Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 1:INTRODUCTION TO SECURITY, consists of mostly inexperienced…
-
consists of mostly inexperienced individuals using
easily available hacking tools such as shell scripts
and password crackers.
only executed with the intent of testing and challenging a hacker's s
skills can still do serious damage to a company
Example: if an external company Web site is hacked, the integrity of the company is damaged.
If the external Web site is separate from the internal information that sits behind a protective firewall
-
-
Structured threats
- come from hackers that are more highly motivated and technically competent.
-know system vulnerabilities, and can understand and develop exploit-code and scripts.
-understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
-often involved with the major fraud and theft cases reported to law enforcement agencies
-
Virus- a program capable of replicating with little or no user intervation and the replicated programs also replicate.
Worm- A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks.
Trojan Horse- an apparently useful or amusing program, possibly a game or screensaver, but in the background it could be performing other tasks, such as deleting or changing data, or capturing passwords or keystrokes.
b. Access Attack
- an attempt to access another user account or network device through improper means.
A. Password Attack
- can be implemented using brute-force attack.
-
-
B. Man-in-the-Middle Attack
-requires that the hacker have access to network packets
that come across a network
C. Phishing
- a type of social engineering attack that involves
using e-mail or other types of messages in an attempt
to trick others into providing sensitive information.
-
Can consist of the following:
- Ping sweeps (tell the attacker, which IP adresses are alive)
- Port scans (art of scanning to determine what network services or ports are active on the live IP addresses)
- Internet information queries (queries the ports to determine the application and operating system of targeted host.
- Packet sniffers (to capture data being transmitted on a network)
-
-
-
-
-
-
-