Security 1.2 Flashcards
Phishing
Sending a false email pretending to be legitimate to steal valuable information from the user
Spear phishing
Attacks that target specific users with inside information.
Whaling
An attack on a powerful or wealthy individual like a CEO.
Vishings
An attack through a phone or voice communications
Tailgating
loosely following individuals with keys to get access to secure areas.
Impersonation
aking on the identity of an individual to get access into the system or communications protocol
Dumpster diving
Going through a business’s or person’s trash to find thrown away valuable information or possessions.
Shoulder surfing
Watching as a person enters information.
Hoax
False information that deceives the user into compromising security by making them believe they are at risk.
Watering hole attack
A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members.
Social engineering
The practice of using social tactics to gain information from people or get people to do something.
Authority
The actor acts as an individual of authority
Intimidation
Frightening or threatening the victim
Consensus
Convince based on what’s normally expected.
Scarcity
Limited resources and time to act
Familiarity
The victim is well known
Trust
Gain their confidence, be their friend
Urgency
Limited time to act, rush the victim
DoS (Denial of Service)
Flooding a target machine or resource with many requests to overload the system and prevent use of its resources
DDoS (Distributed Denial of Service)
DoS launched from multiple sources.
Man-in-the-middle
The attacker alters the communication between two parties who believe they are directly communicating.
Buffer overflow
A program attempts to write more data than can be held in a fixed block of memory.
Injection
Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.
Cross-site scripting (XXS):
Found in web applications, allows for an attacker to inject client-side scripts in web pages.
Cross-site request forgery (XSRF)
Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest password