5.13 Information System Attack Methods& Techniques Flashcards
What is alteration attack ?
When unauthorised modification affect the integrity of the data/code. Cryptographic hash is a primary défense against alteration attack
What is botnets ?
A collection of compromised computers (called zombie computers) running software usually worms , Trojan horses or back doors. (Eg. DoS attacks, adware, spyware and spam)
What is a Denial of Service (DoS) attack?
Attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. Eg. Buffer overflows, brute force, DDos, ping flood, teardrop attack etc
What is Dial-in penetration attack/ war dialing ?
An intruder determine the dial phone nb ranges from an external sources (internet). Information can also be obtain using social engineering
What is eavesdropping ?
happen when cyber criminals or attackers listen in to network traffic traveling over computers, servers, mobile devices and Internet of Things (IoT) devices.
What is email attacks and techniques ?
Attack that occurs via emails: email bombing (abuser repeatedly send identical email to an address), spam, email spoofing, phishing
What is flooding ?
DoS attack that bring down a network/service by flooding it with a large amount of traffic. The host memory buffer is filled by flooding it with connection that cannot be completed
What is a buffer overflow ?
Consumes the available memory or CPU time
What is a interupt attack ?
When malicious action is performed by invoking the OS to execute a particular system call
What is juice jacking ?
type of compromise of devices like phones and tablets which use the same cable for charging and data transfer, typically a USB cable. The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data.
What is malicious code ?
Différent types:
Trojan > programs that are disguised as useful programs and once executed performs action that the user did not intend (eg opening ports etc)
Logic bomb > program that is triggered when certains condition, time or event occurs. They can also be used by admin to trap attacker (honey token) cos they look vulnerable
Trap (back) door > bits of code embedded in programs by programmers to quickly gain access during testing or debugging. Can be a security home if not removed
What is man in the middle attack ?
an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them.
What is masquerading ?
The intruder present an identity other than the original identity in order to gain access to data that cannot be accessed under the original identity
What is message modification ?
Capturing of a message and making unauthorised changes or deletion
What is network analysis ?
Gathering information on an organisation’s network to reveal vulnerability (known as footprint)
