Chapter 3 Malicious attacks, threats and Vulnerabilities.
Promiscuous mode
means it is nonintrusive and does not generate network traffic
intellectual property
Sensitive data like patents, source code, formulas, or engineering plans
Backdoor
Software developers sometimes include hidden access methods in their programs, called backdoors. Backdoors give developers or support personnel easy access to a system, without having to struggle with security controls
Spyware
Spyware is a type of malware that specifically threatens the confidentiality of information. It gathers information about a user through an Internet connection without his or her knowledge. Spyware is sometimes bundled as a hidden component of freeware or shareware programs that users download from the Internet, similar to a Trojan horse
Netcat
The netcat utility is one of the most popular backdoor tools in use today.
Smurfing
The smurf attack uses a directed broadcast to create a flood of network traffic for the victim computer
True downtime cost
aka opportunity cost
Protocol analyzer
aka packet sniffer
RootKit
are malicious software programs designed to be hidden from normal methods of detection. They allow an attacker to gain access to a computer system. Rootkits are installed by attackers once they obtain root or system administrator access privileges. Rootkits commonly include backdoors. Traditional rootkits replace critical programs to give attackers backdoor access and enable them to hide on the host system. Because they replace system software components, rootkits can be more powerful than application-level Trojan horse backdoors
Wiretapping
attackers can also use wiretapping to intercept data communications. When referring to the interception of data communications, however, the more commonly used term is sniffing (although sniffing extends beyond simple wiretapping to include intercepting wireless transmissions).
Adware
gathers information about a user through an Internet connection without his or her knowledge, but it does not transmit personally identifiable information
Intrusive penetration testing
generates malicious network traffic. Penetration testing is what a black-hat or white-hat hacker performs to penetrate a computer system or IP host device. This can lead to gaining system access as well as access to data
Dictionary password attack
hackers try shorter and simpler combinations, including actual words (hence the name), because such passwords are so common.
Cracker
has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources
Personally identifiable information PII
include driver's license numbers, Social Security numbers, credit card numbers, and so on.
Replay attack
involve capturing data packets from a network and retransmitting them to produce an unauthorized effect. The receipt of duplicate, authenticated IP packets may disrupt service or have some other undesired consequence.
Wardialer
is a computer program that dials telephone numbers, looking for a computer on the other end. The program works by automatically dialing a defined range of phone numbers.
Gray Hat hacker
is a hacker with average abilities who may one day become a black-hat hacker, but could also opt to become a white-hat hacker.
Phreaking
is a slang term that describes the activity of a subculture of people who study, experiment with, or explore telephone systems, telephone company equipment, and systems connected to public telephone networks. Phreaking is the art of exploiting bugs and glitches that exist in the telephone system
Operating system fingerprint scanner
is a software program that allows an attacker to send logon packets to an IP host device. These logon packets mimic various operating systems used in workstations, servers, and network devices. When an IP host device responds to these logon packets, then the OS fingerprint scanner can guess what operating system is installed on the device
Packet sniffer
is a software program that enables a computer to monitor and capture network traffic. This can be either a wired LAN or a wireless LAN. Attackers can capture and compromise passwords and cleartext data.
Vulnerability scanner
is a software program that is used to identify and detect what operating system and software is installed on an IP host device (i.e., computer, server, router, etc.). From this information, a vulnerability scanner compares known software vulnerabilities in its database with what it has just found
Port scanner
is a tool used to scan IP host devices for open ports that have been enabled. A port is like a channel selector switch in the IP packet.used to identify open ports or applications and services that are enabled on the IP host device
Hijacking
is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them
Phishing
is a type of fraud in which an attacker attempts to trick the victim into providing private information such as credit card numbers, passwords, dates of birth, bank-account numbers, automated teller machine (ATM) PINs, and Social Security numbers. Via email and IM
keystroke logger
is a type of surveillance software or hardware that can record every keystroke a user makes with a keyboard to a log file. The keystroke logger can then send the log file to a specified receiver or retrieve it mechanically. Employers might use keystroke loggers to ensure that employees use work computers for business purposes only. However, spyware can also embed keystroke logger software, enabling it to transmit information to an unknown third party. Can also be done by social engineering.
Exploit Software
is an application that incorporates known software vulnerabilities, data, and scripted commands to "exploit" a weakness in a computer system or IP host device. It is a program that can be used to carry out some form of malicious intent. This includes things like a denial of service attack, unauthorized access, brute-force password attack, or buffer overflow
Pharming
is another type of attack that seeks to obtain personal or private financial information through domain spoofing. A pharming attack doesn't use messages to trick victims into visiting spoofed Web sites that appear legitimate, however. Instead, pharming uses domain spoofing, "poisoning" a domain name system (DNS) server
Cookie
is simply a text file that contains details gleaned from past visits to a Web site. These details might include the user's username, credit card information the user has entered, and so on
Malware
its purpose is to damage or disrupt a business
Security Incident Response Team SIRT
know how to recognize incidents and respond to them in a way that minimizes damage and preserves evidence for later action
Masquerade attack
one user or computer pretends to be another user or computer. Masquerade attacks usually include one of the other forms of active attacks, such as IP address spoofing or replaying. Attackers can capture authentication sequences and then replay them later to log on again to an application or operating system
SYN flood
packet flood
Password cracker
password cracking is to uncover a forgotten or unknown password
Session Hijacking
the attacker attempts to take over an existing connection between two network computers. The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection.
Man in the middle
the attacker uses a program to take control of a connection by masquerading as each end of the connection. For example, if Mary and Fred want to communicate, the attacker pretends to be Mary when talking with Fred and pretends to be Fred when talking to Mary. Neither Mary nor Fred knows they are talking to the attacker. The attacker can collect substantial information and can even alter data as it flows between Mary and Fred