Security Chapter 2
Physical security threat and vulnerability
Description
Natural
Although natural threats are easy to overlook, they can pose a significant threat to the physical security of a facility. Tornadoes.
Clickjacking
An attack that tricks a user into clicking an unintended link. The attacker uses a combination of visible and invisible HTML frames to fool the use into thinking what they are clicking is what's visible, when in fact the invisible link is layered on top of or beneath the visible frame. This happens when a user is going through a fraudulent networking site or a site that has been hijacked by an attacker.
Session hijacking attack
Involves exploiting a computer in session to obtain unauthorized access to an organization's network or services.
Near Field Commnication
Is a standard of communication between mobile devices like smartphones and tablets in very close proximity, usually when touching or being only a few inches apart from each other.
Peer to peer (P2P) attacks
Launched by malware propagating through P2P networks. Shared command and control architecture, making it harder to detect an attack. Can be used to launch huge DoS attacks. Van be compromised by malware such as viruses and Trojans. Control all these compromised computers to launch a DDoS attack.
Physical Security
To the implementation and practice of various control mechanisms that are intended to restrict physical access to facilities. 1) Facilities intrusions 2) Electrical grid failures 3) Fire 4) Personnel illnesses 5) Data Network interruptions.
Rootkits
code that intended to take full or partial control of a system at the lowest levels. Attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a system.
VoIP
a technology that enables you to deliver telephony information over IP network. Voice information that is sent over the IP network in digital form in packets, as compared to the implementation on the Public switched Telephone Network (PSTN )
War Driving Tools
NetStumbler Kismet Aircrack
Physical Network Address
Packets based on a unique physical address that is individually assigned to every network adapter board by the adapter's manufacturer. No two network adapters in the world are supposed to have the same physical address.
Sinkhole Attacks
Take advantage of routing on a wireless network by creating a single node through which all traffic goes. Individual node is able to trick the other nodes into redirecting their traffic.
White Hat
hacker who discovers and exposes security flaws in applications and operating system so that manufacturers can fix them before they become widespread problems. Professional basis. Working for security organization or a system manufacturer. Ethical hack.
Takeover Attack
in which an attacker assumes complete control over a system.
Jamming
Also called interference, is an attack in which radio waves disrupt 802.11 wireless signals.
Tailgating
Also know as piggy backing, this is a human-based attack where the attacker will slip in through a secure area following a legitimate employee. The only way to prevent this type of attack is by installing a good access control mechanism and to educate users not to admit unauthorized personnel.
Packet Sniffing
Can be used as an attack on wireless network where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.
Internal
It is important to aways consider what is happening inside an organization, especially when physical security is concerned. Disgruntled employee
URL Shortening service
Makes it easier to share links on social networking sites by abbreviating the Uniform Resource Locators. Creates a vulnerability that attackers can exploit because the shortened URL hides the true target of the link. User may be directed to a fraudulent site that is a source of malware or other threats.
Logic Bombs
A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. detonates and performs whatever actions it was programmed to do.
Ransomware
increasingly popular variety of malware in which an attacker infects a victim's computer with code that restricts the victim's access to their computer or the data on it. Demands a ransom be paid.
Black hat
is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. not break directly into systems they way attackers do, widely publicizing security flaws can potentially cause financial or other damage to an organization.
Worms
malware that, like a virus, replicates itself across the infected system. It doesn't attach itself to other programs or files. Worms that do carry payloads often turn computers into remote zombies that an attacker can use to launch other attacks from.
Spoofing
This is a human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occure in Internet Protocol (IP) addresses, network adapter hardware (Media Access Control (MAC) addresses, and emails. If employed in email, various email meddage headers are changed to conceal the originator's identity
Password stealer
A type of software that, when installed on a system, will be able to capture all the passwords and user names interred into the instant messaging application or social network site that it was designed for. This information is send back to the attacker who can use it for fraudulent purposes.
War driving and war chalking
Act of searching for instances of wireless networks using tracking devices suck as smartphones, tablets or laptops. War Chalking act of using symbols to mark up a sidewalk or wall to indicate the presence and status f a nearby wireless network
Armored Virusest
That they attempt to trick or shield themselves from antivirus software and security professionals. to fool antivirus software, an armorvirus is able to obscure its true location in the system and lead the software to believe that it resides elsewhere.
DoS Attacks include
1) Flooding a network link with data to consume all available bandwidth. 2) Sending data designed to exploit known flaws in an application. 3) Sending multiple service request to consume a system's resources. 4) Flooding a user's email inbox with spam messages, causing gunning messages to get bounced back to the sender.
Backdoor attacks
a type of software attack where an attacker creates a software mechanism called backdoor to gain access to a computer. Software utility or an illegitimate user account. Backdoor is delivered through use of a Trojan horse or other malware. Software typically listens for commands from the attacker on an open port. Often survives even after the initial intrusion has been discovered and resolved. can be difficult to spot. may not leave any obvious evidence behind.
Script Kiddie
an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.[3] However, the term does not relate to the actual age of the participant
Software Attacks
any attack against software resources, including operating systems, applications, protocols and files. Surreptitiously gain control of a computer so that the attacker can use that computer in the future, often for profit or further malicious activity.
Password Attack
any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. attacker can guess or steal passwords or crack encrypted password files.
Application Attacks
are software attacks that are targeted at web-based and other client-server applications. Source code disclosure or tampering. Network breaches. Attacks that specifically exploit the trust between a user and a server are called client side attacks.
Cyberterrorist.
attacker tries to disrupt computer systems in an attempt to spread dear and panic. Just as the definitions of terrorism is controversial, there is disagreement as to whether or not attacks on computer systems should be considered cybterrorism if they do not cause physical harm or damage to infrastructure.
Brute force attack
attacker uses password-cracking software to attempt every possible alphanumeric password combination.
Stealing
sniffing network communications, reading handwritten password notes, or observing a user in the act of entering a password
Adware
software that automatically displays or downloads unsolicited advertisements when it is used. often appears as a pop-up.
Reflected DoS attack
In reflected DoS and DDoS attacks, a forged source IP address is used when sending requests to a large number of computers. This causes those systems to send a reply to the target system, causing a DoS conditions.
Hackers
was a neutral term for a used who excelled at computer programming and computer system administrator.
Hardware attacks
An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling or smart card.
Evidence of a Malicious Code Attack
Corrupted applications, data files, and system files; unsolicited pop-up advertisements; counterfeit virus scan or software update notification, or reduced system performance or increase network traffic.
DoS Attack Type
Description
Wireless Relay Attack
Fine it easier to capture packets over a wireless network and replay the in order to manipulate the data stream. Can also be used in conjunction with an IV attack to successfully break weak encryption.
DDoS Attacks (Distributed Denial of service)
Is a type of DoS attack that uses multiple computers on disparate networks to launch that attack from many simultaneous sources. Attacker introduces unauthorized software that turns the computer into a zombie/drone that directs the computers to launch the attack. Host computers gots the zombies.
DoS Attacks
Network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means,
NOTE:
Notable P2P programs of the past are Napster, Kazaa, and LimeWire, all of which are now either defunct or no longer P2P.
UDP Flood (User Datagram Protocol)
The attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.
ICMP flood
This attack is based on sending high volumes of ICMP ping packets to a target. Common names for ICMP flood attacks are Smurf attacks and ping floods. Modern systems and networks are usually well-protected against these types of attacks.
Viruses
a piece of code that spreads from one computer to another by attaching itself to other files through a process of self-replication. Excites when the file it is attached to is opened.
Malicious insider
a threat originating from an employee in an organization who performs malicious acts, such as deleting critical information or sharing this critical information with outsiders, which may result in a certain amount of losses to the organization. Internal attackers might be fueled by some kind of resentment against the organization, in which case their goal might be to get revenge by simply causing damage or disrupting system.
Spyware
surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.
Impersonation
this is a human-based attack where an attacker pretends to be someone they are not. A common scenario is when the attacker calls an employee and pretends to be calling from the help desk. The attacker tells the employee he is reprogramming the order-entry database, and he need the employee's user anem and password to make sure it gets entered into the new system.
Malicious Code Attacks
type of attack where an attacker inserts some type os undesired or unauthorized software, or malware, into a target system. Intended to disrupt or disable an operating system or an application, or force the target system to disrupt or disable other systems.
Attacker
us a term that always represents a malicious system intruder.
Software Attack Combinations
used by itself or in combination with another type of attack, such as a social engineering attack.
Polymorphic Malware
uses this virus encryption, only decryption module is altered each time the virus infects a files. it makes it very difficult for antivirus software to detect an infection that is constantly changing.
Sinkhole Wage attack against WSN (Wireless Sensor Network)
A WSN is a collection of autonomous sensor-equipped devices that monitor and old physical and environmental conditions suck as temperature, humidity levels, lighting controls, ect and forwards data through a wireless gateway to a main network location. By luring traffic destined for a base station and sending it to the compromised device, the base station receives incomplete and inaccurate sensing data.
IV Attacks (Initialization Vector)
A number added to a key that constantly changes in order to prevent identical text from producing the same exact ciphertext upon encryption. Allows the attacker to predict or control the Initialization vector in order to bypass this effect.
Evil twin attack and account phishing
An evil twin attack on a social networking site is an attack where an attacker creates a social network account to impersonate a genuine user. Then, when the friends of that user all the attacker to become friends with them or join a gourd, the attacker can gain access to various personal detains and even company information of a company has a page on the site. This is often preceded by account phishing, in which an attacker creates an account and joins the friends list of an individual just to try to obtain information about the individual and their circle of friend or colleagues.
Bluesnarfing
Method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-feet Bluetooth transmission limit.
Bluejacking
Method used by attackers to send out unwanted Bluetooth signals from smartphone, mobile phones, tablets, and laptops to other Bluetooth enabled devices. This is a very close-range attack.
Electronic Activist (Hacktivist)
Motivated by a desire to cause social change, and might be trying to get media attention by disrupting services, or promoting a message by replacing the information on public websites. wants to cause damage to organizations that are deemed socially irresponsible or unworthy.
NOTE
Nearly anything can cause a DoS attack of it interrupts or disables a system.
Spam and Spim
Spam is an email based threat where the user's inbox is flooded with email which act as vehicles that carry advertising material for products or promotions for get rich quick schemes and can sometimes deliver viruses or malware. Spam can also be utilized within social networking sites such as Facebook and Twitter. Spim is an attack similar to spam that is propagated through instant messaging (IM) instead of through email.
Electronic Vandal
Want to cause as much as damage as possible, without any particular target or goal. The motivation might be for fun, or to gain attention or admiration, or stem from some type of social or personal resentment against a person or institution.
Man-made
Whether international or accidental, people can cause a number of physical threats. Backhoe operator may accidentally dig up fiber optic cables.
Spamming
Within social networking, spamming refers to sending unsolicited bulk messages by misusing the electronic messaging services inside the social networking site.
Botnet
is a set of computers that has been infected by a control program called a bot that enables attackers to collectively exploit those computers to mount attacks. Zombies or Drones are often unaware that their computers are being used for nefarious purpose
Guessing
simplest type of password attack is making individual, repeated attempts to guess a password,
Drive by download
This is a program that is automatically installed on a computer when a user accesses a malicious site, even without clicking a long or giving consent. This often happens when a sure searches for a social networking site and selects a site using a fraudulent link. Sometimes a drive-by download may be package invisibly together with a program that a user requests to download
Shoulder Surfing
This is an attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN.
Symptoms of DoS and DDoS attacks
1) Sudden and overwhelming service request from hose outside your network 2) A sudden and unexplained drop in the amount of available Internet bandwidth. 3) A sudden and overwhelming drain on a specific resource in a system, causing unusual behavior or freezes.
Sinkhole Wage Attack against MANET (Mobile ad-hoc networks)
A continuously felt-configuring network of mobile devices suck as smartphones, tablets, and laptops. Because of the changing nature of ad-hoc networks, each devices must act as a router. By falsely advertising a lower routing metric, the sinkhole attracts the majority of the MANET's traffic and could serve as a platform for attacks such as skewing load balancing, modifying packets, or dropping packets, all of which can adversely affect upper-layer applications.
Permanent DoS attack
Permanent DoS attacks, also called phlashing, target the actual hardware of a system in order to prevent the vicim from easily recovering from a denial of service. With a successful attack, phlashing forces the victim to repair or replace the hardware that runs the system. Taking advantage of remove administration, the attacker may be able to push corrupted firmware onto the hardware, causing that equipment to brick, or become completely inoperable.
Phishing
attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.[6] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet
Birthday Attack
exploits weaknesses in the mathematical algorithms used to generate hashes. This type os attack takes advantage of the probability of different inputs producing the same encrypted outputs, given a large enough set of inputs. It is named after the surprising statistical fact that there is a 50 percent chance that two people in a group of 23 will share a birthday.
Social Engineering Attack
is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
Trojan horse
is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and/or controlling a system. Often more insidious and remain undetected much more easily. Propagated by social engineering.
Buffer overflow
Many systems are services are vulnerable to a buffer overflow condition, in which too much data is fed into a fixed-length memory buffer, resulting in adjacent areas of memory being overwritten. Attackers can exploit buffer overflow vulnerabilities by deliberately invoking buffer overflow conditions, introducing bad data into memory, thus opening the door for any number of subsequent attack methods or simply causing the system to cease to function or respond. A buffer overflow can also occur when there is an excessive amount of incomplete fragmented traffic on a network. In this case, an attacker may attempt to pass through security systems or IDSs.
SYN flood
An attacker send countless requests for a TCP connection (SYN messages) to an FTP server, web server, or anything other target system attached to the Internet. The target server then responds to each request with a SYN-ACK mediate and, in doing so, creates a space in memory that will be used for the TCP session when the remote host responds with its own SYN-ACK message. However, the attacker has crafted the SYN mediate (usually through IP spoofing) so that the target server sends its initial SYN-ACK response to a computer that will never reply. So, the target server has reserved memory for numerous TCP connections that will never be completed. Eventually, the target server will stop responding to legitimate requests because it's memory resources are flooded with incomplete TCP connections.
Transitive Access Attacks
The access given to certain members in an organization to use data on a system without the need for authenticating themselves. Attacker can access and modify the file, then that will give transitive access to all data and programs to the attacker.
Hybrid Password Attack
The attack type utilizes multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password
URL Hijacking
Also called typo squatting, this is a tactic of exploiting typos that users sometimes make when entering a URL into a browser. URL that are misspelled (correct way www.comptia.com, URL Hijacking www.comtpia.com) it will mimic the real website or contain malicious software that will infect the victim's computers
Rogue Access point
An unauthorized wireless access point on a corporate or private network. Cause considerable damage to an organization's data. Not detected easily and can allow private network access to many unauthorized users with the proper devices.
Wireless security
Any method of securing your wireless LAN network to prevent unauthorized network access and network data theft.
DoS targets
Any service or network device, but is usually mounted against servers or routers, preventing them from responding to legitimate network requests.
Dictionary Attack
Automates password guessing by comparing passwords against a predetermined list of possible password values.
Data thief
Blatantly steals resources or confidential information for personal or financial gain. They are likely to try to cover their tracks so their attacks are not detected and stopped. Usually in data theft, the attacker exploits unauthorized access or acts in collusion with a disgruntled employee.
External
It is impossible for any organization to fully control external security threats. Example: power failures.
ARP Poisoning (Address Resolution Protocol)
The mechanism by which individual hardware MAC addresses are matched to an IP address on a network. Also know as ARP spoofing, occurs when an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.
Whaling
This is a form of spear phishing that targets individuals or organizations that are known to posses a good deal of wealth. whaling targets individuals who work in fortune 500 companies or financial institutions whose salaries are expected to he high.
Vishing
This is a human based attack where the goal is to extract personal, finanical or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over internet protocol VoIP) as the communication medium. This is also called voice phishing. Vishing can be more effective then phishing because of the trust that people tent to place in others they can speak to in real time. In addition, users may be too used to traditional telecommunications to know that VoIP identity can be much more easily spoofed due to the open nature of the Internet.
Dumpster diving
This is an attack where the goal is to reclaim important information by inspecting the contents of trash containers. This is especially effective in the first few weeks of the year as users discard old calendars with passwords written in them.
Hoax
This is an email-based or web-based attack that is intended to trick the user into performing undesired actions, suck as deleting important system files in an attempt to remove a virus. It could also be a scam to convinces users to give up important information or money for an interesting offer.
Key logging attack
Uses a software or hardware to capture each keystroke a user types.
Rainbow tables
set of related plaintext passwords and their hashes, The underlying principle of rainbow tables is to do the central processing unit (CPU) intensive work of generating hashed in advance, trading time saved during the attack for the disk space to store the tables. Rainbow table attacks are executed by comparing the target password hash to the password hashes stored in the tables, then working backward in an attempt to determine the actual password from the known hash. (Example: password or passw0rd or p@ssw0rd)