Network Attacks and Defense Strategies Flashcards
What is an Asset
Anything that can be of interest to an attacker. It can be a tangible or intangible resource in an organization, often with a monetary value, which an attacker targets, to gain control of, compromise its security, etc.
WHAT ARE TANGIBLE ASSETS
DATABASES, THE SERVER THAT HOSTS THE DATABASES, AND THE NETWORK THAT PROVIDES CONNECTIONS TO THE SERVER
WHAT ARE INTANGIBLE ASSETS
AN ORGANIZATIONS SECRETS, CRITICAL BUSINESS PROCESSES, AND ITS REPUTATION
WHAT IS A THREAT
A POTENTIAL OCCURRENCE OF AN UNDESIRABLE EVENT THAT CAN EVENTUALLY DAMAGE AND DISRUPT THE OPERATIONAL FUNCTIONAL ACTIVITIES OF AN ORGANIZATION
EXAMPLES OF THREATS
CAN STEAL SENSITIVE DATA OF ORGANIZATION, CAN CAUSE SERVER TO SHUT DOWN, CAN TRICK EMPLOYEE TO REVEAL SENSITIVE INFORMATION, CAN INFECT SYSTEM WITH MALWARE
WHAT IS A NATRUAL THREAT
FIRES, FLOODS, POWER FAILURES, LIGHTNING, METEORS AND EARTHQUAKES.
UNINTENTIONAL THREATS
THREATS THAT EXISIT DUE TO THE POTENTIAL FOR UNINTENTIONAL ERROS OCCURING WITHIN THE ORGINAZITION.
EXAMPLES OF UNINTENTIONAL THREATS
INSIDER-ORIGINATING SECURITY BREACHES, NEGLIGENCE, OPERATOR ERRORS, UNSKILLED ADMINISTRATORS, UNTRAINED EMPLOYEES, AND ACCIDENTS.
INTERNAL THREATS
PERFORMED BY INSIDERS WITHIN THE ORGANIZATION SUCH AS DISGRUNTLED OR NEGLIGENT EMPLOYEES, AND HARM THE ORGANIZATION INTENTIONALLY OR UNINTENTIONALLY. MOSTLY PERFORMED BY PRIVILEGED USERS OF THE NETWORK.
EXTERNAL THREATS
PERFORMED BY EXPLOITING VULNERABILITIES THAT ALREADY EXIST IN THE NETWORK, WITHOUT THE ASSISTANCE OF INSIDER EMPLOYEES. CAN INCLUDE APPLICATION AND VIRUS-BASED ATTACKS, PASSWORD-BASED ATTACKS, INSTANT MESSAGING-BASED ATTACKS, NETWORK TRAFFIC-BASED ATTACKS, AND OPERATING SYSTEM-BASED ATTACKS.
STRUCTURED EXTERNAL THREATS
IMPLEMENTED BY TECHNICALLY SKILLED ATTACKERS, USING VARIOUS TOOLS TO GAIN ACCESS TO A NETWORK, TO DISRUPT SERVICES. EXAMPLES INCLUDE DISTRIBUTED ICMP FLOODS, SPOOFING, AND SIMULTANEOUSLY EXECUTING ATTACKS FROM MULTIPE SOURCES. TRACKING AND IDENTIFYING AN ATTACKER EXECUTING SUCH AN ATTACK CAN BE CHALLENGING.
UNSTRUCTERED EXTERNAL THREATS
IMPLEMENTED BY UNKILLED ATTACKERS, WHO MAY BE ASPIRING HACKERS, TO ACCESS NETWORKS. MOST OF THESE THREATS ARE PERFORMED PRIMARILY OUT OF CURIOSITY, AND NOT TO ATTACK. FOR EXAMPLE, INTERNAL USERS MAY SEARCH THROUGH EXISTING DEVICES IN THEIR NETWORK OUT OF CURIOSITY. THESE CAN BE EASILY PREVENTED BY ADOPTING SECURITY SOLUTIONS SUCH AS PORT SCANNING AND ADDRESS-SWEEPING TOOLS.
THREAT ACTORS/AGENTS
AN INDIVIDUAL OR ENTITY THAT BREAKS INTO A SYSTEM TO ACHIEVE A SPECIFIC GOAL SUCH AS IMPACTING THE SECURITY OF AN INDIVIDUAL OR ORGANIZATION, WHETHER INTENTIONALLY OR UNINTENTIONALLY. THIS MAY REFER TO AN ATTACKER BUT IT IS A MORE GENERIC TERM THAT MAY ALSO REFER TO AN INDIVIDUAL WHO CAUSES A SECURITY INCIDENT DUE TO NEGLIGENCE, ERROR, OR AS A RESULT OF SOCIAL ESPIONAGE. CAN BE INTERNAL OR EXTERNAL, SKILLED OR UNSKILLED.
HACKTIVISTS
INDIVIDUALS WHO USE HACKING AS A MEANS TO PROMOTE A POLITICAL OR SOCIAL AGENDA, RATHER THAN FOR MONETARY GAINS. THEY TYPICALLY TEND TO DEFACE OR DISABLE WEBSITES AND BRING NETWORKS DOWN VIA DISTRIBUED DENIAL OF SERVICE ATTACKS. (DDoS)
CYBER TERRORISTS/CRIMINALS
INDIVIDUALS WITH A WIDE RANGE OF SKILLS, LIKE PHISHING AND RANSOMWARE, MOTIVATED BY RELIGIOUS BELIEFS, POLITICAL BELIEFS, OR MONETARY GAINS, TO CREATE THREATS OF LARGE-SCALE DISRUPTION OF COMPUTER NETWORKS.
SUICIDE HACKERS
INDIVIDUALS WHO AIM TO BRING DOWN THE CRITICAL INFRASTRUCTURE FOR A “CAUSE”, AND ARE NOT DETERRED BY POTENTIAL JAIL TERMS OR OTHER FORMS OF PUNISHMENT. THEY MAY SACRIFICE THEIR LIVES FOR AN ATTACK.
STATE-SPONSORED HACKERS
INDIVUDALS EMPLOYED BY THE GOVERNMENT TO PENETRATE AND OBTAIN TOP-SECRET INFORMATION, AND TO DAMAGE THE INFORMATION SYSTEMS OF OTHER GOVERNMENTS. THESE HACKERS INFILTRATE LARGE ORGANIZATIONS TO STEAL MISSION-CRITICAL INFORMATION.
ORGANIZED HACKERS
PROFESSIONAL HACKERS ATTACK A SYSTEM FOR PROFIT. THEY HACK TO OBTAIN SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, CREDIT CARD INFORMATION, AND MONETARY INFORMATION.
SCRIPT KIDDIES
UNSKILLED INDIVIDUALS COMPROMISE A SYSTEM BY RUNNING SCRIPTS, TOOLS, AND SOFTWARE DEVELOPED BY PROFESSIONAL HACKERS. THEY ATTEMPT TO EMULATE THE ATTACKS OF SKILLED HACKERS.
INDUSTRIAL SPIES
INDIVIDUALS WHO ATTEMPT TO ATTACK COMPANIES FOR COMMERCIAL PURPOSES. THESE ATTACKERS ARE HIRED BY BUSINESS COMPETITORS OR AGENCIES TO STEAL AN ORGANIZATIONS STRATEGY, MONEY RECORDS, AND OTHER SENSITIVE DATA.
INSIDER THREAT ACTORS
INDIVIDUALS SUCH AS DISGRUNTLED EMPLOYEES AND TERMINATED EMPLOYEES, WHO INTENTIONALLY PROVIDE AN ORGANIZATION’S DATA TO OTHERS FOR MONEY OR REVENGE.
VULNERABILITY
REFERS TO THE EXISTENCE OF A WEAKNESS IN THE DESIGN IMPLEMENTATION OF A SYSTEM THAT CAN BE EXPLOITED TO COMPROMISE THE SECURITY OF THE SYSTEM. A SECURITY LOOPHOLE THAT ENABLES AN ATTACKER TO ENTER THE SYSTEM BY BYPASSING USER AUTHENTICATIONS.
COMMON CAUSES FOR VULNERABILITIES
HARDWARE OR SOFTWARE MISCONFIGURATION, INSECURE OR POOR DESIGN OF NETWORK, INHERENT TECHNOLOGY WEAKNESSES, END USER CARELESSNESS, INTENTIONAL END-USER ACTS.
TECHNOLOGICAL VULNERABILITIES
THESE EXIST DUE TO INHERENT WEAKENESSES IN OPERATING SYSTEMS, PRINTERS, SCANNERS, OR OTHER NETWORKING EQUIPMENT. ATTACKERS CAN DETECT LOOPHOLES IN PROTOCOLS SUCH AS SMTP, FTP, AND ICMP. ATTACKERS CAN ALSO DETECT THE ABSENCE OF AUTHENTICATION IN NETWORKING EQUIPMENT LIKE SWITCHES AND ROUTERS TO EFFECT AN INTRUSION. SECURITY AUDITS BY THE NETWORK DEFENDER OR INFORMATION SECURITY OFFICER CAN HELP MONITOR SUCH IRREGULAR ACTIVITIES ON THE NETWORK.
TCP/IP PROTOCOL VULNERABILITIES
HTTP, FTP, ICMP, SNMP, SMTP ARE INHERENTLY INSECURE
OPERATING SYSTEM VULNERABILITIES
INHERENTLY INSECURE, NOT PATCHED WITH THE LATEST UPDATES.
NETWORK DEVICE VULNERABILITES
ROUTERS, SWITCHES, AND FIREWALLS. LACK OF PASSWORD PROTECTION, LACK OF AUTHENTICATION, INSECURE ROUTING PROTOCOLS, AND FIREWALL VULNERABILITIES.
CONFIGURATION VULNERABILITIES
THESE EXIST DUE TO THE MISCONFIGURATION OF COMPUTING AND NETWORK DEVICES. FOR EXAMPLE, VULNERABILITIES ARE CREATED WHEN A NETWORK DEFENDER CONFIGURES A USER ACCOUNT OR SYSTEM SERVICE INSECURELY SUCH AS BY LEAVING THE DEFAULT SETTINGS UNCHANGED OR BY IMPROPER PASSWORD MANAGEMENT.
USER ACCOUNT VULNERABILITIES
ORIGINATING FROM THE INSECURE TRANSMISSION OF USER ACCOUNT DETAILS SUCH AS USERNAMES AND PASSWORDS, OVER THE NETWORK.
SYSTEM ACCOUNT VULNERABILITES
ORIGINATING FROM SETTING OF WEAK PASSWORDS FOR SYSTEM ACCOUNTS.
INTERNET SERVICE MISCONFIGURATION VULNERABILITIES
THESE CAN POSE SERIOUS SECURITY RISKS. FOR EXAMPLE, ENABLING JAVASCRIPT AND MISCONFIGURING IIS, APACHE, FTP, AND TERMINAL SERVICES, CAN CREATE SECURITY VULNERABILITIES IN THE NETWORK.
DEFAULT PASSWORD AND SETTINGS VULNERABILITIES
LEAVING THE NETWORK DEVICES/PRODUCTS WITH THEIR DEFAULT PASSWORDS AND SETTINGS
NETWORK DEVICE CONFIGURATION VULNERABILITIES
MISCONFIGURE THE NETWORK DEVICE
SECURITY POLICY VULNERABILITIES
THESE EXIST WHEN THERE ARE AN IMPROPER DRAFTING AND ENFORCEMENT OF SECURITY POLICIES IN THE ORGANIZATION. LACK OF APPROPRIATE POLICY ENFORCEMENT MAY LEAD TO UNAUTHORIZED ACCESS TO NETWORK RESOURCES. FOR EXAMPLE, FAILURE TO REGULARLY MONITOR AND AUDIT THE ACTIVITIES IN A SYSTEM BY NETWORK DEFENDERS CAN ENABLE ATTACKERS TO EXPLOIT THE SYSTEM.
UNWRITTEN POLICY VULNERABILITIES
POLICIES ARE DIFFICULT TO IMPLEMENT AND ENFORCE WHEN THEY HAVE BEEN UNWRITTEN.
LACK OF CONTINUITY VULNERABILITIES
LACK OF CONTINUITY IN IMPLEMENTING AND ENFORCING THE SECURITY POLICY
POLITICS VULNERABILITY
POLITICS MAY CAUSE CHALLENGES FOR IMPLEMENTATION OF A CONSISTENT SECURITY POLICY.
LACK OF AWARENESS VULNERABILITY
LACK OF AWARENESS OF THE SECURITY POLICY.
RISK
REFERS TO THE POTENTIAL LOSS OR DAMAGE THAT CAN OCCUR WHEN A THREAT TO AN ASSET EXISTS IN THE PRESENCE OF A VULNERABILITY THAT CAN BE EXPLOITED TO COMPRIMSE THE ASSET. BLANK=ASSET+THREAT+VULNERABILITY
TYPES OF RISK/DISRUPTION OF BUSINESS
ATTACKS ON THE NETWORK INFRASTRUCTURE OF A BUSINESS CAN POTENTIALLY DISRUPT THE ENTIRE FUNCTIONING OF THE BUSINESS. SECURITY BREACHES CAN LEAD TO A LOSS OF CRITICAL BUSINESS AND USER INFORMATION.
TYPES OF RISK/LOSS OF PRODUCTIVITY
AN EXPLOITED BUSINESS NETWORK MAY INCURE SIGNIFICANT PRODUCTION LOSSES. THE DATA LOST DUE TO AN ATTACK MUST BE RECOVERED EITHER THROUGH DATA BACKUPS, IF AVAILABLE, OR RESTORED MANUALLY BY INDIVIDUALS. THEREFORE, THE RECOVERY OF DATA AFTER NETWORK ATTACKS CAN BE A TIME-CONSUMING PROCESS.
TYPES OF RISK/LOSS OF PRIVACY
THE LEAKAGE OF CONFIDENTIAL DATA CAN CAUSE CONSIDERABLE LOSSES FOR THE ORGANIZATION, AND CAN ALSO LEAD TO LEGAL CHALLENGES.
TYPES OF RISK/THEFT OF INFORMATION
A SUCCESSFUL INTRUSION INTO A NETWORK CAN ENABLE ATTACKERS TO RAID THE INFORMATION AVAILABLE IN THE SYSTEM. A RAID OF PERSONAL AND PROFESSIONAL INFORMATION OF THE COMPANY’S EMPLOYEES THROUGH SUCH ATTACKS CAN AFFECT THOSE EMPLOYEES DIRECTLY. IF THE ATTACKS INTRUDE INTO A CUSTOMER DATABASE, THE CUSTOMERS ARE ALSO AFFECTED, WHICH CAN RESULT IN SIGNIFICANT COMPLICATIONS FOR THE ORGANIZATION.
TYPES OF RISK/LEGAL LIABILITY
PER ELECTRONIC AND DATA SECURITY LAWS, WHICH DIFFER BETWEEN COUNTRIES, AN ORGANIZATION CAN FILE A LEGAL LAWSUIT AGAINST AN ATTACKER WHEN THEIR SECURITY IS BREACHED, IF THEY HAVE APPROPRIATE EVIDENCE OF THE INCIDENT. THIS CAN LEAD TO POTENTIAL LEGAL COSTS. CUSTOMERS MAY ALSO HAVE THE RIGHT TO FILE A LAWSUIT AGAINST THE COMPANY IF THEIR PRIVATE AND PERSONAL INFORMATION SUCH AS CREDIT CARD NUMBERS, SOCIAL SECURITY NUMBERS, AND ADDRESSES ARE STOLEN.
TYPES OF RISK/DAMAGE TO REPUTATION AND CUSTOMER CONFIDENCE
ONCE THE SECURITY OF AN ORGANIZATION’S RESOURCES HAS BEEN BREACHED BY AN ATTACK, IT IS DIFFICULT TO REGAIN CUSTOMER CONFIDENCE. THEREFORE, ANY POTENTIAL THREAT TO AN ORGANIZATION’S REPUTATION CAN BE A SIGNIFICANT RISK FOR THE ORGANIZATION.
ATTACKS
AN ACTION THAT IS PERFORMED WITH THE INTENT TO BREACH AN I.T. SYSTEM’S SECURITY BY EXPLOITING ITS VULNERABILITIES. THIS INVOLVES AN ATTEMPT TO OBTAIN, EDIT, REMOVE, DESTROY IMPLANT, OR REVEAL INFORMATION WITHOUT AUTHORIZED ACCESS. ALSO REFERS TO MALICIOUS SOFTWARE OR COMMANDS THAT EXPLOIT VULNERABILITIES TO CAUSE UNANTICIPATED BEHAVIOR IN LEGITIMATE SOFTWARE OR HARDWARE. BLANK= MOTIVE(GOAL) + METHOD + VULNERABILITY
MOTIVE
ORIGINATES FROM THE NOTION THAT A TARGET SYSTEM STORES OR PROCESS SOMETHING VALUABLE, WHICH LEADS TO THE THREAT OF AN ATTACK ON THE SYSTEM.
MOTIVE EXAMPLES
DISRUPTING BUSINESS CONTINUITY, INFORMATION THEFT, MANIPULATING DATA, DAMAGING REPUTATION, CREATING FEAR AND CHOAS, FINANCIAL LOSS, PROPAGATING RELIGIOUS OR POLITICAL BELIEFS, ACHIEVING THE STATE’S MILITARY OBJECTIVES, REVENGE, AND RANSOM.
TTPs TACTICS, TECHNIQUES, AND PROCEDURES
REFERS TO THE PATTERNS OF ACTIVITIES AND METHODS ASSOCIATED WITH SPECIFIC THREAT ACTORS OR GROUPS OF THREAT ACTORS. HELPFUL IN ANALYZING THREATS AND PROFILING THREAT ACTORS AND CAN BE FURTHER USED TO STRENGTHEN THE SECURITY INFRASTRUCTURE OF AN ORGANIZATION.
METHOD TACTICS
DEFINED AS A STRATEGY FOLLOWED BY AN ATTACKER TO PERFORM THE ATTACK FROM THE BEGINNING TO THE END.
METHOD TECHNIQUES
DEFINES AS THE TECHNICALS METHODS USED BY AN ATTACKER TO ACHIEVE INTERMEDIATE RESULTS DURING THE ATTACK.
METHOD PROCEDUCES
DEFINED AS THE SYSTEMATIC APPROACH FOLLOWED BY THE THREAT ACTORS TO LAUNCH AN ATTACK.
RECONNAISSANCE ATTACKS
ATTACKERS ATTEMPT TO OBTAIN ALL THE POSSIBLE INFORMATION ABOUT A TARGET NETWORK, INCLUDING INFORMATION SYSTEMS, SERVICES, AND VULNERABILITIES THAT MAY EXIST IN THE NETWORK. TECHNIQUES USED INCLUDE SOCIAL ENGINEERING, PORT SCANNING, DNS FOOTPRINGINT, PING SWEEPING. THE PRIMARY OBJECTIVE IS COLLECTING THE TARGET’S NETWORK INFORMATION, SYSTEM INFORMATION, AND THE ORGANIZATIONAL INFORMATION. CARRIED OUT AT VARIOUS NETWORK LEVELS, THE ATTACKER GATHERS INFORMATION ON SYSTEM FEATURES SUCH AS NETWORK BLOCKS, NETWORK SERVICE AND APPLICATION, SYSTEM ARCHITECTURE, INTRUSION DETECTION SYSTEMS, SPECIFIC I.P. ADDRESSES, AND ACCESS CONTROL MECHANISMS.
NETWORK INFORMATION OBTAINED USING RECONNAISSANCE ATTACKS
DOMAIN NAMES, INTERNAL DOMAIN NAMES, NETWORK BLOCKS, IP ADDRESSES OF THE REACHABLE SYSTEMS, ROGUE WEBSITES/PRIVATE WEBSITES, OPEN PORTS, VERSIONS OF RUNNING OSes, RUNNING TCP AND UDP SERVICES, ACCESS CONTROL MECHANISMS AND ACLs, NETWORKING PROTOCOLS, VPN POINTS, RUNNING FIREWALLS, ANALOG/DIGITAL TELEPHONE NUMBERS, AUTHENTICATION MECHANISMS, SYSTEM ENUMARTION.
ACTIVE RECONNAISSANCE ATTACKS
THESE MOSTLY INCLUDE PORT SCANS AND OPERATING SYSTEM SCANS. HERE, THE ATTACKER USES TOOLS TO SEND PACKETS TO THE TARGET SYSTEM. FOR EXAMPLE, THE TRACEROUTE TOOL HELPS GATHER ALL THE IP ADDRESSES OF ROUTERS AND FIREWALLS. THE ATTACKER ALSO GATHERS FURTHER INFORMATION REGARDING THE SERVICES RUNNING ON THE TARGET SYSTEM.
PASSICE RECONNAISSANCE ATTACKS
THESE ATTACKS GATHER INFORMATION FROM THE NETWORK TRAFFIC IN A PASSIVE MANNER. HERE, THE ATTACKERS PERFORM SNIFFING TO OBTAIN DETAILS OF VULNERABILITIES IN THE NETWORK. THE ATTACKERS USE VARIOUS TOOLS TO GAIN INFORMATION ABOUT THE TARGET.
PACKET SNIFFING
MONITORS EVERY PACKET THAT PASSES THROUGH A NETWORK. THROUGH VARIOUS TOOLS, ATTACKERS CAPTURE USERNAMES, PASSWORDS, AND OTHER INFORMATION. IN PROTOCOLS LIKE TELNET AND HTTP, USER INFORMATION IS AVAILABLE IN PLAIN TEXT. CAN BE USED TO MAP THE NETWORK AND BREAK INTO A TARGET COMPUTER.
PORT SCANNING
PROVIDES ATTACKERS ACCESS TO ANY OPEN PORTS ON THE TARGET MACHINE. ONCE ACCESS IS OBTAINED, AN INTRUSION CAN BE EXECUTED.
PING SWEEPING
A TECHNIQUE THAT CAN LOCATE OPEN/LIVE PORTS IN A NETWORK THROUGH AN ICMP REQUEST. A WELL-CONFIGURED ACCESS CONTROL LIST (ACL) CAN PREVENT THIS IN THE NETWORK.
DNS FOOTPRINTING
CAN BE USED TO GATHER INFORMATION ABOUT SPECIFIC DOMAINS AND IP ADDRESSES IN THE NETWORK, AND CAN BE PERFORMED WITH DNS QUERIES CONSISTING OF DNS LOOKUP AND WHOIS.
SOCIAL ENGINEERING
REFERS TO TECHNIQUES BY WHICH UNSUSPECTING TARGET INDIVIDUALS ARE PERSUADED TO SHARE THEIR CREDENTIALS OR PERSONAL INFORMATION ON THE NETWORK. ATTACKERS THEN USER THIS INFORMATION TO PERFORM AN ATTACK ON THE TARGET.
INTERNAL SNIFFING
REFERS TO SNIFFING PERFORMED BY AN INDIVIDUAL (WHO MAY BE AN EMPLOYEE OF THE FIRM) WHO IS ALREADY CONNECTED TO THE INTERNAL LAN, AND CAN RUN TOOLS TO DIRECTLY CAPTURE NETWORK TRAFFIC.
EXTERNAL SNIFFING
REFERS TO SNIFFING PERFORMED BY A HACKER OUTSIDE THE TARGET NETWORK, BY INTERCEPTING PACKETS AND THE FIREWALL LEVEL TO STEAL INFORMATION.
WIRELESS SNIFFING
REGARDLESS OF WHERE THE HACKERS ARE LOCATED ON THE NETWORK BEING SNIFFED, THE PROLIFERATION OF WIRELESS NETWORKS HAS MADE IT POSSIBLE TO PENETRATE A NETWORK FROM ANYWHERE WITHIN ITS PHYSICAL RANGE TO OBTAIN INFORMATION.
MAN-IN-THE-MIDDLE ATTACK
A FORM OF SESSION HIJACKING ATTACK, IN WHICH ATTACKERS INTRUDE INTO AN EXISTING CONNECTION BETWEEN TWO SYSTEMS TO INTERCEPT THE MESSAGES BEING EXCHANGED, AND INJECT FRAUDULENT INFORMATION. IT IS AN EAVESDROPPING ATTACK IN WHICH THE COMMUNICATION BETWEEN TWO PARTIES IS MONITORED OR MODIFIED BY A THIRD UNAUTHORIZED PARTY.
PASSWORD ATTACK
PERFORMED TO GAIN UNAUTHORIZED ACCESS OR CONTROL OVER A TARGET COMPUTER SYSTEM. ATTACKERS THEN USE THIS ACCESS TO ACCOMPLISH VARIOUS MALICIOUS OBJECTIVES SUCH AS STEALING SECRETS, MAKING SLIGHT MODIFICATIONS TO WEBSITES, STEALING CREDIT CARD DETAILS, AND OBTAINING SYSTEM PRIVILEGES.
DICTIONARY ATTACK
AN ATTEMPT TO CRACK A USER PASSWORD VIA GUESSING. ATTACKERS CAN GUESS PASSWORDS USING A MANUAL OR AN AUTOMATED APPROACH. THIS ATTACK TRIES TO MATCH FREQUENTLY OCCURRING AND COMMONLY USED WORDS IN REGULAR USAGE. EXAMPLES INCLUDE PASSWORD, ROOT, ADIMINSTRATOR, ADMIN, DEMO, TEST, GUEST, QWERTY, PET NAMES, DATE OF BIRTH, CHILDREN NAMES, ADDRESSES, AND HOBBIES.
BRUTE FORCE ATTACK
A LARGE NUMBER OF GUESSES ARE PERFORMED TO SUCCESSFULLY OBTAIN A PASSWORD OF THE TARGET SYSTEM. IT INVOLVES CHECKING ALL COMBINATIONS OF CHARACTERS UNTIL THE CORRECT PASSWORD IS FOUND. THESE ATTACKS ARE TIME AND RESOURCE-CONSUMING AND ARE THEREFORE MOST SUITABLE FOR OBTAINING PASSWORDS THAT ARE SMALL OR NOT COMPLEX.
HYBRID ATTACK
WORKS LIKE A DICTONARY ATTACK, BUT ADDS NUMBERS AND SYMBOLS TO THE WORDS TO CRACK A PASSWORD. THESE ATTACKS GENERALIZE COMMON STRATEGIES PEOPLE ADOPT TO MAKE THEIR PASSWORDS HARD TO GUESS. THIS ATTACK BEGINS WITH A DICTIONARY TERM AND THEN GENERATES FURTHER GUESSES BY APPENDING OR PREPENDING DATES, NUMBER, ALPHANUMERIC CHARACTERS, AND SYMBOLS TO THE DICTIONARY TERM.
BIRTHDAY ATTACK
A TYPE OF BRUTE-FORCE ATTACK, WHICH LEVERAGES TECHNIQUES THAT SOLVE A CLASS OF CRYPTOGRAPHIC HASH FUNCTIONS.
RAINBOW TABLE ATTACK
A LARGE SET OF HASHES (ENCONDED CODES) THAT ARE PRE-MATCHED TO POSSIBLE PLAINTEXT PASSWORDS. USED BY PASSWORD CRACKING SOFTWARE TO BREACH NETWORK SECURITY. ALL COMPUTER SYSTEMS THAT REQUIRE AUTHENTICATION STORE USER ACCOUNTS AND PASSWORDS IN THE DATABASE IN ENCRYPTED FORM. IF THE ATTACKER GAINS ACCESS TO THE PASSWORD DATABASE, PASSWORD-CRACKING SOFTWARE CAN COMPARE THE RAINBOW TABLE’S LIST OF HASHES WITH HASHED PASSWORDS IN THE DATABASES.
PRIVILEGE ESCALATION ATTACK
AN ATTACKER GAINS ACCESS TO THE NETWORK AND THE ASSOCIATED DATA AND APPLICATIONS BY EXPLOITING DEFECTS SUCH AS THOSE IN THE DESIGN, SOFTWARE APPLICATIONS, AND POORLY CONFIGURED OPERATING SYSTEMS. ONCE AN ATTACKER HAS GAINED ACCESS TO A REMOTE SYSTEM WITH A VALID USERNAME AND PASSWORD, THEY THEN ATTEMPT TO INCREASE THEIR PRIVILEGES.
HORIZONTAL PRIVILEGE ESCALATION
THE UNAUTHORIZED USER ATTEMPTS TO ACCESS RESOURCES, FUNCTIONS, AND OTHER PRIVILEGES THAT BELONG TO AN AUTHORIZED USER WITH SIMILAR ACCESS PERMISSIONS.
VERTICAL PRIVILEGE ESCALATION
THE UNAUTHORIZED USER ATTEMPTS TO GAIN ACCESS TO RESOURCES AND FUNCTIONS OF A USER WITH HIGHER PRIVILEGES SUCH AS AN APPLICATION OR SITE.
DNS POISONING ATTACK
A PROCESS IN WHICH THE ATTACKER REDIRECTS THE VICTIM TO A FAKE WEBSITE BY PROVIDING FAKE DATA TO THE DNS SERVER. THE WEBSITE LOOKS SIMILAR TO THE GENUINE SITE BUT IS HOSTED IN A MALICIOUS SERVER CONTROLLED BY THE ATTACKER.
ADDRESS RESOLUTION PROTOCOL (ARP)
A TCP/IP PROTOCOL THAT MAPS IP NETWORK ADDREESSES TO THE HARDWARE ADDRESSES USED BY THE DATA LINK PROTOCOL. THIS PROTOCOL CAN BE USED TO EASILY OBTAIN THE MAC (HARDWARE) ADDRESS OF ANY DEVICE WITHIN A NETWORK. APART FROM THE NETWORK SWITCH, HOST MACHINES ALSO USE THE ARP PROTOCOL FOR OBTAINING MAC ADDRESSES. ARP IS USED BY A HOST MACHINE WHEN IT NEEDS TO SEND A PACKET TO ANOTHER DEVICE AND HAS TO MENTION THE DESTINATION MAC ADDRESS IN THE PACKET.
ARP POISONING ATTACK
AN ATTACK IN WHICH THE ATTACKER ATTEMPTS TO ASSOCIATE THEIR OWN MAC ADDRESS WITH THE VICTIM’S IP ADDRESS, SO THAT THE TRAFFIC MENT FOR THE IP ADDRESS IS SENT TO THE ATTACKER.
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) STARVATION ATTACK
AN ATTACKER FLOODS THE DHCP SERVER BY SENDING A LARGE NUMBER OF DHCP REQUESTS WITH FAKE MAC ADDRESSES, BY USING TOOLS SUCH AS GOBBLER. THIS WILL EXHAUST ALL THE AVAILABLE IP ADDRESSES THAT THE DHCP SERVER CAN ISSUE. AS A RESULT, THE SERVER CANNOT ISSUE ANY MORE IP ADDRESSES, LEADING TO A DENIAL OF SERVICE (DoS).
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) SPOOFING ATTACK
ALSO KNOWN AS A ROGUE DHCP SERVER ATTACK, AN ATTACKER INTRODUCES A ROGUE SERVER IN THE NETWORK, WHICH RESPONDS TO CLIENTS’ DHCP DISCOVERY REQUESTS. BOTH THE ROGUE AND ACTUAL SERVER RESPOND TO A REQUEST, AND THE SERVER THAT RESPONDS FIRST IS ACCEPTED BY THE CLIENT.
MAC SPOOFING ATTACK
ENABLE ATTACKERS TO SPREAD MALWARE, BYPASS AUTHENTICATION CHECKS, OR STEAL SENSITIVE INFORMATION. ATTACKERS SNIFF A NETWORK FOR THE MAC ADDRESSES OF LEGITIMATE CLIENTS CONNECTED TO THE NETWORK. IN THIS ATTACK, THE ATTACKER FIRST RETRIEVES THE MAC ADDRESS OF THE CLIENTS WHO ARE ACTIVELY ASSOCIATED WITH THE SWITCH PORT. THEN THE ATTACKER SPOOFS THEIR OWN MAC ADDRESS WITH THE MAC ADDRESS OF THE LEGITIMATE CLIENT.
NETWORK-BASED DENIAL-OF-SERVICE ATTACK (DoS)
AN ATTACK THAT PREVENTS AUTHORIZED USERS FROM ACCESSING A COMPUTER OR NETWORK. ATTACKS THAT TARGET THE NETWORK BANDWIDTH OR CONNECTIVITY.
DISTRIBUTED DENIAL-OF-SERVICE ATTACK (DDoS)
A LARGE-SCALE COORDINATED ATTACK ON THE AVAILABILITY OF SERVICES ON A TARGET’S SYSTEM OR NETWORK RESOURCES. IT IS LAUNCHED INDIRECTLY THROUGH MANY COMPROMISED COMPUTERS ON THE INTERNET.
NETWORK-CENTRIC ATTACK
OVERLOADS A SERVICE BY CONSUMING BANDWIDTH
APPLICATION-CENTRIC ATTACK
OVERLAODS A SERVICE BY INUNDATING IT WITH PACKETS.
VIRUS
A TYPE OF PROGRAM THAT CAN MULTIPLY BY MAKING COPIES OF ITSELF. IT REPLICATES ITSELF THROUGH HOST PROGRAMS. IT REPRODUCES ITS CODE WHILE ENCLOSING OTHER EXECUTABLES, AND SPREADS THROUGH THE COMPUTER.
TROJAN
A MALICIOUS PROGRAM THAT MASQUERADES AS LEGITIMATE SOFTWARE, AND CAN BE A SERIOUS THREAT TO SYSTEM SECURITY.
ADWARE
A SOFTWARE PROGRAM THAT TRACKS THE USER’S BROWSING PATTERNS FOR MARKETING PURPOSES AND DISPLAYING ADVERTISEMENTS.
SPYWARE
A PIECE OF SOFTWARE CODE THAT EXTRACTS USER INFORMATION AND SENDS IT TO ATTACKERS.
ROOTKITS
A SOFTWARE PROGRAM THAT OBTAINS PRIVILEGED ACCESS TO A TARGET COMPUTER TO PERFORM MALICIOUS ACTIVITIES.
BACKDOORS
CREATED TO COMPROMISE THE SECURITY OF TARGET SYSTEMS AND GAIN ACCESS TO A NETWORK ILLEGITIMATLEY.
