Please enable JavaScript.
Coggle requires JavaScript to display documents.
Network Threats (Social Engineering (network is made vulnerable when it is…
Network Threats
Social Engineering
network is made vulnerable when it is used by real live humans. People can make mistakes; they can be tricked, fooled, bribed, or threatened.
-
thumb-drive full of malware somewhere a user might pick it up, and labelling it so that they would want to open it on their system
Phoning up a user at work and convincing them to break policy and give them the information they want directly
Data interception
passive attack, as it doesn't damage data
-
with a man-in-the-middle attack, an extra server or router has been placed in the network so that packets coming from the target computer are re-directed, copied, and sent on
-
Denial of Service
-
Flooding the targeted server with millions of bogus requests. There are many requests that the server memory and CPU cycles are used up and the server crashes.
DoS attack involves hundreds or thousands of computers which have been infected with botnet malware. It is then called a 'Distributed Denial of Service' attack (DDoS)
-
Phishing
Involves sending out e-mails, instant messages, or phone calls pretending to be someone in authorit (banker, electrician).
Uses that fake authority to convince users to voluntarily give up sensitive information (passwords, bank details, etc)
Brute force attack
Computer program is written to go through every possible combination of letters (and / or symbols) until the right one comes up. For example, there are 26 letters in the english alphabet, so if your password is just a single letter long, it would only take, at most, 26 guesses to find it.
DDOS
This is a method of preventing legitimate users from connecting to a server. Web sites can be blocked with this method.
Poor Network Policy
The network administrator should have a security policy in place to safeguard the network. Without precautions, guidance and training, there is a risk that some users, albeit unwittingly, will introduce threats to the network.
SQL injection
The deliberate addition of malicious sql code into a web form in order to view \ modify \ delete database records or to gain unauthorised access.