CHAPTER 5.1 Flashcards
Common Type of Attacks
Network scanner applications that probe systems for unguarded ports, which can used to gain
access to the system.
Common Type of Attacks
Trojan horse
* applications that open a connection to a computer on the Internet, enabling
an attacker on the outside to run programs and store/retrieve data.
Common Type of Attack
Social engineering
* Attackers obtain passwords by illicit means and then use remote access
technologies to log on to a computer from another location and compromise
its data and programming.
Common Type of Attack
Denial of service attacks
* uses authorized access points to bombard a system with traffic, preventing
legitimate traffic from reaching the computer
Motivation for Network Attacks
Profit .An individual who wants to hack valuable information for
resale or obtain a ransom to stop an attack
Motivation for Network Attacks
Revenge A discontented employee who feels offended by an
organization
Motivation for Network Attacks
Publicity A person or team that performs a high-profile attack to
obtain notoriety
Motivation for Network Attacks
Espionage A person who spies on government or organizations to
obtain network information
Motivation for Network Attacks
Personal satisfaction A person or team that may attack networks as a hobby or
to boost their egos
Motivation for Network Attacks
Terrorism A person or group that may impair societal infrastructure
and apply pressure on groups or governments
Common Network Vulnerabilities
Account passwords * Password is either too simple or shared among users
Audit settings.
. Auditing is not enabled, thus unable to detect or
report an attack that has occurred
User rights
User rights are not restricted to the minimum
User rights requirements to perform necessary tasks
Service
Any service or application may have flaws, making the
computer vulnerable to attacks
Key Security Principles
Defense-in-Depth * Provide multiple layers of protection
Key Security Principles
Least privilege
* Grant the least amount of permission necessary to
perform required tasks
Key Security Principles
Minimized attack surface
* Reduce the number of vulnerable points on the
network