Phishing
ARP
Address Resolution Protocol Resolves IP Addresses to MAC addresses
Transitive access
An attack that exploits the trust relationship between parties by attacking client side of network
ARP poisoning
Attacker modifies MAC address in ARP cache to point to different computer used to redirect traffic **ARP Cache**
DNS
Domain Name Service/Domain Name Server/Domain Name System -a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
Spim
Spam over instant messaging
VOIP
Voice over internet protocol Voice over Internet Protocol - making a phone call over the internet
Malicious insider threat
a trusted user abuses his rights to compromise the organization's security fraud, theft, or sabotage that comes from people within the organization
Spear phishing
an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. -Targets particular audience.
Hybrid attacks
attack against password in which more than one attack is used to break password.
Client side attack
attack that involves using flaws in a client operating systems (e.g. Windows XP, Windows 8)
Privilege escalation
escalating privileges makes a regular account into an administrator account -changes permissions
Birthday attack
exploit weaknesses mathematical algorithms that are used to generate hashes -takes advantage of the probability of different inputs producing same encryption outputs. -seek to randomly generate password.
brute force attack
guessing character after character of a password to gain access
pharming attack
host files attacked to redirect traffic Similiar to DNS poisoning but modifies host file on client OS **host files**
DNS poisoning
person attacks DNS tables and changes IP addresses and redirects traffic to other sites of interest. -DNS addresses corrupted **DNS Tables/Cache**
Watering hole attack
planting malware on websites that are frequently visited.
Rainbow tables
precompiled set of plain texts matching cypher texts used to match cypher text to access system.
URL hijacking/typo squating
register names similar names of websites, so they can capture information or eavesdrop when accidentally typing in wrong URL.
Xmas attack
routers are overwhelmed with packets on which selected protocol is selected -require more processing -denial of service attack -often used to figure out protocol settings
vishing
social engineer attack over telephone or VOIP.
Phishing
social engineering attack via emails. -aim to get confidential data -not targeted to a particular audience
Transitive access attack
takes advantage of Transitive access given in order to steal or destroy data **look up**
dictionary attack
will gather information about person and put it in a dictionary to run against a system to break password
Password attacks
-brute force attack -dictionary attack -hybrid attacks -birthday attack -rainbow tables -URL hijacking/typo squating -Watering hole attack