Network Attacks and Defense Strategies Flashcards

1
Q

What is an Asset

A

Anything that can be of interest to an attacker. It can be a tangible or intangible resource in an organization, often with a monetary value, which an attacker targets, to gain control of, compromise its security, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WHAT ARE TANGIBLE ASSETS

A

DATABASES, THE SERVER THAT HOSTS THE DATABASES, AND THE NETWORK THAT PROVIDES CONNECTIONS TO THE SERVER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WHAT ARE INTANGIBLE ASSETS

A

AN ORGANIZATIONS SECRETS, CRITICAL BUSINESS PROCESSES, AND ITS REPUTATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WHAT IS A THREAT

A

A POTENTIAL OCCURRENCE OF AN UNDESIRABLE EVENT THAT CAN EVENTUALLY DAMAGE AND DISRUPT THE OPERATIONAL FUNCTIONAL ACTIVITIES OF AN ORGANIZATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

EXAMPLES OF THREATS

A

CAN STEAL SENSITIVE DATA OF ORGANIZATION, CAN CAUSE SERVER TO SHUT DOWN, CAN TRICK EMPLOYEE TO REVEAL SENSITIVE INFORMATION, CAN INFECT SYSTEM WITH MALWARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WHAT IS A NATRUAL THREAT

A

FIRES, FLOODS, POWER FAILURES, LIGHTNING, METEORS AND EARTHQUAKES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

UNINTENTIONAL THREATS

A

THREATS THAT EXISIT DUE TO THE POTENTIAL FOR UNINTENTIONAL ERROS OCCURING WITHIN THE ORGINAZITION.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

EXAMPLES OF UNINTENTIONAL THREATS

A

INSIDER-ORIGINATING SECURITY BREACHES, NEGLIGENCE, OPERATOR ERRORS, UNSKILLED ADMINISTRATORS, UNTRAINED EMPLOYEES, AND ACCIDENTS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

INTERNAL THREATS

A

PERFORMED BY INSIDERS WITHIN THE ORGANIZATION SUCH AS DISGRUNTLED OR NEGLIGENT EMPLOYEES, AND HARM THE ORGANIZATION INTENTIONALLY OR UNINTENTIONALLY. MOSTLY PERFORMED BY PRIVILEGED USERS OF THE NETWORK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

EXTERNAL THREATS

A

PERFORMED BY EXPLOITING VULNERABILITIES THAT ALREADY EXIST IN THE NETWORK, WITHOUT THE ASSISTANCE OF INSIDER EMPLOYEES. CAN INCLUDE APPLICATION AND VIRUS-BASED ATTACKS, PASSWORD-BASED ATTACKS, INSTANT MESSAGING-BASED ATTACKS, NETWORK TRAFFIC-BASED ATTACKS, AND OPERATING SYSTEM-BASED ATTACKS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

STRUCTURED EXTERNAL THREATS

A

IMPLEMENTED BY TECHNICALLY SKILLED ATTACKERS, USING VARIOUS TOOLS TO GAIN ACCESS TO A NETWORK, TO DISRUPT SERVICES. EXAMPLES INCLUDE DISTRIBUTED ICMP FLOODS, SPOOFING, AND SIMULTANEOUSLY EXECUTING ATTACKS FROM MULTIPE SOURCES. TRACKING AND IDENTIFYING AN ATTACKER EXECUTING SUCH AN ATTACK CAN BE CHALLENGING.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

UNSTRUCTERED EXTERNAL THREATS

A

IMPLEMENTED BY UNKILLED ATTACKERS, WHO MAY BE ASPIRING HACKERS, TO ACCESS NETWORKS. MOST OF THESE THREATS ARE PERFORMED PRIMARILY OUT OF CURIOSITY, AND NOT TO ATTACK. FOR EXAMPLE, INTERNAL USERS MAY SEARCH THROUGH EXISTING DEVICES IN THEIR NETWORK OUT OF CURIOSITY. THESE CAN BE EASILY PREVENTED BY ADOPTING SECURITY SOLUTIONS SUCH AS PORT SCANNING AND ADDRESS-SWEEPING TOOLS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

THREAT ACTORS/AGENTS

A

AN INDIVIDUAL OR ENTITY THAT BREAKS INTO A SYSTEM TO ACHIEVE A SPECIFIC GOAL SUCH AS IMPACTING THE SECURITY OF AN INDIVIDUAL OR ORGANIZATION, WHETHER INTENTIONALLY OR UNINTENTIONALLY. THIS MAY REFER TO AN ATTACKER BUT IT IS A MORE GENERIC TERM THAT MAY ALSO REFER TO AN INDIVIDUAL WHO CAUSES A SECURITY INCIDENT DUE TO NEGLIGENCE, ERROR, OR AS A RESULT OF SOCIAL ESPIONAGE. CAN BE INTERNAL OR EXTERNAL, SKILLED OR UNSKILLED.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HACKTIVISTS

A

INDIVIDUALS WHO USE HACKING AS A MEANS TO PROMOTE A POLITICAL OR SOCIAL AGENDA, RATHER THAN FOR MONETARY GAINS. THEY TYPICALLY TEND TO DEFACE OR DISABLE WEBSITES AND BRING NETWORKS DOWN VIA DISTRIBUED DENIAL OF SERVICE ATTACKS. (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CYBER TERRORISTS/CRIMINALS

A

INDIVIDUALS WITH A WIDE RANGE OF SKILLS, LIKE PHISHING AND RANSOMWARE, MOTIVATED BY RELIGIOUS BELIEFS, POLITICAL BELIEFS, OR MONETARY GAINS, TO CREATE THREATS OF LARGE-SCALE DISRUPTION OF COMPUTER NETWORKS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SUICIDE HACKERS

A

INDIVIDUALS WHO AIM TO BRING DOWN THE CRITICAL INFRASTRUCTURE FOR A “CAUSE”, AND ARE NOT DETERRED BY POTENTIAL JAIL TERMS OR OTHER FORMS OF PUNISHMENT. THEY MAY SACRIFICE THEIR LIVES FOR AN ATTACK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

STATE-SPONSORED HACKERS

A

INDIVUDALS EMPLOYED BY THE GOVERNMENT TO PENETRATE AND OBTAIN TOP-SECRET INFORMATION, AND TO DAMAGE THE INFORMATION SYSTEMS OF OTHER GOVERNMENTS. THESE HACKERS INFILTRATE LARGE ORGANIZATIONS TO STEAL MISSION-CRITICAL INFORMATION.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ORGANIZED HACKERS

A

PROFESSIONAL HACKERS ATTACK A SYSTEM FOR PROFIT. THEY HACK TO OBTAIN SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, CREDIT CARD INFORMATION, AND MONETARY INFORMATION.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SCRIPT KIDDIES

A

UNSKILLED INDIVIDUALS COMPROMISE A SYSTEM BY RUNNING SCRIPTS, TOOLS, AND SOFTWARE DEVELOPED BY PROFESSIONAL HACKERS. THEY ATTEMPT TO EMULATE THE ATTACKS OF SKILLED HACKERS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

INDUSTRIAL SPIES

A

INDIVIDUALS WHO ATTEMPT TO ATTACK COMPANIES FOR COMMERCIAL PURPOSES. THESE ATTACKERS ARE HIRED BY BUSINESS COMPETITORS OR AGENCIES TO STEAL AN ORGANIZATIONS STRATEGY, MONEY RECORDS, AND OTHER SENSITIVE DATA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

INSIDER THREAT ACTORS

A

INDIVIDUALS SUCH AS DISGRUNTLED EMPLOYEES AND TERMINATED EMPLOYEES, WHO INTENTIONALLY PROVIDE AN ORGANIZATION’S DATA TO OTHERS FOR MONEY OR REVENGE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

VULNERABILITY

A

REFERS TO THE EXISTENCE OF A WEAKNESS IN THE DESIGN IMPLEMENTATION OF A SYSTEM THAT CAN BE EXPLOITED TO COMPROMISE THE SECURITY OF THE SYSTEM. A SECURITY LOOPHOLE THAT ENABLES AN ATTACKER TO ENTER THE SYSTEM BY BYPASSING USER AUTHENTICATIONS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

COMMON CAUSES FOR VULNERABILITIES

A

HARDWARE OR SOFTWARE MISCONFIGURATION, INSECURE OR POOR DESIGN OF NETWORK, INHERENT TECHNOLOGY WEAKNESSES, END USER CARELESSNESS, INTENTIONAL END-USER ACTS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

TECHNOLOGICAL VULNERABILITIES

A

THESE EXIST DUE TO INHERENT WEAKENESSES IN OPERATING SYSTEMS, PRINTERS, SCANNERS, OR OTHER NETWORKING EQUIPMENT. ATTACKERS CAN DETECT LOOPHOLES IN PROTOCOLS SUCH AS SMTP, FTP, AND ICMP. ATTACKERS CAN ALSO DETECT THE ABSENCE OF AUTHENTICATION IN NETWORKING EQUIPMENT LIKE SWITCHES AND ROUTERS TO EFFECT AN INTRUSION. SECURITY AUDITS BY THE NETWORK DEFENDER OR INFORMATION SECURITY OFFICER CAN HELP MONITOR SUCH IRREGULAR ACTIVITIES ON THE NETWORK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

TCP/IP PROTOCOL VULNERABILITIES

A

HTTP, FTP, ICMP, SNMP, SMTP ARE INHERENTLY INSECURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

OPERATING SYSTEM VULNERABILITIES

A

INHERENTLY INSECURE, NOT PATCHED WITH THE LATEST UPDATES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

NETWORK DEVICE VULNERABILITES

A

ROUTERS, SWITCHES, AND FIREWALLS. LACK OF PASSWORD PROTECTION, LACK OF AUTHENTICATION, INSECURE ROUTING PROTOCOLS, AND FIREWALL VULNERABILITIES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

CONFIGURATION VULNERABILITIES

A

THESE EXIST DUE TO THE MISCONFIGURATION OF COMPUTING AND NETWORK DEVICES. FOR EXAMPLE, VULNERABILITIES ARE CREATED WHEN A NETWORK DEFENDER CONFIGURES A USER ACCOUNT OR SYSTEM SERVICE INSECURELY SUCH AS BY LEAVING THE DEFAULT SETTINGS UNCHANGED OR BY IMPROPER PASSWORD MANAGEMENT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

USER ACCOUNT VULNERABILITIES

A

ORIGINATING FROM THE INSECURE TRANSMISSION OF USER ACCOUNT DETAILS SUCH AS USERNAMES AND PASSWORDS, OVER THE NETWORK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

SYSTEM ACCOUNT VULNERABILITES

A

ORIGINATING FROM SETTING OF WEAK PASSWORDS FOR SYSTEM ACCOUNTS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

INTERNET SERVICE MISCONFIGURATION VULNERABILITIES

A

THESE CAN POSE SERIOUS SECURITY RISKS. FOR EXAMPLE, ENABLING JAVASCRIPT AND MISCONFIGURING IIS, APACHE, FTP, AND TERMINAL SERVICES, CAN CREATE SECURITY VULNERABILITIES IN THE NETWORK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

DEFAULT PASSWORD AND SETTINGS VULNERABILITIES

A

LEAVING THE NETWORK DEVICES/PRODUCTS WITH THEIR DEFAULT PASSWORDS AND SETTINGS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

NETWORK DEVICE CONFIGURATION VULNERABILITIES

A

MISCONFIGURE THE NETWORK DEVICE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

SECURITY POLICY VULNERABILITIES

A

THESE EXIST WHEN THERE ARE AN IMPROPER DRAFTING AND ENFORCEMENT OF SECURITY POLICIES IN THE ORGANIZATION. LACK OF APPROPRIATE POLICY ENFORCEMENT MAY LEAD TO UNAUTHORIZED ACCESS TO NETWORK RESOURCES. FOR EXAMPLE, FAILURE TO REGULARLY MONITOR AND AUDIT THE ACTIVITIES IN A SYSTEM BY NETWORK DEFENDERS CAN ENABLE ATTACKERS TO EXPLOIT THE SYSTEM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

UNWRITTEN POLICY VULNERABILITIES

A

POLICIES ARE DIFFICULT TO IMPLEMENT AND ENFORCE WHEN THEY HAVE BEEN UNWRITTEN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

LACK OF CONTINUITY VULNERABILITIES

A

LACK OF CONTINUITY IN IMPLEMENTING AND ENFORCING THE SECURITY POLICY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

POLITICS VULNERABILITY

A

POLITICS MAY CAUSE CHALLENGES FOR IMPLEMENTATION OF A CONSISTENT SECURITY POLICY.

38
Q

LACK OF AWARENESS VULNERABILITY

A

LACK OF AWARENESS OF THE SECURITY POLICY.

39
Q

RISK

A

REFERS TO THE POTENTIAL LOSS OR DAMAGE THAT CAN OCCUR WHEN A THREAT TO AN ASSET EXISTS IN THE PRESENCE OF A VULNERABILITY THAT CAN BE EXPLOITED TO COMPRIMSE THE ASSET. BLANK=ASSET+THREAT+VULNERABILITY

40
Q

TYPES OF RISK/DISRUPTION OF BUSINESS

A

ATTACKS ON THE NETWORK INFRASTRUCTURE OF A BUSINESS CAN POTENTIALLY DISRUPT THE ENTIRE FUNCTIONING OF THE BUSINESS. SECURITY BREACHES CAN LEAD TO A LOSS OF CRITICAL BUSINESS AND USER INFORMATION.

41
Q

TYPES OF RISK/LOSS OF PRODUCTIVITY

A

AN EXPLOITED BUSINESS NETWORK MAY INCURE SIGNIFICANT PRODUCTION LOSSES. THE DATA LOST DUE TO AN ATTACK MUST BE RECOVERED EITHER THROUGH DATA BACKUPS, IF AVAILABLE, OR RESTORED MANUALLY BY INDIVIDUALS. THEREFORE, THE RECOVERY OF DATA AFTER NETWORK ATTACKS CAN BE A TIME-CONSUMING PROCESS.

42
Q

TYPES OF RISK/LOSS OF PRIVACY

A

THE LEAKAGE OF CONFIDENTIAL DATA CAN CAUSE CONSIDERABLE LOSSES FOR THE ORGANIZATION, AND CAN ALSO LEAD TO LEGAL CHALLENGES.

43
Q

TYPES OF RISK/THEFT OF INFORMATION

A

A SUCCESSFUL INTRUSION INTO A NETWORK CAN ENABLE ATTACKERS TO RAID THE INFORMATION AVAILABLE IN THE SYSTEM. A RAID OF PERSONAL AND PROFESSIONAL INFORMATION OF THE COMPANY’S EMPLOYEES THROUGH SUCH ATTACKS CAN AFFECT THOSE EMPLOYEES DIRECTLY. IF THE ATTACKS INTRUDE INTO A CUSTOMER DATABASE, THE CUSTOMERS ARE ALSO AFFECTED, WHICH CAN RESULT IN SIGNIFICANT COMPLICATIONS FOR THE ORGANIZATION.

44
Q

TYPES OF RISK/LEGAL LIABILITY

A

PER ELECTRONIC AND DATA SECURITY LAWS, WHICH DIFFER BETWEEN COUNTRIES, AN ORGANIZATION CAN FILE A LEGAL LAWSUIT AGAINST AN ATTACKER WHEN THEIR SECURITY IS BREACHED, IF THEY HAVE APPROPRIATE EVIDENCE OF THE INCIDENT. THIS CAN LEAD TO POTENTIAL LEGAL COSTS. CUSTOMERS MAY ALSO HAVE THE RIGHT TO FILE A LAWSUIT AGAINST THE COMPANY IF THEIR PRIVATE AND PERSONAL INFORMATION SUCH AS CREDIT CARD NUMBERS, SOCIAL SECURITY NUMBERS, AND ADDRESSES ARE STOLEN.

45
Q

TYPES OF RISK/DAMAGE TO REPUTATION AND CUSTOMER CONFIDENCE

A

ONCE THE SECURITY OF AN ORGANIZATION’S RESOURCES HAS BEEN BREACHED BY AN ATTACK, IT IS DIFFICULT TO REGAIN CUSTOMER CONFIDENCE. THEREFORE, ANY POTENTIAL THREAT TO AN ORGANIZATION’S REPUTATION CAN BE A SIGNIFICANT RISK FOR THE ORGANIZATION.

46
Q

ATTACKS

A

AN ACTION THAT IS PERFORMED WITH THE INTENT TO BREACH AN I.T. SYSTEM’S SECURITY BY EXPLOITING ITS VULNERABILITIES. THIS INVOLVES AN ATTEMPT TO OBTAIN, EDIT, REMOVE, DESTROY IMPLANT, OR REVEAL INFORMATION WITHOUT AUTHORIZED ACCESS. ALSO REFERS TO MALICIOUS SOFTWARE OR COMMANDS THAT EXPLOIT VULNERABILITIES TO CAUSE UNANTICIPATED BEHAVIOR IN LEGITIMATE SOFTWARE OR HARDWARE. BLANK= MOTIVE(GOAL) + METHOD + VULNERABILITY

47
Q

MOTIVE

A

ORIGINATES FROM THE NOTION THAT A TARGET SYSTEM STORES OR PROCESS SOMETHING VALUABLE, WHICH LEADS TO THE THREAT OF AN ATTACK ON THE SYSTEM.

48
Q

MOTIVE EXAMPLES

A

DISRUPTING BUSINESS CONTINUITY, INFORMATION THEFT, MANIPULATING DATA, DAMAGING REPUTATION, CREATING FEAR AND CHOAS, FINANCIAL LOSS, PROPAGATING RELIGIOUS OR POLITICAL BELIEFS, ACHIEVING THE STATE’S MILITARY OBJECTIVES, REVENGE, AND RANSOM.

49
Q

TTPs TACTICS, TECHNIQUES, AND PROCEDURES

A

REFERS TO THE PATTERNS OF ACTIVITIES AND METHODS ASSOCIATED WITH SPECIFIC THREAT ACTORS OR GROUPS OF THREAT ACTORS. HELPFUL IN ANALYZING THREATS AND PROFILING THREAT ACTORS AND CAN BE FURTHER USED TO STRENGTHEN THE SECURITY INFRASTRUCTURE OF AN ORGANIZATION.

50
Q

METHOD TACTICS

A

DEFINED AS A STRATEGY FOLLOWED BY AN ATTACKER TO PERFORM THE ATTACK FROM THE BEGINNING TO THE END.

51
Q

METHOD TECHNIQUES

A

DEFINES AS THE TECHNICALS METHODS USED BY AN ATTACKER TO ACHIEVE INTERMEDIATE RESULTS DURING THE ATTACK.

52
Q

METHOD PROCEDUCES

A

DEFINED AS THE SYSTEMATIC APPROACH FOLLOWED BY THE THREAT ACTORS TO LAUNCH AN ATTACK.

53
Q

RECONNAISSANCE ATTACKS

A

ATTACKERS ATTEMPT TO OBTAIN ALL THE POSSIBLE INFORMATION ABOUT A TARGET NETWORK, INCLUDING INFORMATION SYSTEMS, SERVICES, AND VULNERABILITIES THAT MAY EXIST IN THE NETWORK. TECHNIQUES USED INCLUDE SOCIAL ENGINEERING, PORT SCANNING, DNS FOOTPRINGINT, PING SWEEPING. THE PRIMARY OBJECTIVE IS COLLECTING THE TARGET’S NETWORK INFORMATION, SYSTEM INFORMATION, AND THE ORGANIZATIONAL INFORMATION. CARRIED OUT AT VARIOUS NETWORK LEVELS, THE ATTACKER GATHERS INFORMATION ON SYSTEM FEATURES SUCH AS NETWORK BLOCKS, NETWORK SERVICE AND APPLICATION, SYSTEM ARCHITECTURE, INTRUSION DETECTION SYSTEMS, SPECIFIC I.P. ADDRESSES, AND ACCESS CONTROL MECHANISMS.

54
Q

NETWORK INFORMATION OBTAINED USING RECONNAISSANCE ATTACKS

A

DOMAIN NAMES, INTERNAL DOMAIN NAMES, NETWORK BLOCKS, IP ADDRESSES OF THE REACHABLE SYSTEMS, ROGUE WEBSITES/PRIVATE WEBSITES, OPEN PORTS, VERSIONS OF RUNNING OSes, RUNNING TCP AND UDP SERVICES, ACCESS CONTROL MECHANISMS AND ACLs, NETWORKING PROTOCOLS, VPN POINTS, RUNNING FIREWALLS, ANALOG/DIGITAL TELEPHONE NUMBERS, AUTHENTICATION MECHANISMS, SYSTEM ENUMARTION.

55
Q

ACTIVE RECONNAISSANCE ATTACKS

A

THESE MOSTLY INCLUDE PORT SCANS AND OPERATING SYSTEM SCANS. HERE, THE ATTACKER USES TOOLS TO SEND PACKETS TO THE TARGET SYSTEM. FOR EXAMPLE, THE TRACEROUTE TOOL HELPS GATHER ALL THE IP ADDRESSES OF ROUTERS AND FIREWALLS. THE ATTACKER ALSO GATHERS FURTHER INFORMATION REGARDING THE SERVICES RUNNING ON THE TARGET SYSTEM.

56
Q

PASSICE RECONNAISSANCE ATTACKS

A

THESE ATTACKS GATHER INFORMATION FROM THE NETWORK TRAFFIC IN A PASSIVE MANNER. HERE, THE ATTACKERS PERFORM SNIFFING TO OBTAIN DETAILS OF VULNERABILITIES IN THE NETWORK. THE ATTACKERS USE VARIOUS TOOLS TO GAIN INFORMATION ABOUT THE TARGET.

57
Q

PACKET SNIFFING

A

MONITORS EVERY PACKET THAT PASSES THROUGH A NETWORK. THROUGH VARIOUS TOOLS, ATTACKERS CAPTURE USERNAMES, PASSWORDS, AND OTHER INFORMATION. IN PROTOCOLS LIKE TELNET AND HTTP, USER INFORMATION IS AVAILABLE IN PLAIN TEXT. CAN BE USED TO MAP THE NETWORK AND BREAK INTO A TARGET COMPUTER.

58
Q

PORT SCANNING

A

PROVIDES ATTACKERS ACCESS TO ANY OPEN PORTS ON THE TARGET MACHINE. ONCE ACCESS IS OBTAINED, AN INTRUSION CAN BE EXECUTED.

59
Q

PING SWEEPING

A

A TECHNIQUE THAT CAN LOCATE OPEN/LIVE PORTS IN A NETWORK THROUGH AN ICMP REQUEST. A WELL-CONFIGURED ACCESS CONTROL LIST (ACL) CAN PREVENT THIS IN THE NETWORK.

60
Q

DNS FOOTPRINTING

A

CAN BE USED TO GATHER INFORMATION ABOUT SPECIFIC DOMAINS AND IP ADDRESSES IN THE NETWORK, AND CAN BE PERFORMED WITH DNS QUERIES CONSISTING OF DNS LOOKUP AND WHOIS.

61
Q

SOCIAL ENGINEERING

A

REFERS TO TECHNIQUES BY WHICH UNSUSPECTING TARGET INDIVIDUALS ARE PERSUADED TO SHARE THEIR CREDENTIALS OR PERSONAL INFORMATION ON THE NETWORK. ATTACKERS THEN USER THIS INFORMATION TO PERFORM AN ATTACK ON THE TARGET.

62
Q

INTERNAL SNIFFING

A

REFERS TO SNIFFING PERFORMED BY AN INDIVIDUAL (WHO MAY BE AN EMPLOYEE OF THE FIRM) WHO IS ALREADY CONNECTED TO THE INTERNAL LAN, AND CAN RUN TOOLS TO DIRECTLY CAPTURE NETWORK TRAFFIC.

63
Q

EXTERNAL SNIFFING

A

REFERS TO SNIFFING PERFORMED BY A HACKER OUTSIDE THE TARGET NETWORK, BY INTERCEPTING PACKETS AND THE FIREWALL LEVEL TO STEAL INFORMATION.

64
Q

WIRELESS SNIFFING

A

REGARDLESS OF WHERE THE HACKERS ARE LOCATED ON THE NETWORK BEING SNIFFED, THE PROLIFERATION OF WIRELESS NETWORKS HAS MADE IT POSSIBLE TO PENETRATE A NETWORK FROM ANYWHERE WITHIN ITS PHYSICAL RANGE TO OBTAIN INFORMATION.

65
Q

MAN-IN-THE-MIDDLE ATTACK

A

A FORM OF SESSION HIJACKING ATTACK, IN WHICH ATTACKERS INTRUDE INTO AN EXISTING CONNECTION BETWEEN TWO SYSTEMS TO INTERCEPT THE MESSAGES BEING EXCHANGED, AND INJECT FRAUDULENT INFORMATION. IT IS AN EAVESDROPPING ATTACK IN WHICH THE COMMUNICATION BETWEEN TWO PARTIES IS MONITORED OR MODIFIED BY A THIRD UNAUTHORIZED PARTY.

66
Q

PASSWORD ATTACK

A

PERFORMED TO GAIN UNAUTHORIZED ACCESS OR CONTROL OVER A TARGET COMPUTER SYSTEM. ATTACKERS THEN USE THIS ACCESS TO ACCOMPLISH VARIOUS MALICIOUS OBJECTIVES SUCH AS STEALING SECRETS, MAKING SLIGHT MODIFICATIONS TO WEBSITES, STEALING CREDIT CARD DETAILS, AND OBTAINING SYSTEM PRIVILEGES.

67
Q

DICTIONARY ATTACK

A

AN ATTEMPT TO CRACK A USER PASSWORD VIA GUESSING. ATTACKERS CAN GUESS PASSWORDS USING A MANUAL OR AN AUTOMATED APPROACH. THIS ATTACK TRIES TO MATCH FREQUENTLY OCCURRING AND COMMONLY USED WORDS IN REGULAR USAGE. EXAMPLES INCLUDE PASSWORD, ROOT, ADIMINSTRATOR, ADMIN, DEMO, TEST, GUEST, QWERTY, PET NAMES, DATE OF BIRTH, CHILDREN NAMES, ADDRESSES, AND HOBBIES.

68
Q

BRUTE FORCE ATTACK

A

A LARGE NUMBER OF GUESSES ARE PERFORMED TO SUCCESSFULLY OBTAIN A PASSWORD OF THE TARGET SYSTEM. IT INVOLVES CHECKING ALL COMBINATIONS OF CHARACTERS UNTIL THE CORRECT PASSWORD IS FOUND. THESE ATTACKS ARE TIME AND RESOURCE-CONSUMING AND ARE THEREFORE MOST SUITABLE FOR OBTAINING PASSWORDS THAT ARE SMALL OR NOT COMPLEX.

69
Q

HYBRID ATTACK

A

WORKS LIKE A DICTONARY ATTACK, BUT ADDS NUMBERS AND SYMBOLS TO THE WORDS TO CRACK A PASSWORD. THESE ATTACKS GENERALIZE COMMON STRATEGIES PEOPLE ADOPT TO MAKE THEIR PASSWORDS HARD TO GUESS. THIS ATTACK BEGINS WITH A DICTIONARY TERM AND THEN GENERATES FURTHER GUESSES BY APPENDING OR PREPENDING DATES, NUMBER, ALPHANUMERIC CHARACTERS, AND SYMBOLS TO THE DICTIONARY TERM.

70
Q

BIRTHDAY ATTACK

A

A TYPE OF BRUTE-FORCE ATTACK, WHICH LEVERAGES TECHNIQUES THAT SOLVE A CLASS OF CRYPTOGRAPHIC HASH FUNCTIONS.

71
Q

RAINBOW TABLE ATTACK

A

A LARGE SET OF HASHES (ENCONDED CODES) THAT ARE PRE-MATCHED TO POSSIBLE PLAINTEXT PASSWORDS. USED BY PASSWORD CRACKING SOFTWARE TO BREACH NETWORK SECURITY. ALL COMPUTER SYSTEMS THAT REQUIRE AUTHENTICATION STORE USER ACCOUNTS AND PASSWORDS IN THE DATABASE IN ENCRYPTED FORM. IF THE ATTACKER GAINS ACCESS TO THE PASSWORD DATABASE, PASSWORD-CRACKING SOFTWARE CAN COMPARE THE RAINBOW TABLE’S LIST OF HASHES WITH HASHED PASSWORDS IN THE DATABASES.

72
Q

PRIVILEGE ESCALATION ATTACK

A

AN ATTACKER GAINS ACCESS TO THE NETWORK AND THE ASSOCIATED DATA AND APPLICATIONS BY EXPLOITING DEFECTS SUCH AS THOSE IN THE DESIGN, SOFTWARE APPLICATIONS, AND POORLY CONFIGURED OPERATING SYSTEMS. ONCE AN ATTACKER HAS GAINED ACCESS TO A REMOTE SYSTEM WITH A VALID USERNAME AND PASSWORD, THEY THEN ATTEMPT TO INCREASE THEIR PRIVILEGES.

73
Q

HORIZONTAL PRIVILEGE ESCALATION

A

THE UNAUTHORIZED USER ATTEMPTS TO ACCESS RESOURCES, FUNCTIONS, AND OTHER PRIVILEGES THAT BELONG TO AN AUTHORIZED USER WITH SIMILAR ACCESS PERMISSIONS.

74
Q

VERTICAL PRIVILEGE ESCALATION

A

THE UNAUTHORIZED USER ATTEMPTS TO GAIN ACCESS TO RESOURCES AND FUNCTIONS OF A USER WITH HIGHER PRIVILEGES SUCH AS AN APPLICATION OR SITE.

75
Q

DNS POISONING ATTACK

A

A PROCESS IN WHICH THE ATTACKER REDIRECTS THE VICTIM TO A FAKE WEBSITE BY PROVIDING FAKE DATA TO THE DNS SERVER. THE WEBSITE LOOKS SIMILAR TO THE GENUINE SITE BUT IS HOSTED IN A MALICIOUS SERVER CONTROLLED BY THE ATTACKER.

76
Q

ADDRESS RESOLUTION PROTOCOL (ARP)

A

A TCP/IP PROTOCOL THAT MAPS IP NETWORK ADDREESSES TO THE HARDWARE ADDRESSES USED BY THE DATA LINK PROTOCOL. THIS PROTOCOL CAN BE USED TO EASILY OBTAIN THE MAC (HARDWARE) ADDRESS OF ANY DEVICE WITHIN A NETWORK. APART FROM THE NETWORK SWITCH, HOST MACHINES ALSO USE THE ARP PROTOCOL FOR OBTAINING MAC ADDRESSES. ARP IS USED BY A HOST MACHINE WHEN IT NEEDS TO SEND A PACKET TO ANOTHER DEVICE AND HAS TO MENTION THE DESTINATION MAC ADDRESS IN THE PACKET.

77
Q

ARP POISONING ATTACK

A

AN ATTACK IN WHICH THE ATTACKER ATTEMPTS TO ASSOCIATE THEIR OWN MAC ADDRESS WITH THE VICTIM’S IP ADDRESS, SO THAT THE TRAFFIC MENT FOR THE IP ADDRESS IS SENT TO THE ATTACKER.

78
Q

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) STARVATION ATTACK

A

AN ATTACKER FLOODS THE DHCP SERVER BY SENDING A LARGE NUMBER OF DHCP REQUESTS WITH FAKE MAC ADDRESSES, BY USING TOOLS SUCH AS GOBBLER. THIS WILL EXHAUST ALL THE AVAILABLE IP ADDRESSES THAT THE DHCP SERVER CAN ISSUE. AS A RESULT, THE SERVER CANNOT ISSUE ANY MORE IP ADDRESSES, LEADING TO A DENIAL OF SERVICE (DoS).

79
Q

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) SPOOFING ATTACK

A

ALSO KNOWN AS A ROGUE DHCP SERVER ATTACK, AN ATTACKER INTRODUCES A ROGUE SERVER IN THE NETWORK, WHICH RESPONDS TO CLIENTS’ DHCP DISCOVERY REQUESTS. BOTH THE ROGUE AND ACTUAL SERVER RESPOND TO A REQUEST, AND THE SERVER THAT RESPONDS FIRST IS ACCEPTED BY THE CLIENT.

80
Q

MAC SPOOFING ATTACK

A

ENABLE ATTACKERS TO SPREAD MALWARE, BYPASS AUTHENTICATION CHECKS, OR STEAL SENSITIVE INFORMATION. ATTACKERS SNIFF A NETWORK FOR THE MAC ADDRESSES OF LEGITIMATE CLIENTS CONNECTED TO THE NETWORK. IN THIS ATTACK, THE ATTACKER FIRST RETRIEVES THE MAC ADDRESS OF THE CLIENTS WHO ARE ACTIVELY ASSOCIATED WITH THE SWITCH PORT. THEN THE ATTACKER SPOOFS THEIR OWN MAC ADDRESS WITH THE MAC ADDRESS OF THE LEGITIMATE CLIENT.

81
Q

NETWORK-BASED DENIAL-OF-SERVICE ATTACK (DoS)

A

AN ATTACK THAT PREVENTS AUTHORIZED USERS FROM ACCESSING A COMPUTER OR NETWORK. ATTACKS THAT TARGET THE NETWORK BANDWIDTH OR CONNECTIVITY.

82
Q

DISTRIBUTED DENIAL-OF-SERVICE ATTACK (DDoS)

A

A LARGE-SCALE COORDINATED ATTACK ON THE AVAILABILITY OF SERVICES ON A TARGET’S SYSTEM OR NETWORK RESOURCES. IT IS LAUNCHED INDIRECTLY THROUGH MANY COMPROMISED COMPUTERS ON THE INTERNET.

83
Q

NETWORK-CENTRIC ATTACK

A

OVERLOADS A SERVICE BY CONSUMING BANDWIDTH

84
Q

APPLICATION-CENTRIC ATTACK

A

OVERLAODS A SERVICE BY INUNDATING IT WITH PACKETS.

85
Q

VIRUS

A

A TYPE OF PROGRAM THAT CAN MULTIPLY BY MAKING COPIES OF ITSELF. IT REPLICATES ITSELF THROUGH HOST PROGRAMS. IT REPRODUCES ITS CODE WHILE ENCLOSING OTHER EXECUTABLES, AND SPREADS THROUGH THE COMPUTER.

86
Q

TROJAN

A

A MALICIOUS PROGRAM THAT MASQUERADES AS LEGITIMATE SOFTWARE, AND CAN BE A SERIOUS THREAT TO SYSTEM SECURITY.

87
Q

ADWARE

A

A SOFTWARE PROGRAM THAT TRACKS THE USER’S BROWSING PATTERNS FOR MARKETING PURPOSES AND DISPLAYING ADVERTISEMENTS.

88
Q

SPYWARE

A

A PIECE OF SOFTWARE CODE THAT EXTRACTS USER INFORMATION AND SENDS IT TO ATTACKERS.

89
Q

ROOTKITS

A

A SOFTWARE PROGRAM THAT OBTAINS PRIVILEGED ACCESS TO A TARGET COMPUTER TO PERFORM MALICIOUS ACTIVITIES.

90
Q

BACKDOORS

A

CREATED TO COMPROMISE THE SECURITY OF TARGET SYSTEMS AND GAIN ACCESS TO A NETWORK ILLEGITIMATLEY.

91
Q
A