Ch12: Threats and Vulnerabilities

What type of software is typically used to perform eavesdropping on an Ethernet network?

A packet sniffer or packet capture utility. When combined with software to decode the frames, these can also be called packet analyzers or network monitors.

An attacker crafts an email addressed to a senior support technician inviting him to register for free football coaching advice. The website contains password-stealing malware.What is the name of this type of attack?

A phishing attack tries to make users authenticate with a fake resource, such asa website that appears to be a genuine online banking portal. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing, because it is specifically targeted at a single person, using personal information known about the subject (such as his or her hobbies).

With what type of threat is a "zero day" associated?

A zero day is a type of software exploit. You could also say that it is associated with hacking and malware threats. The term arises because an attacker has found a means of exploiting a vulnerability in the software before the software developer has been able to create a patch or fix for the vulnerability.

What attack might be launched to eavesdrop on all communications passing over a local network segment?

Address Resolution Protocol (ARP) poisoning or spoofing. This is a type of Man-in-the-Middle attack.

An attacker learns that a system policy causes passwords to be configured with a random mix of different characters but that are only five characters in length.What type of password cracking attack would work best here?

Brute force attacks are effective against short passwords (under seven characters). Dictionary attacks depend on users choosing ordinary words or phrases in a password.

What is the difference between a DoS and a DDoS attack?

Denial of Service (DoS) is any type of attack that halts or disrupts a network application or resource. A Distributed Denial of Service (DDoS) is a specific class of DoS attack. It means that the attacker uses multiple hosts to launch the attack. The distributed hosts are usually PCs and other devices (zombies)compromised by malware (bots) controlled by the attacker.

What is the difference between tailgating and shoulder surfing?

Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means observing someone type a PIN or password or other confidential data.

What do all types of social engineering attack have in common?

Many different of attacks can be classed as a type of social engineering, but they all exploit some weakness in the way people behave (through manipulation and deception). These weaknesses might arise from politeness and cultural norms, from habitual behavior, or from respect for authority and rank.