REVIEWER
Вариантов на этом колесе: 49
- is the deliberate act that exploits vulnerability •It is accomplished by a threat-agent to damage or steal an organization’s information or physical asset (ATTACK)
- is a technique to compromise a system (EXPLOIT)
- This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information (MALICIOUS CODE)
- Compromised system scans random or local range of IP addresses and targets any of several vulnerabilities known to hackers or left over from previous exploits ( IP Scan And Attack)
- If the infected system has write access to any Web pages, it makes all Web content files infectious, so that users who browse to those pages become infected (Web Browsing)
- Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection (Virus)
- using file shares to copy viral component to all reachable locations ( Unprotected Shares )
- sending e-mail infections to addresses found in address book ( Mass Mail )
- SNMP vulnerabilities used to compromise and infect ( Simple Network Management Protocol )
- A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached ( HOAXES )
- Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource ( Back Doors )
- Attempting to reverse calculate a password ( Password Crack )
- The application of computing and network resources to try every possible combination of options of a password ( Brute Force )
- attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords ( Dictionary )
- another form of e-mail attack that is also a DoS, in which an attacker routes large quantities of e- mail to the target ( Mail-Bombing )
- a program and/or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information Slide from a network ( Sniffers )
- within the context of information security, the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker ( Social Engineering )
- application error occurs when more data is sent to a buffer than it can handle • when the buffer overflows, the attacker can make the target system execute instructions, or the attacker can take advantage of some other unintended consequence of the failure ( Buffer Overflow )
- Attacker creates an ICMP packet that is larger than the maximum allowed 65,535 bytes. ( Ping of Death Attacks )
- works by exploring the contents of a web browser’s cache • can allow collection of information on access to password-protected sites ( Timing Attack )
- is the protection of computer systems and networks from information disclosure, theft or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they Slide 3 provide. ( IT Security )
- assurance that information is shared only among authorized persons or organizations. ( Confidentiality )
- assurance that the information is authentic and complete; - maintaining and assuring the accuracy and consistency of data over its entire life-cycle. ( Integrity )
- assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. ( Availability )
- is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. ( Vulnerability )
- Vulnerabilities are classified according to the asset class they are related to: ( Hardware & Software )
- Susceptibility to humidity/dust; unprotected storage; over- heating. ( Hardware )
- Insufficient testing; insecure coding; lack of audit trail; design flaw. ( Software )
- Unprotected communication lines; insecure network architecture. ( Network )
- Inadequate recruiting process; inadequate security awareness; insider threat. ( Personnel )
- Area subject to natural disasters (e.g. flood, earthquake); interruption to power source. ( Physical Site )
- Lack of regular audits; lack of continuity plans. ( Organizational )
- is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. ( Threat )
- is any step you take to ward off a threat to protect user, data, or computer from harm. ( Countermeasure )
- Various security threats ------ ( Users, Hardware, Data)
- Identity theft; loss of privacy; exposure to spam; physical injuries. ( Users )
- Power-related problems; theft; vandalism; and natural disasters. ( Hardware )
- Malwares; hacking; cybercrime; and cyber-terrorism. ( Data )
- Unsolicited commercial e-mail/Junk e- mail ( Spam )
- Small text file that a Web server put on computer ( Cookie )
- a small gif embedded in webpage/email ( Web Bugs )
- Malicious Software • Virus (require some executables), worms (self executables), spyware, trojan horses, botnet (robot network) ( Malwares )
- Sniffing: finding user’s password (password sharing, password uesgsing or password capture). • Social Engineering: Dumpster diving, phishing (e-mail) & vishing (phone calls) • Spoofing ( Hacking )
- Distributed Denial of Services o Cybercrime; and Cyber-terrorism ( DDoS
- attacker sends a large number of connection or information requests to a target; • so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service ( Denial of Service )
- an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. ( Distributed Denial of Service )
- technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. ( Spoofing )
- an attacker sniffs packets from the network, modifies them, and inserts them back into the network. ( Man in the Middle )
- By using a strong password system, you should have a mix of uppercase and lower case letters, numbers, and special characters. • Also, always reset all default passwords. • Finally, create a strong access control policy. ( Bolster Access Control )