Security Chapter 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Physical security threat and vulnerability

Description

Natural

Although natural threats are easy to overlook, they can pose a significant threat to the physical security of a facility. Tornadoes.

Clickjacking

An attack that tricks a user into clicking an unintended link. The attacker uses a combination of visible and invisible HTML frames to fool the use into thinking what they are clicking is what's visible, when in fact the invisible link is layered on top of or beneath the visible frame. This happens when a user is going through a fraudulent networking site or a site that has been hijacked by an attacker.

Session hijacking attack

Involves exploiting a computer in session to obtain unauthorized access to an organization's network or services.

Near Field Commnication

Is a standard of communication between mobile devices like smartphones and tablets in very close proximity, usually when touching or being only a few inches apart from each other.

Peer to peer (P2P) attacks

Launched by malware propagating through P2P networks. Shared command and control architecture, making it harder to detect an attack. Can be used to launch huge DoS attacks. Van be compromised by malware such as viruses and Trojans. Control all these compromised computers to launch a DDoS attack.

Physical Security

To the implementation and practice of various control mechanisms that are intended to restrict physical access to facilities. 1) Facilities intrusions 2) Electrical grid failures 3) Fire 4) Personnel illnesses 5) Data Network interruptions.

Rootkits

code that intended to take full or partial control of a system at the lowest levels. Attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a system.

VoIP

a technology that enables you to deliver telephony information over IP network. Voice information that is sent over the IP network in digital form in packets, as compared to the implementation on the Public switched Telephone Network (PSTN )

War Driving Tools

NetStumbler Kismet Aircrack

Physical Network Address

Packets based on a unique physical address that is individually assigned to every network adapter board by the adapter's manufacturer. No two network adapters in the world are supposed to have the same physical address.

Sinkhole Attacks

Take advantage of routing on a wireless network by creating a single node through which all traffic goes. Individual node is able to trick the other nodes into redirecting their traffic.

White Hat

hacker who discovers and exposes security flaws in applications and operating system so that manufacturers can fix them before they become widespread problems. Professional basis. Working for security organization or a system manufacturer. Ethical hack.

Takeover Attack

in which an attacker assumes complete control over a system.

Jamming

Also called interference, is an attack in which radio waves disrupt 802.11 wireless signals.

Tailgating

Also know as piggy backing, this is a human-based attack where the attacker will slip in through a secure area following a legitimate employee. The only way to prevent this type of attack is by installing a good access control mechanism and to educate users not to admit unauthorized personnel.

Packet Sniffing

Can be used as an attack on wireless network where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.

Internal

It is important to aways consider what is happening inside an organization, especially when physical security is concerned. Disgruntled employee

URL Shortening service

Makes it easier to share links on social networking sites by abbreviating the Uniform Resource Locators. Creates a vulnerability that attackers can exploit because the shortened URL hides the true target of the link. User may be directed to a fraudulent site that is a source of malware or other threats.

Logic Bombs

A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. detonates and performs whatever actions it was programmed to do.

Ransomware

increasingly popular variety of malware in which an attacker infects a victim's computer with code that restricts the victim's access to their computer or the data on it. Demands a ransom be paid.

Black hat

is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. not break directly into systems they way attackers do, widely publicizing security flaws can potentially cause financial or other damage to an organization.

Worms

malware that, like a virus, replicates itself across the infected system. It doesn't attach itself to other programs or files. Worms that do carry payloads often turn computers into remote zombies that an attacker can use to launch other attacks from.

Spoofing

This is a human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occure in Internet Protocol (IP) addresses, network adapter hardware (Media Access Control (MAC) addresses, and emails. If employed in email, various email meddage headers are changed to conceal the originator's identity

Password stealer

A type of software that, when installed on a system, will be able to capture all the passwords and user names interred into the instant messaging application or social network site that it was designed for. This information is send back to the attacker who can use it for fraudulent purposes.

War driving and war chalking

Act of searching for instances of wireless networks using tracking devices suck as smartphones, tablets or laptops. War Chalking act of using symbols to mark up a sidewalk or wall to indicate the presence and status f a nearby wireless network

Armored Virusest

That they attempt to trick or shield themselves from antivirus software and security professionals. to fool antivirus software, an armorvirus is able to obscure its true location in the system and lead the software to believe that it resides elsewhere.

DoS Attacks include

1) Flooding a network link with data to consume all available bandwidth. 2) Sending data designed to exploit known flaws in an application. 3) Sending multiple service request to consume a system's resources. 4) Flooding a user's email inbox with spam messages, causing gunning messages to get bounced back to the sender.

Backdoor attacks

a type of software attack where an attacker creates a software mechanism called backdoor to gain access to a computer. Software utility or an illegitimate user account. Backdoor is delivered through use of a Trojan horse or other malware. Software typically listens for commands from the attacker on an open port. Often survives even after the initial intrusion has been discovered and resolved. can be difficult to spot. may not leave any obvious evidence behind.

Script Kiddie

an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.[3] However, the term does not relate to the actual age of the participant

Software Attacks

any attack against software resources, including operating systems, applications, protocols and files. Surreptitiously gain control of a computer so that the attacker can use that computer in the future, often for profit or further malicious activity.

Password Attack

any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. attacker can guess or steal passwords or crack encrypted password files.

Application Attacks

are software attacks that are targeted at web-based and other client-server applications. Source code disclosure or tampering. Network breaches. Attacks that specifically exploit the trust between a user and a server are called client side attacks.

Cyberterrorist.

attacker tries to disrupt computer systems in an attempt to spread dear and panic. Just as the definitions of terrorism is controversial, there is disagreement as to whether or not attacks on computer systems should be considered cybterrorism if they do not cause physical harm or damage to infrastructure.

Brute force attack

attacker uses password-cracking software to attempt every possible alphanumeric password combination.

Stealing

sniffing network communications, reading handwritten password notes, or observing a user in the act of entering a password

Adware

software that automatically displays or downloads unsolicited advertisements when it is used. often appears as a pop-up.

Reflected DoS attack

In reflected DoS and DDoS attacks, a forged source IP address is used when sending requests to a large number of computers. This causes those systems to send a reply to the target system, causing a DoS conditions.

Hackers

was a neutral term for a used who excelled at computer programming and computer system administrator.

Hardware attacks

An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling or smart card.

Evidence of a Malicious Code Attack

Corrupted applications, data files, and system files; unsolicited pop-up advertisements; counterfeit virus scan or software update notification, or reduced system performance or increase network traffic.

DoS Attack Type

Description

Wireless Relay Attack

Fine it easier to capture packets over a wireless network and replay the in order to manipulate the data stream. Can also be used in conjunction with an IV attack to successfully break weak encryption.

DDoS Attacks (Distributed Denial of service)

Is a type of DoS attack that uses multiple computers on disparate networks to launch that attack from many simultaneous sources. Attacker introduces unauthorized software that turns the computer into a zombie/drone that directs the computers to launch the attack. Host computers gots the zombies.

DoS Attacks

Network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means,

NOTE:

Notable P2P programs of the past are Napster, Kazaa, and LimeWire, all of which are now either defunct or no longer P2P.

UDP Flood (User Datagram Protocol)

The attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.

ICMP flood

This attack is based on sending high volumes of ICMP ping packets to a target. Common names for ICMP flood attacks are Smurf attacks and ping floods. Modern systems and networks are usually well-protected against these types of attacks.

Viruses

a piece of code that spreads from one computer to another by attaching itself to other files through a process of self-replication. Excites when the file it is attached to is opened.

Malicious insider

a threat originating from an employee in an organization who performs malicious acts, such as deleting critical information or sharing this critical information with outsiders, which may result in a certain amount of losses to the organization. Internal attackers might be fueled by some kind of resentment against the organization, in which case their goal might be to get revenge by simply causing damage or disrupting system.

Spyware

surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.

Impersonation

this is a human-based attack where an attacker pretends to be someone they are not. A common scenario is when the attacker calls an employee and pretends to be calling from the help desk. The attacker tells the employee he is reprogramming the order-entry database, and he need the employee's user anem and password to make sure it gets entered into the new system.

Malicious Code Attacks

type of attack where an attacker inserts some type os undesired or unauthorized software, or malware, into a target system. Intended to disrupt or disable an operating system or an application, or force the target system to disrupt or disable other systems.

Attacker

us a term that always represents a malicious system intruder.

Software Attack Combinations

used by itself or in combination with another type of attack, such as a social engineering attack.

Polymorphic Malware

uses this virus encryption, only decryption module is altered each time the virus infects a files. it makes it very difficult for antivirus software to detect an infection that is constantly changing.

Sinkhole Wage attack against WSN (Wireless Sensor Network)

A WSN is a collection of autonomous sensor-equipped devices that monitor and old physical and environmental conditions suck as temperature, humidity levels, lighting controls, ect and forwards data through a wireless gateway to a main network location. By luring traffic destined for a base station and sending it to the compromised device, the base station receives incomplete and inaccurate sensing data.

IV Attacks (Initialization Vector)

A number added to a key that constantly changes in order to prevent identical text from producing the same exact ciphertext upon encryption. Allows the attacker to predict or control the Initialization vector in order to bypass this effect.

Evil twin attack and account phishing

An evil twin attack on a social networking site is an attack where an attacker creates a social network account to impersonate a genuine user. Then, when the friends of that user all the attacker to become friends with them or join a gourd, the attacker can gain access to various personal detains and even company information of a company has a page on the site. This is often preceded by account phishing, in which an attacker creates an account and joins the friends list of an individual just to try to obtain information about the individual and their circle of friend or colleagues.

Bluesnarfing

Method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-feet Bluetooth transmission limit.

Bluejacking

Method used by attackers to send out unwanted Bluetooth signals from smartphone, mobile phones, tablets, and laptops to other Bluetooth enabled devices. This is a very close-range attack.

Electronic Activist (Hacktivist)

Motivated by a desire to cause social change, and might be trying to get media attention by disrupting services, or promoting a message by replacing the information on public websites. wants to cause damage to organizations that are deemed socially irresponsible or unworthy.

NOTE

Nearly anything can cause a DoS attack of it interrupts or disables a system.

Spam and Spim

Spam is an email based threat where the user's inbox is flooded with email which act as vehicles that carry advertising material for products or promotions for get rich quick schemes and can sometimes deliver viruses or malware. Spam can also be utilized within social networking sites such as Facebook and Twitter. Spim is an attack similar to spam that is propagated through instant messaging (IM) instead of through email.

Electronic Vandal

Want to cause as much as damage as possible, without any particular target or goal. The motivation might be for fun, or to gain attention or admiration, or stem from some type of social or personal resentment against a person or institution.

Man-made

Whether international or accidental, people can cause a number of physical threats. Backhoe operator may accidentally dig up fiber optic cables.

Spamming

Within social networking, spamming refers to sending unsolicited bulk messages by misusing the electronic messaging services inside the social networking site.

Botnet

is a set of computers that has been infected by a control program called a bot that enables attackers to collectively exploit those computers to mount attacks. Zombies or Drones are often unaware that their computers are being used for nefarious purpose

Guessing

simplest type of password attack is making individual, repeated attempts to guess a password,

Drive by download

This is a program that is automatically installed on a computer when a user accesses a malicious site, even without clicking a long or giving consent. This often happens when a sure searches for a social networking site and selects a site using a fraudulent link. Sometimes a drive-by download may be package invisibly together with a program that a user requests to download

Shoulder Surfing

This is an attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN.

Symptoms of DoS and DDoS attacks

1) Sudden and overwhelming service request from hose outside your network 2) A sudden and unexplained drop in the amount of available Internet bandwidth. 3) A sudden and overwhelming drain on a specific resource in a system, causing unusual behavior or freezes.

Sinkhole Wage Attack against MANET (Mobile ad-hoc networks)

A continuously felt-configuring network of mobile devices suck as smartphones, tablets, and laptops. Because of the changing nature of ad-hoc networks, each devices must act as a router. By falsely advertising a lower routing metric, the sinkhole attracts the majority of the MANET's traffic and could serve as a platform for attacks such as skewing load balancing, modifying packets, or dropping packets, all of which can adversely affect upper-layer applications.

Permanent DoS attack

Permanent DoS attacks, also called phlashing, target the actual hardware of a system in order to prevent the vicim from easily recovering from a denial of service. With a successful attack, phlashing forces the victim to repair or replace the hardware that runs the system. Taking advantage of remove administration, the attacker may be able to push corrupted firmware onto the hardware, causing that equipment to brick, or become completely inoperable.

Phishing

attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.[6] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet

Birthday Attack

exploits weaknesses in the mathematical algorithms used to generate hashes. This type os attack takes advantage of the probability of different inputs producing the same encrypted outputs, given a large enough set of inputs. It is named after the surprising statistical fact that there is a 50 percent chance that two people in a group of 23 will share a birthday.

Social Engineering Attack

is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Trojan horse

is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and/or controlling a system. Often more insidious and remain undetected much more easily. Propagated by social engineering.

Buffer overflow

Many systems are services are vulnerable to a buffer overflow condition, in which too much data is fed into a fixed-length memory buffer, resulting in adjacent areas of memory being overwritten. Attackers can exploit buffer overflow vulnerabilities by deliberately invoking buffer overflow conditions, introducing bad data into memory, thus opening the door for any number of subsequent attack methods or simply causing the system to cease to function or respond. A buffer overflow can also occur when there is an excessive amount of incomplete fragmented traffic on a network. In this case, an attacker may attempt to pass through security systems or IDSs.

SYN flood

An attacker send countless requests for a TCP connection (SYN messages) to an FTP server, web server, or anything other target system attached to the Internet. The target server then responds to each request with a SYN-ACK mediate and, in doing so, creates a space in memory that will be used for the TCP session when the remote host responds with its own SYN-ACK message. However, the attacker has crafted the SYN mediate (usually through IP spoofing) so that the target server sends its initial SYN-ACK response to a computer that will never reply. So, the target server has reserved memory for numerous TCP connections that will never be completed. Eventually, the target server will stop responding to legitimate requests because it's memory resources are flooded with incomplete TCP connections.

Transitive Access Attacks

The access given to certain members in an organization to use data on a system without the need for authenticating themselves. Attacker can access and modify the file, then that will give transitive access to all data and programs to the attacker.

Hybrid Password Attack

The attack type utilizes multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password

URL Hijacking

Also called typo squatting, this is a tactic of exploiting typos that users sometimes make when entering a URL into a browser. URL that are misspelled (correct way www.comptia.com, URL Hijacking www.comtpia.com) it will mimic the real website or contain malicious software that will infect the victim's computers

Rogue Access point

An unauthorized wireless access point on a corporate or private network. Cause considerable damage to an organization's data. Not detected easily and can allow private network access to many unauthorized users with the proper devices.

Wireless security

Any method of securing your wireless LAN network to prevent unauthorized network access and network data theft.

DoS targets

Any service or network device, but is usually mounted against servers or routers, preventing them from responding to legitimate network requests.

Dictionary Attack

Automates password guessing by comparing passwords against a predetermined list of possible password values.

Data thief

Blatantly steals resources or confidential information for personal or financial gain. They are likely to try to cover their tracks so their attacks are not detected and stopped. Usually in data theft, the attacker exploits unauthorized access or acts in collusion with a disgruntled employee.

External

It is impossible for any organization to fully control external security threats. Example: power failures.

ARP Poisoning (Address Resolution Protocol)

The mechanism by which individual hardware MAC addresses are matched to an IP address on a network. Also know as ARP spoofing, occurs when an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.

Whaling

This is a form of spear phishing that targets individuals or organizations that are known to posses a good deal of wealth. whaling targets individuals who work in fortune 500 companies or financial institutions whose salaries are expected to he high.

Vishing

This is a human based attack where the goal is to extract personal, finanical or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over internet protocol VoIP) as the communication medium. This is also called voice phishing. Vishing can be more effective then phishing because of the trust that people tent to place in others they can speak to in real time. In addition, users may be too used to traditional telecommunications to know that VoIP identity can be much more easily spoofed due to the open nature of the Internet.

Dumpster diving

This is an attack where the goal is to reclaim important information by inspecting the contents of trash containers. This is especially effective in the first few weeks of the year as users discard old calendars with passwords written in them.

Hoax

This is an email-based or web-based attack that is intended to trick the user into performing undesired actions, suck as deleting important system files in an attempt to remove a virus. It could also be a scam to convinces users to give up important information or money for an interesting offer.

Key logging attack

Uses a software or hardware to capture each keystroke a user types.

Rainbow tables

set of related plaintext passwords and their hashes, The underlying principle of rainbow tables is to do the central processing unit (CPU) intensive work of generating hashed in advance, trading time saved during the attack for the disk space to store the tables. Rainbow table attacks are executed by comparing the target password hash to the password hashes stored in the tables, then working backward in an attempt to determine the actual password from the known hash. (Example: password or passw0rd or p@ssw0rd)


Set pelajaran terkait

RIU 332 - Sonographic Eval of Pelvis

View Set

虚拟学习 Virtual Learning Vocabulary

View Set

Norme Sulla Circolazione Dei Veicoli (parte 2)

View Set

Chapter 31: Societies at Crossroads

View Set

NURS 7300: Unit 2 Review Questions

View Set

Astronomy and earth science chapter 6

View Set

AP Lang vocab #6 synonyms and antonyms

View Set