Network Attacks and Defense Strategies

Question 1

What is an Asset

Answer 1

Anything that can be of interest to an attacker. It can be a tangible or intangible resource in an organization, often with a monetary value, which an attacker targets, to gain control of, compromise its security, etc.

Question 2

WHAT ARE TANGIBLE ASSETS

Answer 2

DATABASES, THE SERVER THAT HOSTS THE DATABASES, AND THE NETWORK THAT PROVIDES CONNECTIONS TO THE SERVER

Question 3

WHAT ARE INTANGIBLE ASSETS

Answer 3

AN ORGANIZATIONS SECRETS, CRITICAL BUSINESS PROCESSES, AND ITS REPUTATION

Question 4

WHAT IS A THREAT

Answer 4

A POTENTIAL OCCURRENCE OF AN UNDESIRABLE EVENT THAT CAN EVENTUALLY DAMAGE AND DISRUPT THE OPERATIONAL FUNCTIONAL ACTIVITIES OF AN ORGANIZATION

Question 5

EXAMPLES OF THREATS

Answer 5

CAN STEAL SENSITIVE DATA OF ORGANIZATION, CAN CAUSE SERVER TO SHUT DOWN, CAN TRICK EMPLOYEE TO REVEAL SENSITIVE INFORMATION, CAN INFECT SYSTEM WITH MALWARE

Question 6

WHAT IS A NATRUAL THREAT

Answer 6

FIRES, FLOODS, POWER FAILURES, LIGHTNING, METEORS AND EARTHQUAKES.

Question 7

UNINTENTIONAL THREATS

Answer 7

THREATS THAT EXISIT DUE TO THE POTENTIAL FOR UNINTENTIONAL ERROS OCCURING WITHIN THE ORGINAZITION.

Question 8

EXAMPLES OF UNINTENTIONAL THREATS

Answer 8

INSIDER-ORIGINATING SECURITY BREACHES, NEGLIGENCE, OPERATOR ERRORS, UNSKILLED ADMINISTRATORS, UNTRAINED EMPLOYEES, AND ACCIDENTS.

Question 9

INTERNAL THREATS

Answer 9

PERFORMED BY INSIDERS WITHIN THE ORGANIZATION SUCH AS DISGRUNTLED OR NEGLIGENT EMPLOYEES, AND HARM THE ORGANIZATION INTENTIONALLY OR UNINTENTIONALLY. MOSTLY PERFORMED BY PRIVILEGED USERS OF THE NETWORK.

Question 10

EXTERNAL THREATS

Answer 10

PERFORMED BY EXPLOITING VULNERABILITIES THAT ALREADY EXIST IN THE NETWORK, WITHOUT THE ASSISTANCE OF INSIDER EMPLOYEES. CAN INCLUDE APPLICATION AND VIRUS-BASED ATTACKS, PASSWORD-BASED ATTACKS, INSTANT MESSAGING-BASED ATTACKS, NETWORK TRAFFIC-BASED ATTACKS, AND OPERATING SYSTEM-BASED ATTACKS.

Question 11

STRUCTURED EXTERNAL THREATS

Answer 11

IMPLEMENTED BY TECHNICALLY SKILLED ATTACKERS, USING VARIOUS TOOLS TO GAIN ACCESS TO A NETWORK, TO DISRUPT SERVICES. EXAMPLES INCLUDE DISTRIBUTED ICMP FLOODS, SPOOFING, AND SIMULTANEOUSLY EXECUTING ATTACKS FROM MULTIPE SOURCES. TRACKING AND IDENTIFYING AN ATTACKER EXECUTING SUCH AN ATTACK CAN BE CHALLENGING.

Question 12

UNSTRUCTERED EXTERNAL THREATS

Answer 12

IMPLEMENTED BY UNKILLED ATTACKERS, WHO MAY BE ASPIRING HACKERS, TO ACCESS NETWORKS. MOST OF THESE THREATS ARE PERFORMED PRIMARILY OUT OF CURIOSITY, AND NOT TO ATTACK. FOR EXAMPLE, INTERNAL USERS MAY SEARCH THROUGH EXISTING DEVICES IN THEIR NETWORK OUT OF CURIOSITY. THESE CAN BE EASILY PREVENTED BY ADOPTING SECURITY SOLUTIONS SUCH AS PORT SCANNING AND ADDRESS-SWEEPING TOOLS.

Question 13

THREAT ACTORS/AGENTS

Answer 13

AN INDIVIDUAL OR ENTITY THAT BREAKS INTO A SYSTEM TO ACHIEVE A SPECIFIC GOAL SUCH AS IMPACTING THE SECURITY OF AN INDIVIDUAL OR ORGANIZATION, WHETHER INTENTIONALLY OR UNINTENTIONALLY. THIS MAY REFER TO AN ATTACKER BUT IT IS A MORE GENERIC TERM THAT MAY ALSO REFER TO AN INDIVIDUAL WHO CAUSES A SECURITY INCIDENT DUE TO NEGLIGENCE, ERROR, OR AS A RESULT OF SOCIAL ESPIONAGE. CAN BE INTERNAL OR EXTERNAL, SKILLED OR UNSKILLED.

Question 14

HACKTIVISTS

Answer 14

INDIVIDUALS WHO USE HACKING AS A MEANS TO PROMOTE A POLITICAL OR SOCIAL AGENDA, RATHER THAN FOR MONETARY GAINS. THEY TYPICALLY TEND TO DEFACE OR DISABLE WEBSITES AND BRING NETWORKS DOWN VIA DISTRIBUED DENIAL OF SERVICE ATTACKS. (DDoS)

Question 15

CYBER TERRORISTS/CRIMINALS

Answer 15

INDIVIDUALS WITH A WIDE RANGE OF SKILLS, LIKE PHISHING AND RANSOMWARE, MOTIVATED BY RELIGIOUS BELIEFS, POLITICAL BELIEFS, OR MONETARY GAINS, TO CREATE THREATS OF LARGE-SCALE DISRUPTION OF COMPUTER NETWORKS.

Question 16

SUICIDE HACKERS

Answer 16

INDIVIDUALS WHO AIM TO BRING DOWN THE CRITICAL INFRASTRUCTURE FOR A “CAUSE”, AND ARE NOT DETERRED BY POTENTIAL JAIL TERMS OR OTHER FORMS OF PUNISHMENT. THEY MAY SACRIFICE THEIR LIVES FOR AN ATTACK.

Question 17

STATE-SPONSORED HACKERS

Answer 17

INDIVUDALS EMPLOYED BY THE GOVERNMENT TO PENETRATE AND OBTAIN TOP-SECRET INFORMATION, AND TO DAMAGE THE INFORMATION SYSTEMS OF OTHER GOVERNMENTS. THESE HACKERS INFILTRATE LARGE ORGANIZATIONS TO STEAL MISSION-CRITICAL INFORMATION.

Question 18

ORGANIZED HACKERS

Answer 18

PROFESSIONAL HACKERS ATTACK A SYSTEM FOR PROFIT. THEY HACK TO OBTAIN SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, CREDIT CARD INFORMATION, AND MONETARY INFORMATION.

Question 19

SCRIPT KIDDIES

Answer 19

UNSKILLED INDIVIDUALS COMPROMISE A SYSTEM BY RUNNING SCRIPTS, TOOLS, AND SOFTWARE DEVELOPED BY PROFESSIONAL HACKERS. THEY ATTEMPT TO EMULATE THE ATTACKS OF SKILLED HACKERS.

Question 20

INDUSTRIAL SPIES

Answer 20

INDIVIDUALS WHO ATTEMPT TO ATTACK COMPANIES FOR COMMERCIAL PURPOSES. THESE ATTACKERS ARE HIRED BY BUSINESS COMPETITORS OR AGENCIES TO STEAL AN ORGANIZATIONS STRATEGY, MONEY RECORDS, AND OTHER SENSITIVE DATA.

Question 21

INSIDER THREAT ACTORS

Answer 21

INDIVIDUALS SUCH AS DISGRUNTLED EMPLOYEES AND TERMINATED EMPLOYEES, WHO INTENTIONALLY PROVIDE AN ORGANIZATION’S DATA TO OTHERS FOR MONEY OR REVENGE.

Question 22

VULNERABILITY

Answer 22

REFERS TO THE EXISTENCE OF A WEAKNESS IN THE DESIGN IMPLEMENTATION OF A SYSTEM THAT CAN BE EXPLOITED TO COMPROMISE THE SECURITY OF THE SYSTEM. A SECURITY LOOPHOLE THAT ENABLES AN ATTACKER TO ENTER THE SYSTEM BY BYPASSING USER AUTHENTICATIONS.

Question 23

COMMON CAUSES FOR VULNERABILITIES

Answer 23

HARDWARE OR SOFTWARE MISCONFIGURATION, INSECURE OR POOR DESIGN OF NETWORK, INHERENT TECHNOLOGY WEAKNESSES, END USER CARELESSNESS, INTENTIONAL END-USER ACTS.

Question 24

TECHNOLOGICAL VULNERABILITIES

Answer 24

THESE EXIST DUE TO INHERENT WEAKENESSES IN OPERATING SYSTEMS, PRINTERS, SCANNERS, OR OTHER NETWORKING EQUIPMENT. ATTACKERS CAN DETECT LOOPHOLES IN PROTOCOLS SUCH AS SMTP, FTP, AND ICMP. ATTACKERS CAN ALSO DETECT THE ABSENCE OF AUTHENTICATION IN NETWORKING EQUIPMENT LIKE SWITCHES AND ROUTERS TO EFFECT AN INTRUSION. SECURITY AUDITS BY THE NETWORK DEFENDER OR INFORMATION SECURITY OFFICER CAN HELP MONITOR SUCH IRREGULAR ACTIVITIES ON THE NETWORK.

Question 25

TCP/IP PROTOCOL VULNERABILITIES

Answer 25

HTTP, FTP, ICMP, SNMP, SMTP ARE INHERENTLY INSECURE

Question 26

OPERATING SYSTEM VULNERABILITIES

Answer 26

INHERENTLY INSECURE, NOT PATCHED WITH THE LATEST UPDATES.

Question 27

NETWORK DEVICE VULNERABILITES

Answer 27

ROUTERS, SWITCHES, AND FIREWALLS. LACK OF PASSWORD PROTECTION, LACK OF AUTHENTICATION, INSECURE ROUTING PROTOCOLS, AND FIREWALL VULNERABILITIES.

Question 28

CONFIGURATION VULNERABILITIES

Answer 28

THESE EXIST DUE TO THE MISCONFIGURATION OF COMPUTING AND NETWORK DEVICES. FOR EXAMPLE, VULNERABILITIES ARE CREATED WHEN A NETWORK DEFENDER CONFIGURES A USER ACCOUNT OR SYSTEM SERVICE INSECURELY SUCH AS BY LEAVING THE DEFAULT SETTINGS UNCHANGED OR BY IMPROPER PASSWORD MANAGEMENT.

Question 29

USER ACCOUNT VULNERABILITIES

Answer 29

ORIGINATING FROM THE INSECURE TRANSMISSION OF USER ACCOUNT DETAILS SUCH AS USERNAMES AND PASSWORDS, OVER THE NETWORK.

Question 30

SYSTEM ACCOUNT VULNERABILITES

Answer 30

ORIGINATING FROM SETTING OF WEAK PASSWORDS FOR SYSTEM ACCOUNTS.

Question 31

INTERNET SERVICE MISCONFIGURATION VULNERABILITIES

Answer 31

THESE CAN POSE SERIOUS SECURITY RISKS. FOR EXAMPLE, ENABLING JAVASCRIPT AND MISCONFIGURING IIS, APACHE, FTP, AND TERMINAL SERVICES, CAN CREATE SECURITY VULNERABILITIES IN THE NETWORK.

Question 32

DEFAULT PASSWORD AND SETTINGS VULNERABILITIES

Answer 32

LEAVING THE NETWORK DEVICES/PRODUCTS WITH THEIR DEFAULT PASSWORDS AND SETTINGS

Question 33

NETWORK DEVICE CONFIGURATION VULNERABILITIES

Answer 33

MISCONFIGURE THE NETWORK DEVICE

Question 34

SECURITY POLICY VULNERABILITIES

Answer 34

THESE EXIST WHEN THERE ARE AN IMPROPER DRAFTING AND ENFORCEMENT OF SECURITY POLICIES IN THE ORGANIZATION. LACK OF APPROPRIATE POLICY ENFORCEMENT MAY LEAD TO UNAUTHORIZED ACCESS TO NETWORK RESOURCES. FOR EXAMPLE, FAILURE TO REGULARLY MONITOR AND AUDIT THE ACTIVITIES IN A SYSTEM BY NETWORK DEFENDERS CAN ENABLE ATTACKERS TO EXPLOIT THE SYSTEM.

Question 35

UNWRITTEN POLICY VULNERABILITIES

Answer 35

POLICIES ARE DIFFICULT TO IMPLEMENT AND ENFORCE WHEN THEY HAVE BEEN UNWRITTEN.

Question 36

LACK OF CONTINUITY VULNERABILITIES

Answer 36

LACK OF CONTINUITY IN IMPLEMENTING AND ENFORCING THE SECURITY POLICY

Question 37

POLITICS VULNERABILITY

Answer 37

POLITICS MAY CAUSE CHALLENGES FOR IMPLEMENTATION OF A CONSISTENT SECURITY POLICY.

Question 38

LACK OF AWARENESS VULNERABILITY

Answer 38

LACK OF AWARENESS OF THE SECURITY POLICY.

Question 39

RISK

Answer 39

REFERS TO THE POTENTIAL LOSS OR DAMAGE THAT CAN OCCUR WHEN A THREAT TO AN ASSET EXISTS IN THE PRESENCE OF A VULNERABILITY THAT CAN BE EXPLOITED TO COMPRIMSE THE ASSET. BLANK=ASSET+THREAT+VULNERABILITY

Question 40

TYPES OF RISK/DISRUPTION OF BUSINESS

Answer 40

ATTACKS ON THE NETWORK INFRASTRUCTURE OF A BUSINESS CAN POTENTIALLY DISRUPT THE ENTIRE FUNCTIONING OF THE BUSINESS. SECURITY BREACHES CAN LEAD TO A LOSS OF CRITICAL BUSINESS AND USER INFORMATION.

Question 41

TYPES OF RISK/LOSS OF PRODUCTIVITY

Answer 41

AN EXPLOITED BUSINESS NETWORK MAY INCURE SIGNIFICANT PRODUCTION LOSSES. THE DATA LOST DUE TO AN ATTACK MUST BE RECOVERED EITHER THROUGH DATA BACKUPS, IF AVAILABLE, OR RESTORED MANUALLY BY INDIVIDUALS. THEREFORE, THE RECOVERY OF DATA AFTER NETWORK ATTACKS CAN BE A TIME-CONSUMING PROCESS.

Question 42

TYPES OF RISK/LOSS OF PRIVACY

Answer 42

THE LEAKAGE OF CONFIDENTIAL DATA CAN CAUSE CONSIDERABLE LOSSES FOR THE ORGANIZATION, AND CAN ALSO LEAD TO LEGAL CHALLENGES.

Question 43

TYPES OF RISK/THEFT OF INFORMATION

Answer 43

A SUCCESSFUL INTRUSION INTO A NETWORK CAN ENABLE ATTACKERS TO RAID THE INFORMATION AVAILABLE IN THE SYSTEM. A RAID OF PERSONAL AND PROFESSIONAL INFORMATION OF THE COMPANY'S EMPLOYEES THROUGH SUCH ATTACKS CAN AFFECT THOSE EMPLOYEES DIRECTLY. IF THE ATTACKS INTRUDE INTO A CUSTOMER DATABASE, THE CUSTOMERS ARE ALSO AFFECTED, WHICH CAN RESULT IN SIGNIFICANT COMPLICATIONS FOR THE ORGANIZATION.

Question 44

TYPES OF RISK/LEGAL LIABILITY

Answer 44

PER ELECTRONIC AND DATA SECURITY LAWS, WHICH DIFFER BETWEEN COUNTRIES, AN ORGANIZATION CAN FILE A LEGAL LAWSUIT AGAINST AN ATTACKER WHEN THEIR SECURITY IS BREACHED, IF THEY HAVE APPROPRIATE EVIDENCE OF THE INCIDENT. THIS CAN LEAD TO POTENTIAL LEGAL COSTS. CUSTOMERS MAY ALSO HAVE THE RIGHT TO FILE A LAWSUIT AGAINST THE COMPANY IF THEIR PRIVATE AND PERSONAL INFORMATION SUCH AS CREDIT CARD NUMBERS, SOCIAL SECURITY NUMBERS, AND ADDRESSES ARE STOLEN.

Question 45

TYPES OF RISK/DAMAGE TO REPUTATION AND CUSTOMER CONFIDENCE

Answer 45

ONCE THE SECURITY OF AN ORGANIZATION'S RESOURCES HAS BEEN BREACHED BY AN ATTACK, IT IS DIFFICULT TO REGAIN CUSTOMER CONFIDENCE. THEREFORE, ANY POTENTIAL THREAT TO AN ORGANIZATION'S REPUTATION CAN BE A SIGNIFICANT RISK FOR THE ORGANIZATION.

Question 46

ATTACKS

Answer 46

AN ACTION THAT IS PERFORMED WITH THE INTENT TO BREACH AN I.T. SYSTEM'S SECURITY BY EXPLOITING ITS VULNERABILITIES. THIS INVOLVES AN ATTEMPT TO OBTAIN, EDIT, REMOVE, DESTROY IMPLANT, OR REVEAL INFORMATION WITHOUT AUTHORIZED ACCESS. ALSO REFERS TO MALICIOUS SOFTWARE OR COMMANDS THAT EXPLOIT VULNERABILITIES TO CAUSE UNANTICIPATED BEHAVIOR IN LEGITIMATE SOFTWARE OR HARDWARE. BLANK= MOTIVE(GOAL) + METHOD + VULNERABILITY

Question 47

MOTIVE

Answer 47

ORIGINATES FROM THE NOTION THAT A TARGET SYSTEM STORES OR PROCESS SOMETHING VALUABLE, WHICH LEADS TO THE THREAT OF AN ATTACK ON THE SYSTEM.

Question 48

MOTIVE EXAMPLES

Answer 48

DISRUPTING BUSINESS CONTINUITY, INFORMATION THEFT, MANIPULATING DATA, DAMAGING REPUTATION, CREATING FEAR AND CHOAS, FINANCIAL LOSS, PROPAGATING RELIGIOUS OR POLITICAL BELIEFS, ACHIEVING THE STATE'S MILITARY OBJECTIVES, REVENGE, AND RANSOM.

Question 49

TTPs TACTICS, TECHNIQUES, AND PROCEDURES

Answer 49

REFERS TO THE PATTERNS OF ACTIVITIES AND METHODS ASSOCIATED WITH SPECIFIC THREAT ACTORS OR GROUPS OF THREAT ACTORS. HELPFUL IN ANALYZING THREATS AND PROFILING THREAT ACTORS AND CAN BE FURTHER USED TO STRENGTHEN THE SECURITY INFRASTRUCTURE OF AN ORGANIZATION.

Question 50

METHOD TACTICS

Answer 50

DEFINED AS A STRATEGY FOLLOWED BY AN ATTACKER TO PERFORM THE ATTACK FROM THE BEGINNING TO THE END.

Question 51

METHOD TECHNIQUES

Answer 51

DEFINES AS THE TECHNICALS METHODS USED BY AN ATTACKER TO ACHIEVE INTERMEDIATE RESULTS DURING THE ATTACK.

Question 52

METHOD PROCEDUCES

Answer 52

DEFINED AS THE SYSTEMATIC APPROACH FOLLOWED BY THE THREAT ACTORS TO LAUNCH AN ATTACK.

Question 53

RECONNAISSANCE ATTACKS

Answer 53

ATTACKERS ATTEMPT TO OBTAIN ALL THE POSSIBLE INFORMATION ABOUT A TARGET NETWORK, INCLUDING INFORMATION SYSTEMS, SERVICES, AND VULNERABILITIES THAT MAY EXIST IN THE NETWORK. TECHNIQUES USED INCLUDE SOCIAL ENGINEERING, PORT SCANNING, DNS FOOTPRINGINT, PING SWEEPING. THE PRIMARY OBJECTIVE IS COLLECTING THE TARGET'S NETWORK INFORMATION, SYSTEM INFORMATION, AND THE ORGANIZATIONAL INFORMATION. CARRIED OUT AT VARIOUS NETWORK LEVELS, THE ATTACKER GATHERS INFORMATION ON SYSTEM FEATURES SUCH AS NETWORK BLOCKS, NETWORK SERVICE AND APPLICATION, SYSTEM ARCHITECTURE, INTRUSION DETECTION SYSTEMS, SPECIFIC I.P. ADDRESSES, AND ACCESS CONTROL MECHANISMS.

Question 54

NETWORK INFORMATION OBTAINED USING RECONNAISSANCE ATTACKS

Answer 54

DOMAIN NAMES, INTERNAL DOMAIN NAMES, NETWORK BLOCKS, IP ADDRESSES OF THE REACHABLE SYSTEMS, ROGUE WEBSITES/PRIVATE WEBSITES, OPEN PORTS, VERSIONS OF RUNNING OSes, RUNNING TCP AND UDP SERVICES, ACCESS CONTROL MECHANISMS AND ACLs, NETWORKING PROTOCOLS, VPN POINTS, RUNNING FIREWALLS, ANALOG/DIGITAL TELEPHONE NUMBERS, AUTHENTICATION MECHANISMS, SYSTEM ENUMARTION.

Question 55

ACTIVE RECONNAISSANCE ATTACKS

Answer 55

THESE MOSTLY INCLUDE PORT SCANS AND OPERATING SYSTEM SCANS. HERE, THE ATTACKER USES TOOLS TO SEND PACKETS TO THE TARGET SYSTEM. FOR EXAMPLE, THE TRACEROUTE TOOL HELPS GATHER ALL THE IP ADDRESSES OF ROUTERS AND FIREWALLS. THE ATTACKER ALSO GATHERS FURTHER INFORMATION REGARDING THE SERVICES RUNNING ON THE TARGET SYSTEM.

Question 56

PASSICE RECONNAISSANCE ATTACKS

Answer 56

THESE ATTACKS GATHER INFORMATION FROM THE NETWORK TRAFFIC IN A PASSIVE MANNER. HERE, THE ATTACKERS PERFORM SNIFFING TO OBTAIN DETAILS OF VULNERABILITIES IN THE NETWORK. THE ATTACKERS USE VARIOUS TOOLS TO GAIN INFORMATION ABOUT THE TARGET.

Question 57

PACKET SNIFFING

Answer 57

MONITORS EVERY PACKET THAT PASSES THROUGH A NETWORK. THROUGH VARIOUS TOOLS, ATTACKERS CAPTURE USERNAMES, PASSWORDS, AND OTHER INFORMATION. IN PROTOCOLS LIKE TELNET AND HTTP, USER INFORMATION IS AVAILABLE IN PLAIN TEXT. CAN BE USED TO MAP THE NETWORK AND BREAK INTO A TARGET COMPUTER.

Question 58

PORT SCANNING

Answer 58

PROVIDES ATTACKERS ACCESS TO ANY OPEN PORTS ON THE TARGET MACHINE. ONCE ACCESS IS OBTAINED, AN INTRUSION CAN BE EXECUTED.

Question 59

PING SWEEPING

Answer 59

A TECHNIQUE THAT CAN LOCATE OPEN/LIVE PORTS IN A NETWORK THROUGH AN ICMP REQUEST. A WELL-CONFIGURED ACCESS CONTROL LIST (ACL) CAN PREVENT THIS IN THE NETWORK.

Question 60

DNS FOOTPRINTING

Answer 60

CAN BE USED TO GATHER INFORMATION ABOUT SPECIFIC DOMAINS AND IP ADDRESSES IN THE NETWORK, AND CAN BE PERFORMED WITH DNS QUERIES CONSISTING OF DNS LOOKUP AND WHOIS.

Question 61

SOCIAL ENGINEERING

Answer 61

REFERS TO TECHNIQUES BY WHICH UNSUSPECTING TARGET INDIVIDUALS ARE PERSUADED TO SHARE THEIR CREDENTIALS OR PERSONAL INFORMATION ON THE NETWORK. ATTACKERS THEN USER THIS INFORMATION TO PERFORM AN ATTACK ON THE TARGET.

Question 62

INTERNAL SNIFFING

Answer 62

REFERS TO SNIFFING PERFORMED BY AN INDIVIDUAL (WHO MAY BE AN EMPLOYEE OF THE FIRM) WHO IS ALREADY CONNECTED TO THE INTERNAL LAN, AND CAN RUN TOOLS TO DIRECTLY CAPTURE NETWORK TRAFFIC.

Question 63

EXTERNAL SNIFFING

Answer 63

REFERS TO SNIFFING PERFORMED BY A HACKER OUTSIDE THE TARGET NETWORK, BY INTERCEPTING PACKETS AND THE FIREWALL LEVEL TO STEAL INFORMATION.

Question 64

WIRELESS SNIFFING

Answer 64

REGARDLESS OF WHERE THE HACKERS ARE LOCATED ON THE NETWORK BEING SNIFFED, THE PROLIFERATION OF WIRELESS NETWORKS HAS MADE IT POSSIBLE TO PENETRATE A NETWORK FROM ANYWHERE WITHIN ITS PHYSICAL RANGE TO OBTAIN INFORMATION.

Question 65

MAN-IN-THE-MIDDLE ATTACK

Answer 65

A FORM OF SESSION HIJACKING ATTACK, IN WHICH ATTACKERS INTRUDE INTO AN EXISTING CONNECTION BETWEEN TWO SYSTEMS TO INTERCEPT THE MESSAGES BEING EXCHANGED, AND INJECT FRAUDULENT INFORMATION. IT IS AN EAVESDROPPING ATTACK IN WHICH THE COMMUNICATION BETWEEN TWO PARTIES IS MONITORED OR MODIFIED BY A THIRD UNAUTHORIZED PARTY.

Question 66

PASSWORD ATTACK

Answer 66

PERFORMED TO GAIN UNAUTHORIZED ACCESS OR CONTROL OVER A TARGET COMPUTER SYSTEM. ATTACKERS THEN USE THIS ACCESS TO ACCOMPLISH VARIOUS MALICIOUS OBJECTIVES SUCH AS STEALING SECRETS, MAKING SLIGHT MODIFICATIONS TO WEBSITES, STEALING CREDIT CARD DETAILS, AND OBTAINING SYSTEM PRIVILEGES.

Question 67

DICTIONARY ATTACK

Answer 67

AN ATTEMPT TO CRACK A USER PASSWORD VIA GUESSING. ATTACKERS CAN GUESS PASSWORDS USING A MANUAL OR AN AUTOMATED APPROACH. THIS ATTACK TRIES TO MATCH FREQUENTLY OCCURRING AND COMMONLY USED WORDS IN REGULAR USAGE. EXAMPLES INCLUDE PASSWORD, ROOT, ADIMINSTRATOR, ADMIN, DEMO, TEST, GUEST, QWERTY, PET NAMES, DATE OF BIRTH, CHILDREN NAMES, ADDRESSES, AND HOBBIES.

Question 68

BRUTE FORCE ATTACK

Answer 68

A LARGE NUMBER OF GUESSES ARE PERFORMED TO SUCCESSFULLY OBTAIN A PASSWORD OF THE TARGET SYSTEM. IT INVOLVES CHECKING ALL COMBINATIONS OF CHARACTERS UNTIL THE CORRECT PASSWORD IS FOUND. THESE ATTACKS ARE TIME AND RESOURCE-CONSUMING AND ARE THEREFORE MOST SUITABLE FOR OBTAINING PASSWORDS THAT ARE SMALL OR NOT COMPLEX.

Question 69

HYBRID ATTACK

Answer 69

WORKS LIKE A DICTONARY ATTACK, BUT ADDS NUMBERS AND SYMBOLS TO THE WORDS TO CRACK A PASSWORD. THESE ATTACKS GENERALIZE COMMON STRATEGIES PEOPLE ADOPT TO MAKE THEIR PASSWORDS HARD TO GUESS. THIS ATTACK BEGINS WITH A DICTIONARY TERM AND THEN GENERATES FURTHER GUESSES BY APPENDING OR PREPENDING DATES, NUMBER, ALPHANUMERIC CHARACTERS, AND SYMBOLS TO THE DICTIONARY TERM.

Question 70

BIRTHDAY ATTACK

Answer 70

A TYPE OF BRUTE-FORCE ATTACK, WHICH LEVERAGES TECHNIQUES THAT SOLVE A CLASS OF CRYPTOGRAPHIC HASH FUNCTIONS.

Question 71

RAINBOW TABLE ATTACK

Answer 71

A LARGE SET OF HASHES (ENCONDED CODES) THAT ARE PRE-MATCHED TO POSSIBLE PLAINTEXT PASSWORDS. USED BY PASSWORD CRACKING SOFTWARE TO BREACH NETWORK SECURITY. ALL COMPUTER SYSTEMS THAT REQUIRE AUTHENTICATION STORE USER ACCOUNTS AND PASSWORDS IN THE DATABASE IN ENCRYPTED FORM. IF THE ATTACKER GAINS ACCESS TO THE PASSWORD DATABASE, PASSWORD-CRACKING SOFTWARE CAN COMPARE THE RAINBOW TABLE'S LIST OF HASHES WITH HASHED PASSWORDS IN THE DATABASES.

Question 72

PRIVILEGE ESCALATION ATTACK

Answer 72

AN ATTACKER GAINS ACCESS TO THE NETWORK AND THE ASSOCIATED DATA AND APPLICATIONS BY EXPLOITING DEFECTS SUCH AS THOSE IN THE DESIGN, SOFTWARE APPLICATIONS, AND POORLY CONFIGURED OPERATING SYSTEMS. ONCE AN ATTACKER HAS GAINED ACCESS TO A REMOTE SYSTEM WITH A VALID USERNAME AND PASSWORD, THEY THEN ATTEMPT TO INCREASE THEIR PRIVILEGES.

Question 73

HORIZONTAL PRIVILEGE ESCALATION

Answer 73

THE UNAUTHORIZED USER ATTEMPTS TO ACCESS RESOURCES, FUNCTIONS, AND OTHER PRIVILEGES THAT BELONG TO AN AUTHORIZED USER WITH SIMILAR ACCESS PERMISSIONS.

Question 74

VERTICAL PRIVILEGE ESCALATION

Answer 74

THE UNAUTHORIZED USER ATTEMPTS TO GAIN ACCESS TO RESOURCES AND FUNCTIONS OF A USER WITH HIGHER PRIVILEGES SUCH AS AN APPLICATION OR SITE.

Question 75

DNS POISONING ATTACK

Answer 75

A PROCESS IN WHICH THE ATTACKER REDIRECTS THE VICTIM TO A FAKE WEBSITE BY PROVIDING FAKE DATA TO THE DNS SERVER. THE WEBSITE LOOKS SIMILAR TO THE GENUINE SITE BUT IS HOSTED IN A MALICIOUS SERVER CONTROLLED BY THE ATTACKER.

Question 76

ADDRESS RESOLUTION PROTOCOL (ARP)

Answer 76

A TCP/IP PROTOCOL THAT MAPS IP NETWORK ADDREESSES TO THE HARDWARE ADDRESSES USED BY THE DATA LINK PROTOCOL. THIS PROTOCOL CAN BE USED TO EASILY OBTAIN THE MAC (HARDWARE) ADDRESS OF ANY DEVICE WITHIN A NETWORK. APART FROM THE NETWORK SWITCH, HOST MACHINES ALSO USE THE ARP PROTOCOL FOR OBTAINING MAC ADDRESSES. ARP IS USED BY A HOST MACHINE WHEN IT NEEDS TO SEND A PACKET TO ANOTHER DEVICE AND HAS TO MENTION THE DESTINATION MAC ADDRESS IN THE PACKET.

Question 77

ARP POISONING ATTACK

Answer 77

AN ATTACK IN WHICH THE ATTACKER ATTEMPTS TO ASSOCIATE THEIR OWN MAC ADDRESS WITH THE VICTIM'S IP ADDRESS, SO THAT THE TRAFFIC MENT FOR THE IP ADDRESS IS SENT TO THE ATTACKER.

Question 78

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) STARVATION ATTACK

Answer 78

AN ATTACKER FLOODS THE DHCP SERVER BY SENDING A LARGE NUMBER OF DHCP REQUESTS WITH FAKE MAC ADDRESSES, BY USING TOOLS SUCH AS GOBBLER. THIS WILL EXHAUST ALL THE AVAILABLE IP ADDRESSES THAT THE DHCP SERVER CAN ISSUE. AS A RESULT, THE SERVER CANNOT ISSUE ANY MORE IP ADDRESSES, LEADING TO A DENIAL OF SERVICE (DoS).

Question 79

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) SPOOFING ATTACK

Answer 79

ALSO KNOWN AS A ROGUE DHCP SERVER ATTACK, AN ATTACKER INTRODUCES A ROGUE SERVER IN THE NETWORK, WHICH RESPONDS TO CLIENTS' DHCP DISCOVERY REQUESTS. BOTH THE ROGUE AND ACTUAL SERVER RESPOND TO A REQUEST, AND THE SERVER THAT RESPONDS FIRST IS ACCEPTED BY THE CLIENT.

Question 80

MAC SPOOFING ATTACK

Answer 80

ENABLE ATTACKERS TO SPREAD MALWARE, BYPASS AUTHENTICATION CHECKS, OR STEAL SENSITIVE INFORMATION. ATTACKERS SNIFF A NETWORK FOR THE MAC ADDRESSES OF LEGITIMATE CLIENTS CONNECTED TO THE NETWORK. IN THIS ATTACK, THE ATTACKER FIRST RETRIEVES THE MAC ADDRESS OF THE CLIENTS WHO ARE ACTIVELY ASSOCIATED WITH THE SWITCH PORT. THEN THE ATTACKER SPOOFS THEIR OWN MAC ADDRESS WITH THE MAC ADDRESS OF THE LEGITIMATE CLIENT.

Question 81

NETWORK-BASED DENIAL-OF-SERVICE ATTACK (DoS)

Answer 81

AN ATTACK THAT PREVENTS AUTHORIZED USERS FROM ACCESSING A COMPUTER OR NETWORK. ATTACKS THAT TARGET THE NETWORK BANDWIDTH OR CONNECTIVITY.

Question 82

DISTRIBUTED DENIAL-OF-SERVICE ATTACK (DDoS)

Answer 82

A LARGE-SCALE COORDINATED ATTACK ON THE AVAILABILITY OF SERVICES ON A TARGET'S SYSTEM OR NETWORK RESOURCES. IT IS LAUNCHED INDIRECTLY THROUGH MANY COMPROMISED COMPUTERS ON THE INTERNET.

Question 83

NETWORK-CENTRIC ATTACK

Answer 83

OVERLOADS A SERVICE BY CONSUMING BANDWIDTH

Question 84

APPLICATION-CENTRIC ATTACK

Answer 84

OVERLAODS A SERVICE BY INUNDATING IT WITH PACKETS.

Question 85

VIRUS

Answer 85

A TYPE OF PROGRAM THAT CAN MULTIPLY BY MAKING COPIES OF ITSELF. IT REPLICATES ITSELF THROUGH HOST PROGRAMS. IT REPRODUCES ITS CODE WHILE ENCLOSING OTHER EXECUTABLES, AND SPREADS THROUGH THE COMPUTER.

Question 86

TROJAN

Answer 86

A MALICIOUS PROGRAM THAT MASQUERADES AS LEGITIMATE SOFTWARE, AND CAN BE A SERIOUS THREAT TO SYSTEM SECURITY.

Question 87

ADWARE

Answer 87

A SOFTWARE PROGRAM THAT TRACKS THE USER'S BROWSING PATTERNS FOR MARKETING PURPOSES AND DISPLAYING ADVERTISEMENTS.

Question 88

SPYWARE

Answer 88

A PIECE OF SOFTWARE CODE THAT EXTRACTS USER INFORMATION AND SENDS IT TO ATTACKERS.

Question 89

ROOTKITS

Answer 89

A SOFTWARE PROGRAM THAT OBTAINS PRIVILEGED ACCESS TO A TARGET COMPUTER TO PERFORM MALICIOUS ACTIVITIES.

Question 90

BACKDOORS

Answer 90

CREATED TO COMPROMISE THE SECURITY OF TARGET SYSTEMS AND GAIN ACCESS TO A NETWORK ILLEGITIMATLEY.