appear legitimate, however. Instead, pharming uses domain spoofing, "poisoning" a domain name system (DNS) server

Cookie

is simply a text file that contains details gleaned from past visits to a Web site. These details might include the user's username, credit card information the user has entered, and so on

Malware

its purpose is to damage or disrupt a business

Security Incident Response Team SIRT

know how to recognize incidents and respond to them in a way that minimizes damage and preserves evidence for later action

Masquerade attack

one user or computer pretends to be another user or computer. Masquerade attacks usually include one of the other forms of active attacks, such as IP address spoofing or replaying. Attackers can capture authentication sequences and then replay them later to log on again to an application or operating system

SYN flood

packet flood

Password cracker

password cracking is to uncover a forgotten or unknown password

Session Hijacking

the attacker attempts to take over an existing connection between two network computers. The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection.

Man in the middle

the attacker uses a program to take control of a connection by masquerading as each end of the connection. For example, if Mary and Fred want to communicate, the attacker pretends to be Mary when talking with Fred and pretends to be Fred when talking to Mary. Neither Mary nor Fred knows they are talking to the attacker. The attacker can collect substantial information and can even alter data as it flows between Mary and Fred


Conjuntos de estudio relacionados

CHAPTER 18 Newborn at Risk: Conditions Present at Birth

View Set

Chapter 6 - Lab: Overview of the Skeleton

View Set

Your Rights: Personal Privacy QUIZ

View Set

CYBR1-Domain 5.0 Review MC-Format (N10-008) (101)

View Set

Hinkle Chapter 28: Management of Patients with Structural, Infectious and Inflammatory Cardiac Disorders

View Set

Lesson 1 - French Wars of Religion Unit 6

View Set

What is your name? and Where are you from?

View Set

Public speaking and Presentations

View Set

NCLEX FUNDAMENTALS OF NURSING: Perioperative PART 2

View Set