Intro to Cybersecurity - Chapters 2 & 3 (Cisco Networking Academy)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

SEO Poisoning

A malicious user could use SEO to make a malicious website appear higher in search results. The main goal is to increase traffic to malicious sites that may host malware or perform social engineering. Attackers take advantage of popular search terms.

MitM

Allows the attacker to take control over a device without the user's knowledge. The attacker can then intercept and capture user information before relaying it to its intended destination.

Network sniffing

By listening and capturing packets sent on the network, an attacker may be able to discover the password if the password is being sent unencrypted.

Encryption

Converting information into a form where an unauthorized part can't read it

Scareware

Designed to persuade the user to take an action based on fear. It forges pop-up windows that resemble operating system dialogue windows.

Types of biometric scans

Fingerprint, palm print, facial recognition, and voice recognition

Search Engine Optimization (SEO)

Improves a website's ranking by a search engine

Buffers

Memory areas allocated to an application

Buffer overflow

Occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges.

OAuth 2.0

Open Standard protocol that allows an end user's credentials to access third party applications without exposing the user's password. OAuth acts as the middle man to device whether to allow end users access to third party applications.

DDoS attacks

Originates from multiple, coordinated sources

2 types of DoS attacks

Overwhelming Quantity of Traffic and Maliciously Formatted Packets

Types of social engineering

Pretexting, tailgating, and something for something (quid pro quo).

DoS attacks

Results in an interruption of network service to users, device, or application

Methods of password cracking

Social engineering, brute force attacks, and networking sniffing

MitMo

Takes over mobile devices. The device can be instructed to exfiltrate user-sensitive information and send it to attackers.

Non-validated input

The data coming into a program could have malicious content.

Blended Attack

They use multiple technologies to compromise a target. This way, attackers have malware that's a hybrid of worms, trojan horses, spyware, keyloggers, spam, and phishing schemes.

Maliciously Formatted Packets

When a maliciously formatted packet is sent to host or application and the receiver is unable to handle it.

Overwhelming Quantity of Traffic

When a network, host, or application, is sent an enormous quantity of data at a rate which it can't handle, causing a slowdown in transmission or response, or a crash of a device or service.

Pretexting

When an attacker calls an individual and lies in an attempt to gain access to privileged data.

Tailgating

When an attacker quickly follows an authorized person into a secure location.

Something for Something (Quid pro quo)

When an attacker requests personal information from a party in exchange for something.

Race conditions

When the output of an event depends on ordered or timed outputs. They become a vulnerability when the required, ordered, or timed event doesn't occur in the correct order or proper timing.


Ensembles d'études connexes

human anatomyChapter 8: Appendicular Skeleton Part 1 - PECTORAL GIRDLE & UPPER LIMB

View Set

Advanced Chemistry: Lab Safety Quiz Study Guide

View Set

Prep U: Chapter 65 Managment of patients with oncologic or degenerative neurologic disorders.

View Set

A&P II - Reproductive System - Exam

View Set

Organizational Behavior: The Foundation of an Organization

View Set

OT Poetry- Wisdom Testament Test

View Set