Security - Attacks Flashcards
DoS
Denial of Service
DDoS
Distributed Denial of Service Attacks
Social Engineering
Intruder gains information from users to gain access to network
Phishing
Form of social engineering
Password Cracking
Brute-force attack - every possible combination of characters
Dictionary attack - variations of known passwords
Packet Sniffing
Intercepts unencrypted packets to find username / password
Man-in-the-middle
Attacker in the middle of a conversation
ARP cache poisoning
ARP cache poisoning
Form of man-in-the-middle
Redirect conversations to attacker
Evil Twin
Form of man-in-the-middle
Poses as legitimate WAP
Session Hijacking
Form of man-in-the-middle
Hijack an active network session
VLAN Hopping
Form of man-in-the-middle
Buffer Overflow
Instructions can be ran or application will crash.
Backdoor entry can cause
Virus
Malicious computer code
Spreads from system to system by user action
Worm
Self-replicating virus
Usually establishes a backdoor
Malware
Malicious programs intended to harm, disrupt, deny, or gain unauthorized access to a machine
Logic Bomb
Resides in a system until trigger sets it off
Zero-day Attack
Exploits software vulnerability unknown to developer
Ransomware
Form of malware
Encrypts files and demands ransom
Teardrop
Form of DoS
Fragmented packets sent to target. Machine crashes after being unable to reassemble packets.
SYN Attack
Form of DoS
Multiple TCP SYN packets sent to overwhelm host’s memory
Smurf
Form of DoS
Initiate broadcast messages with spoofed address that appears to be within the network
PDoS
Permanent DoS
Malicious, renders hardware useless
Spoof
Using a trusted IP address
Reflective / amplified DoS
Spoof an IP address, send multiple requests, overwhelming responses sent to spoofed address
Coordinated Attack
Form of DDoS
Orchestrated to a specific target
Botnet
Form of DDoS
Group of infected computers attack another computer / system
