Ch.3 Inf SEC ASS
Man-In-The-Middle Attacks
An attacker intercepts messages between two parties before transferring them on to their intended destination. Takes advantage of the multihop process used by many types of networks. Web spoofing is an example, where the user thinks they have a secure connection to the server, but really only the attacker has that. The hacker then has a secure connection to the server and stays invisible-go-between and can trick you into supplying passwords, credit card info, or private data. TLDR: The hacker acts as a go-between you and the server and stays invisible, recording.
Pharming
An online scam that attacks the browser's address bar. They poison the domain name, which is known as DNS poisoning. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information. It doesn't even show you are on a different website, making it very dangerous.
IP Address Spoofing
Creating IP packets with a forged IP address to hide the sender's identity or to impersonate another computer system. Presenting a false network address to pretend to be a different computer. The attacker can change the computer's network address to appear as an authorized computer in target's network. The hacker can then access protected internal resources.
Trojan Horse
It is malware that masquerades as a useful program. It is either a virus or a worm that is a program designed to look real. The malware is hidden within. It usually has real functions as well. Trojans can hide programs and collect data, open backdoors into computers, and actively upload/download files.
Smurf Attack
Known as a flooding attack, When you ping a computer to see if it's alive and well on the internet. It will echo back yes and if you get that echo back it tells you it's alive. If you ping 3 million computers and want the echo to be directed to a specific target, they will be DoS'd due to 3 million pings. 65,000 ports, if all ports are stuck on bogus connections, no one can get access to that computer. On exam! Becoming obsolete Flooding attack: Kinda like a smurf attack
Virus
Malicious code that attaches itself or copies itself into a legitimate program on a computer. When the user runs that program, it authenticates the virus and it can begin to run and replicate to other computers.
6 Countermeasures against malware on the exam
1. Have an incident response team (IRT) to determine if an incident is worthy of response. 2. Educate users with awareness training. **BIGGEST COUNTERMEASURE 3. Anti-malware software/anti-virus software, and update them regularly. 4. Secure login authentication(multi-factor authentication) 5. Firewall: A program or dedicated hardware device that inspects network traffic passing through it, and denies or permits the traffic based on a set of rules set in advance. Default option is to deny. It can be used to protect an endpoint like a database. If a packet is trying to enter from outside and has its source address set as internal(inside) then deny that. 6. DMZ
Hierarchy for layers of defense:
1st: Network which is firewalls, intrusion protection systems, detection systems 2. Operating system of your endpoint(which is your PC/server/printer/database/whatever) which has anti virus software. 3. Last layer is the application(such as a database requiring a password)
Gray-Hat HAckers:
A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches. A hacker who will identify but not exploit discovered vulnerabilities yet may still expect a reward for not disclosing the vulnerability openly.
Worm
A self-contained program that replicates and sends copies of itself to other computers without user input or action. It does NOT need a host program to infect and is a standalone program. It replicates completely on its own without any user input whatsoever.
Dictionary password attack
A subset of brute force attacks. The hackers try shorter and simpler combinations, including actual words from the dictionary, because such passwords are very common.
Hijacking
A type of attack where the attacker takes control of a session between two machines and masquerades as one of them. They can do all kinds of things from here. Many different types, such as man-in-the-middle hijacking.
SYN Attack
A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses. Someone requested a connection, is assigned a port, and then the computer is waiting for acknowledgement that never comes, and it sits idle. No acknowledgement is sent back, port is forced idle. 65,000 ports, if all ports are stuck on bogus connections, no one can get access to that computer.
Phising
A type of fraud where an attacker attempts to trick a victim into providing private information, such as credit card numbers, passwords, bank account numbers, etc.
Replay Attack
A type of network attack where an attacker captures network traffic(data packets) from a network and stores it for retransmission at a later time to gain unauthorized access to a network.
White-Hat Hacker
Also called an ethical hacker, they look for vulnerabilities as part of them job, are security information professionals. They also perform penetration testing. White-hats identify for the purpose of fixing vulnerabilities. Black-hackers do it for fun or to exploit them.
Rootkit
Malware that modifies or replaces an existing program, which makes it next to impossible to detect or remove. All tracks/traces of its existence are covered and hidden. It can modify parts of your operating system, and can exist from any a part of a computer. Like the boot up instructions. Ex: A simple rootkit might replace the windows task manager with a modified version that does not list any program named malware.exe so that the administrators never know the malware program is running.
Birthday Attack
Once an attacker compromises a hashed password file, a birthday attack is performed. A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier. It is a mathematical exploit that is based on the birthday problem in probability theory.
Masquerading attack
One user/computer pretends to be another user/computer. Usually includes IP address spoofing or replaying. They can later go on to replay login info they got, authentication sequences, usernames/passwords, etc and then impersonate the user.
Distributed Denial of Service Attack
Overloads computers and prevents legitimate users from gaining access. It is more difficult to stop than a DoS attack because DDoS originates from different sources. DoS is one computer/server. Can be millions of different ones with DDoS.
Port Scanner
Ports are doorways into your computer system from the applications on your PC (they broadcast ports for people to connect to) ON EXAM!!!!!!!!!!!!!!! A port scanner is a tool used to scan IP host devices for open ports that have been enabled. Think of a port number as a channel commonly associated with a service. For example, Port 80 is for HTTP web traffic, Port scanners are used to identify open ports or applications and services that are enabled on the IP host device. This provides attackers with valuable information that can be used in the attack.
Black-Hat Hacker
Tries to find vulnerabilities in a system to gain access to show off technical prowess. May exploit holes in systems but generally do not attempt to disclose vulnerabilities they find to the administrators of those systems. Question 30 on exam is between a white hat and a black hat hacker. White hat looking for vulnerabilities for admin. Black hat hacker has malicious intent.
Malicious software can be hidden inside what?
URL Links, PDF Files, ZIP Files. Passwords are stored in hash algorithms that take years for PC's to try and crack by trying every combination of code.
On EXAM: How are viruses are worms different?
Viruses need something legitimate to attach to and also need user input, because the user must authenticate the virus by running the program its hidden in, so that it can run and then eventually replicate itself. Worms do not need any user input to replicate, do not need any host program, and they use up a very high amount of resources on your PC.
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information. Depends on the basic tendency of humans to want to be helpful. In almost all cases, it involves authorized users being tricked into carrying out actions for unauthorized actions.
Cracker
Has hostile intent and with sophisticated skills and may be interested in financial gain. These are the greatest threats to networks and information resources. They also try to crack passwords.
denial of service attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources. A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
Phreaking
the art of exploiting bugs and glitches that exist in the telephone system. These people explore and experiment on phone equipment and systems.
brute force attack
the password cracker tries every possible combination of characters until they gain access by guessing your password.