Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 2: ATTACKS (Primary classes of attacks exist:- (Access, Denial of…
CHAPTER 2: ATTACKS
-
RECONNAISSANCE ATTACK
-
-
-
- Internet information queries
RECONNAISSANCE
- The unauthorized discovery and mapping of systems, services or vulnerabilities
- Also known as information gathering and it precedes an actual access or denial -of-sevices attack (DoS)
- Somewhat analogous to a thief casing a neighborhood for vulnerable homes to break into
ACCESS
System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password
ACCESS ATTACK
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, dll
Can be implement using several method, including brute-force attacks, trojan horse programs, IP spoofing & packet sniffers
-
An attack in which an individual takes advantage of a trust relationship within a network. The classic example is a perimeter network connection from a corporation. These network segments often house (DNS), SMTP, and HTTP servers
-
- Man-in-the-middle attacks
-
The possible uses of such attacks are theft of information, hijacking of a ongoing session to gain access to private network resources, traffic analysis to derive information about a network and its users
-
The simplest, but a still-effective attack is tricking a user into thinking one is an administrator and requesting a password for various purposes
Involves using e-mail or other types of messages in a attempt to trick others into providing sensitive information.
-
EAVESDROPPING
Network intruders can identify usernames, passwords, or information carried in the packet
Network eavesdropping can lead to information theft. It can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access