Security Chapter 2

question

Social Engineering Attack
answer

is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
question

Social engineering is one of the most common and successful malicious techniques in information security.
answer

question

Spoofing
answer

This is a human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occure in Internet Protocol (IP) addresses, network adapter hardware (Media Access Control (MAC) addresses, and emails. If employed in email, various email meddage headers are changed to conceal the originator’s identity
question

Impersonation
answer

this is a human-based attack where an attacker pretends to be someone they are not. A common scenario is when the attacker calls an employee and pretends to be calling from the help desk. The attacker tells the employee he is reprogramming the order-entry database, and he need the employee’s user anem and password to make sure it gets entered into the new system.
question

Hoax
answer

This is an email-based or web-based attack that is intended to trick the user into performing undesired actions, suck as deleting important system files in an attempt to remove a virus. It could also be a scam to convinces users to give up important information or money for an interesting offer.
question

Phishing
answer

attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.[6] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet
question

Vishing
answer

This is a human based attack where the goal is to extract personal, finanical or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over internet protocol VoIP) as the communication medium. This is also called voice phishing. Vishing can be more effective then phishing because of the trust that people tent to place in others they can speak to in real time. In addition, users may be too used to traditional telecommunications to know that VoIP identity can be much more easily spoofed due to the open nature of the Internet.
question

Whaling
answer

This is a form of spear phishing that targets individuals or organizations that are known to posses a good deal of wealth. whaling targets individuals who work in fortune 500 companies or financial institutions whose salaries are expected to he high.
question

URL Hijacking
answer

Also called typo squatting, this is a tactic of exploiting typos that users sometimes make when entering a URL into a browser. URL that are misspelled (correct way www.comptia.com, URL Hijacking www.comtpia.com) it will mimic the real website or contain malicious software that will infect the victim’s computers
question

Spam and Spim
answer

Spam is an email based threat where the user’s inbox is flooded with email which act as vehicles that carry advertising material for products or promotions for get rich quick schemes and can sometimes deliver viruses or malware. Spam can also be utilized within social networking sites such as Facebook and Twitter. Spim is an attack similar to spam that is propagated through instant messaging (IM) instead of through email.
question

Shoulder Surfing
answer

This is an attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN.
question

Dumpster diving
answer

This is an attack where the goal is to reclaim important information by inspecting the contents of trash containers. This is especially effective in the first few weeks of the year as users discard old calendars with passwords written in them.
question

Tailgating
answer

Also know as piggy backing, this is a human-based attack where the attacker will slip in through a secure area following a legitimate employee. The only way to prevent this type of attack is by installing a good access control mechanism and to educate users not to admit unauthorized personnel.
question

VoIP
answer

a technology that enables you to deliver telephony information over IP network. Voice information that is sent over the IP network in digital form in packets, as compared to the implementation on the Public switched Telephone Network (PSTN )
question

Hackers
answer

was a neutral term for a used who excelled at computer programming and computer system administrator.
question

Attacker
answer

us a term that always represents a malicious system intruder.
question

White Hat
answer

hacker who discovers and exposes security flaws in applications and operating system so that manufacturers can fix them before they become widespread problems. Professional basis. Working for security organization or a system manufacturer. Ethical hack.
question

Black hat
answer

is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. not break directly into systems they way attackers do, widely publicizing security flaws can potentially cause financial or other damage to an organization.
question

Malicious insider
answer

a threat originating from an employee in an organization who performs malicious acts, such as deleting critical information or sharing this critical information with outsiders, which may result in a certain amount of losses to the organization. Internal attackers might be fueled by some kind of resentment against the organization, in which case their goal might be to get revenge by simply causing damage or disrupting system.
question

Electronic Activist (Hacktivist)
answer

Motivated by a desire to cause social change, and might be trying to get media attention by disrupting services, or promoting a message by replacing the information on public websites. wants to cause damage to organizations that are deemed socially irresponsible or unworthy.
question

Data thief
answer

Blatantly steals resources or confidential information for personal or financial gain. They are likely to try to cover their tracks so their attacks are not detected and stopped. Usually in data theft, the attacker exploits unauthorized access or acts in collusion with a disgruntled employee.
question

Script Kiddie
answer

an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.[3] However, the term does not relate to the actual age of the participant
question

Electronic Vandal
answer

Want to cause as much as damage as possible, without any particular target or goal. The motivation might be for fun, or to gain attention or admiration, or stem from some type of social or personal resentment against a person or institution.
question

Cyberterrorist.
answer

attacker tries to disrupt computer systems in an attempt to spread dear and panic. Just as the definitions of terrorism is controversial, there is disagreement as to whether or not attacks on computer systems should be considered cybterrorism if they do not cause physical harm or damage to infrastructure.
question

Malicious Code Attacks
answer

type of attack where an attacker inserts some type os undesired or unauthorized software, or malware, into a target system. Intended to disrupt or disable an operating system or an application, or force the target system to disrupt or disable other systems.
question

Evidence of a Malicious Code Attack
answer

Corrupted applications, data files, and system files; unsolicited pop-up advertisements; counterfeit virus scan or software update notification, or reduced system performance or increase network traffic.
question

Viruses
answer

a piece of code that spreads from one computer to another by attaching itself to other files through a process of self-replication. Excites when the file it is attached to is opened.
question

Worms
answer

malware that, like a virus, replicates itself across the infected system. It doesn’t attach itself to other programs or files. Worms that do carry payloads often turn computers into remote zombies that an attacker can use to launch other attacks from.
question

Adware
answer

software that automatically displays or downloads unsolicited advertisements when it is used. often appears as a pop-up.
question

Spyware
answer

surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.
question

Trojan horse
answer

is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and/or controlling a system. Often more insidious and remain undetected much more easily. Propagated by social engineering.
question

Rootkits
answer

code that intended to take full or partial control of a system at the lowest levels. Attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a system.
question

Logic Bombs
answer

A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. detonates and performs whatever actions it was programmed to do.
question

Botnet
answer

is a set of computers that has been infected by a control program called a bot that enables attackers to collectively exploit those computers to mount attacks. Zombies or Drones are often unaware that their computers are being used for nefarious purpose
question

Ransomware
answer

increasingly popular variety of malware in which an attacker infects a victim’s computer with code that restricts the victim’s access to their computer or the data on it. Demands a ransom be paid.
question

Polymorphic Malware
answer

uses this virus encryption, only decryption module is altered each time the virus infects a files. it makes it very difficult for antivirus software to detect an infection that is constantly changing.
question

Armored Virusest
answer

That they attempt to trick or shield themselves from antivirus software and security professionals. to fool antivirus software, an armorvirus is able to obscure its true location in the system and lead the software to believe that it resides elsewhere.
question

Software Attacks
answer

any attack against software resources, including operating systems, applications, protocols and files. Surreptitiously gain control of a computer so that the attacker can use that computer in the future, often for profit or further malicious activity.
question

Software Attack Combinations
answer

used by itself or in combination with another type of attack, such as a social engineering attack.
question

Password Attack
answer

any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. attacker can guess or steal passwords or crack encrypted password files.
question

Type of Password Attacks
answer

question

Guessing
answer

simplest type of password attack is making individual, repeated attempts to guess a password,
question

Stealing
answer

sniffing network communications, reading handwritten password notes, or observing a user in the act of entering a password
question

Dictionary Attack
answer

Automates password guessing by comparing passwords against a predetermined list of possible password values.
question

Brute force attack
answer

attacker uses password-cracking software to attempt every possible alphanumeric password combination.
question

Rainbow tables
answer

set of related plaintext passwords and their hashes, The underlying principle of rainbow tables is to do the central processing unit (CPU) intensive work of generating hashed in advance, trading time saved during the attack for the disk space to store the tables. Rainbow table attacks are executed by comparing the target password hash to the password hashes stored in the tables, then working backward in an attempt to determine the actual password from the known hash. (Example: password or passw0rd or [email protected])
question

Hybrid Password Attack
answer

The attack type utilizes multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password
question

Birthday Attack
answer

exploits weaknesses in the mathematical algorithms used to generate hashes. This type os attack takes advantage of the probability of different inputs producing the same encrypted outputs, given a large enough set of inputs. It is named after the surprising statistical fact that there is a 50 percent chance that two people in a group of 23 will share a birthday.
question

Backdoor attacks
answer

a type of software attack where an attacker creates a software mechanism called backdoor to gain access to a computer. Software utility or an illegitimate user account. Backdoor is delivered through use of a Trojan horse or other malware. Software typically listens for commands from the attacker on an open port. Often survives even after the initial intrusion has been discovered and resolved. can be difficult to spot. may not leave any obvious evidence behind.
question

Takeover Attack
answer

in which an attacker assumes complete control over a system.
question

Application Attacks
answer

are software attacks that are targeted at web-based and other client-server applications. Source code disclosure or tampering. Network breaches. Attacks that specifically exploit the trust between a user and a server are called client side attacks.
question

Evil twin attack and account phishing
answer

An evil twin attack on a social networking site is an attack where an attacker creates a social network account to impersonate a genuine user. Then, when the friends of that user all the attacker to become friends with them or join a gourd, the attacker can gain access to various personal detains and even company information of a company has a page on the site. This is often preceded by account phishing, in which an attacker creates an account and joins the friends list of an individual just to try to obtain information about the individual and their circle of friend or colleagues.
question

Drive by download
answer

This is a program that is automatically installed on a computer when a user accesses a malicious site, even without clicking a long or giving consent. This often happens when a sure searches for a social networking site and selects a site using a fraudulent link. Sometimes a drive-by download may be package invisibly together with a program that a user requests to download
question

Clickjacking
answer

An attack that tricks a user into clicking an unintended link. The attacker uses a combination of visible and invisible HTML frames to fool the use into thinking what they are clicking is what’s visible, when in fact the invisible link is layered on top of or beneath the visible frame. This happens when a user is going through a fraudulent networking site or a site that has been hijacked by an attacker.
question

Password stealer
answer

A type of software that, when installed on a system, will be able to capture all the passwords and user names interred into the instant messaging application or social network site that it was designed for. This information is send back to the attacker who can use it for fraudulent purposes.
question

Spamming
answer

Within social networking, spamming refers to sending unsolicited bulk messages by misusing the electronic messaging services inside the social networking site.
question

URL Shortening service
answer

Makes it easier to share links on social networking sites by abbreviating the Uniform Resource Locators. Creates a vulnerability that attackers can exploit because the shortened URL hides the true target of the link. User may be directed to a fraudulent site that is a source of malware or other threats.
question

DoS Attacks
answer

Network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means,
question

DoS Attacks include
answer

1) Flooding a network link with data to consume all available bandwidth. 2) Sending data designed to exploit known flaws in an application. 3) Sending multiple service request to consume a system’s resources. 4) Flooding a user’s email inbox with spam messages, causing gunning messages to get bounced back to the sender.
question

NOTE
answer

Nearly anything can cause a DoS attack of it interrupts or disables a system.
question

DoS targets
answer

Any service or network device, but is usually mounted against servers or routers, preventing them from responding to legitimate network requests.
question

DDoS Attacks (Distributed Denial of service)
answer

Is a type of DoS attack that uses multiple computers on disparate networks to launch that attack from many simultaneous sources. Attacker introduces unauthorized software that turns the computer into a zombie/drone that directs the computers to launch the attack. Host computers gots the zombies.
question

Symptoms of DoS and DDoS attacks
answer

1) Sudden and overwhelming service request from hose outside your network 2) A sudden and unexplained drop in the amount of available Internet bandwidth. 3) A sudden and overwhelming drain on a specific resource in a system, causing unusual behavior or freezes.
question

DoS Attack Type
answer

Description
question

ICMP flood
answer

This attack is based on sending high volumes of ICMP ping packets to a target. Common names for ICMP flood attacks are Smurf attacks and ping floods. Modern systems and networks are usually well-protected against these types of attacks.
question

UDP Flood (User Datagram Protocol)
answer

The attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.
question

SYN flood
answer

An attacker send countless requests for a TCP connection (SYN messages) to an FTP server, web server, or anything other target system attached to the Internet. The target server then responds to each request with a SYN-ACK mediate and, in doing so, creates a space in memory that will be used for the TCP session when the remote host responds with its own SYN-ACK message. However, the attacker has crafted the SYN mediate (usually through IP spoofing) so that the target server sends its initial SYN-ACK response to a computer that will never reply. So, the target server has reserved memory for numerous TCP connections that will never be completed. Eventually, the target server will stop responding to legitimate requests because it’s memory resources are flooded with incomplete TCP connections.
question

Buffer overflow
answer

Many systems are services are vulnerable to a buffer overflow condition, in which too much data is fed into a fixed-length memory buffer, resulting in adjacent areas of memory being overwritten. Attackers can exploit buffer overflow vulnerabilities by deliberately invoking buffer overflow conditions, introducing bad data into memory, thus opening the door for any number of subsequent attack methods or simply causing the system to cease to function or respond. A buffer overflow can also occur when there is an excessive amount of incomplete fragmented traffic on a network. In this case, an attacker may attempt to pass through security systems or IDSs.
question

Reflected DoS attack
answer

In reflected DoS and DDoS attacks, a forged source IP address is used when sending requests to a large number of computers. This causes those systems to send a reply to the target system, causing a DoS conditions.
question

Permanent DoS attack
answer

Permanent DoS attacks, also called phlashing, target the actual hardware of a system in order to prevent the vicim from easily recovering from a denial of service. With a successful attack, phlashing forces the victim to repair or replace the hardware that runs the system. Taking advantage of remove administration, the attacker may be able to push corrupted firmware onto the hardware, causing that equipment to brick, or become completely inoperable.
question

Session hijacking attack
answer

Involves exploiting a computer in session to obtain unauthorized access to an organization’s network or services.
question

Peer to peer (P2P) attacks
answer

Launched by malware propagating through P2P networks. Shared command and control architecture, making it harder to detect an attack. Can be used to launch huge DoS attacks. Van be compromised by malware such as viruses and Trojans. Control all these compromised computers to launch a DDoS attack.
question

NOTE:
answer

Notable P2P programs of the past are Napster, Kazaa, and LimeWire, all of which are now either defunct or no longer P2P.
question

ARP Poisoning (Address Resolution Protocol)
answer

The mechanism by which individual hardware MAC addresses are matched to an IP address on a network. Also know as ARP spoofing, occurs when an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.
question

Physical Network Address
answer

Packets based on a unique physical address that is individually assigned to every network adapter board by the adapter’s manufacturer. No two network adapters in the world are supposed to have the same physical address.
question

Transitive Access Attacks
answer

The access given to certain members in an organization to use data on a system without the need for authenticating themselves. Attacker can access and modify the file, then that will give transitive access to all data and programs to the attacker.
question

Wireless security
answer

Any method of securing your wireless LAN network to prevent unauthorized network access and network data theft.
question

Rogue Access point
answer

An unauthorized wireless access point on a corporate or private network. Cause considerable damage to an organization’s data. Not detected easily and can allow private network access to many unauthorized users with the proper devices.
question

Jamming
answer

Also called interference, is an attack in which radio waves disrupt 802.11 wireless signals.
question

Bluejacking
answer

Method used by attackers to send out unwanted Bluetooth signals from smartphone, mobile phones, tablets, and laptops to other Bluetooth enabled devices. This is a very close-range attack.
question

Bluesnarfing
answer

Method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-feet Bluetooth transmission limit.
question

Near Field Commnication
answer

Is a standard of communication between mobile devices like smartphones and tablets in very close proximity, usually when touching or being only a few inches apart from each other.
question

War driving and war chalking
answer

Act of searching for instances of wireless networks using tracking devices suck as smartphones, tablets or laptops. War Chalking act of using symbols to mark up a sidewalk or wall to indicate the presence and status f a nearby wireless network
question

War Driving Tools
answer

NetStumbler Kismet Aircrack
question

IV Attacks (Initialization Vector)
answer

A number added to a key that constantly changes in order to prevent identical text from producing the same exact ciphertext upon encryption. Allows the attacker to predict or control the Initialization vector in order to bypass this effect.
question

Packet Sniffing
answer

Can be used as an attack on wireless network where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.
question

Wireless Relay Attack
answer

Fine it easier to capture packets over a wireless network and replay the in order to manipulate the data stream. Can also be used in conjunction with an IV attack to successfully break weak encryption.
question

Sinkhole Attacks
answer

Take advantage of routing on a wireless network by creating a single node through which all traffic goes. Individual node is able to trick the other nodes into redirecting their traffic.
question

Sinkhole Wage attack against WSN (Wireless Sensor Network)
answer

A WSN is a collection of autonomous sensor-equipped devices that monitor and old physical and environmental conditions suck as temperature, humidity levels, lighting controls, ect and forwards data through a wireless gateway to a main network location. By luring traffic destined for a base station and sending it to the compromised device, the base station receives incomplete and inaccurate sensing data.
question

Sinkhole Wage Attack against MANET (Mobile ad-hoc networks)
answer

A continuously felt-configuring network of mobile devices suck as smartphones, tablets, and laptops. Because of the changing nature of ad-hoc networks, each devices must act as a router. By falsely advertising a lower routing metric, the sinkhole attracts the majority of the MANET’s traffic and could serve as a platform for attacks such as skewing load balancing, modifying packets, or dropping packets, all of which can adversely affect upper-layer applications.
question

Physical Security
answer

To the implementation and practice of various control mechanisms that are intended to restrict physical access to facilities. 1) Facilities intrusions 2) Electrical grid failures 3) Fire 4) Personnel illnesses 5) Data Network interruptions.
question

Physical security threat and vulnerability
answer

Description
question

Internal
answer

It is important to aways consider what is happening inside an organization, especially when physical security is concerned. Disgruntled employee
question

External
answer

It is impossible for any organization to fully control external security threats. Example: power failures.
question

Natural
answer

Although natural threats are easy to overlook, they can pose a significant threat to the physical security of a facility. Tornadoes.
question

Man-made
answer

Whether international or accidental, people can cause a number of physical threats. Backhoe operator may accidentally dig up fiber optic cables.
question

Hardware attacks
answer

An attack that targets a computer’s physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling or smart card.
question

Key logging attack
answer

Uses a software or hardware to capture each keystroke a user types.

Get instant access to
all materials

Become a Member