Phishing

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

ARP

Address Resolution Protocol Resolves IP Addresses to MAC addresses

Transitive access

An attack that exploits the trust relationship between parties by attacking client side of network

ARP poisoning

Attacker modifies MAC address in ARP cache to point to different computer used to redirect traffic **ARP Cache**

DNS

Domain Name Service/Domain Name Server/Domain Name System -a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network.

Spim

Spam over instant messaging

VOIP

Voice over internet protocol Voice over Internet Protocol - making a phone call over the internet

Malicious insider threat

a trusted user abuses his rights to compromise the organization's security fraud, theft, or sabotage that comes from people within the organization

Spear phishing

an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. -Targets particular audience.

Hybrid attacks

attack against password in which more than one attack is used to break password.

Client side attack

attack that involves using flaws in a client operating systems (e.g. Windows XP, Windows 8)

Privilege escalation

escalating privileges makes a regular account into an administrator account -changes permissions

Birthday attack

exploit weaknesses mathematical algorithms that are used to generate hashes -takes advantage of the probability of different inputs producing same encryption outputs. -seek to randomly generate password.

brute force attack

guessing character after character of a password to gain access

pharming attack

host files attacked to redirect traffic Similiar to DNS poisoning but modifies host file on client OS **host files**

DNS poisoning

person attacks DNS tables and changes IP addresses and redirects traffic to other sites of interest. -DNS addresses corrupted **DNS Tables/Cache**

Watering hole attack

planting malware on websites that are frequently visited.

Rainbow tables

precompiled set of plain texts matching cypher texts used to match cypher text to access system.

URL hijacking/typo squating

register names similar names of websites, so they can capture information or eavesdrop when accidentally typing in wrong URL.

Xmas attack

routers are overwhelmed with packets on which selected protocol is selected -require more processing -denial of service attack -often used to figure out protocol settings

vishing

social engineer attack over telephone or VOIP.

Phishing

social engineering attack via emails. -aim to get confidential data -not targeted to a particular audience

Transitive access attack

takes advantage of Transitive access given in order to steal or destroy data **look up**

dictionary attack

will gather information about person and put it in a dictionary to run against a system to break password

Password attacks

-brute force attack -dictionary attack -hybrid attacks -birthday attack -rainbow tables -URL hijacking/typo squating -Watering hole attack


Ensembles d'études connexes

Questions - OS Hardening & Virtualization

View Set

Establishing the Total Marketing

View Set