CompTIA Sec+ | Microsoft MTA Security: kinds of attacks

Posted filed under CompTIA Security+, MICROSOFT MTA SECURITY.

A key aspect to any war is to know your enemy. If you consider the battle against malicious users a war, then understanding the attacks that they use is crucial. Below is a listing with descriptions of the most common kinds of attacks used by malicious hackers and other bad people.

 

Social Engineering

This kind of attack is probably the most commonly successful and damaging of all attacks, yet it requires no technical ability. Social engineering is an attack by which the attacker manipulates people who work in a capacity of some authority so that the attacker can get those people to do something that he desires. For example, if an attacker calls into a business posing as a bank representative who is reporting foul activity on an account and then proceeds to ask for a routing number, that attacker is engaged in a social engineering attack. Remember, social engineering means manipulating people.

 

Dumpster Diving

This is another low-tech attack. All you have to remember about this attack is that the name is very indicative of the nature of this attack – a dumpster diver would look through trash and other unsecured materials to find pertinent information to either launch an attack or carry out some other maliciously intended action.

 

 

Password Cracking

This is an attack by which the attacker wishes to gain authentication (and authorization) to network resources by guessing the correct password. There are three basic kinds of password cracking attacks:

  • Brute Force – Every single possible combination of characters (aaa,aaA,aAA,AAA,aab…)
  • Dictionary – Enter passwords from a text file (a dictionary)
  • Hybrid – A variation of the Dictionary approach, but accounting for common user practices such as alternating character cases, substituting characters (“@” in place of “A”, etc), using keyboard patterns (“1QAZ”, etc), doubling passwords to make them longer, or adding incremental prefix/suffix numbers to a basic password (“2swordfish” instead of “swordfish, etc).

Attackers know that many users use the same or similar passwords for different systems. Using a sniffer to obtain a user’s password on an unsecure platform will provide a good starting point for a quick hybrid attack on a different, more secure platform. For example, Yahoo Messenger transmits passwords in clear text. An attacker can easily obtain a user’s Yahoo password, and then attempt to access their bank account, or other sensitive information, using that same password or a variant of that same password.

Most of the time when password cracking is attempted, the cracker has some means of entering username and password combinations quickly. Usually this is through a cracking program such as Brutus. One way to defend against cracking attacks is to put a mandatory wait time before login attempts. Another way is to lock out the login system after a certain number of attempts. Finally, limiting the number of concurrent connections to a login system can slow down a cracking attack.

 

Flooding

Just like a flood can overwhelm the infrastructure of a locale, a flooding attack can overwhelm the processing and memory capabilities of a network system or server. In a flooding attack, the attacker sends an inordinate amount of packets to a server or a group of hosts in order to overwhelm the network or server. This would, of course, cause a denial of service to the hosts who demand whatever network resource has been overwhelmed. Some special kinds of flooding attacks:

  • SYN Flood – A flood of specially crafted SYN packets
  • ICMP Ping Flood – A flood of ICMP pings

 

Lessons learned

Once the entire system is restored in its earlier configuration, then it is essential to turn down to the every single step and procedures applied for the entire response process, and keep a record of that. This record acts as a lesson for one, may be that is the Team leader or a general staff.

 

Spoofing

Spoofing is not always a form of attack but can be used in conjunction with an attack. Spoofing is any attempt to hide the true address information of a node and is usually associated with IP spoofing, or the practice of hiding the IP address of a node and replacing it with another (false) IP address. One implication of a successful spoof is that investigators cannot trace the attack easily because the IP address is false. Spoofing can be achieved through proxy servers, anonymous Internet services, or TCP/IP vulnerabilities.

 

Birthday Attack

Any attack based on favorable probability is known as a birthday attack. This comes from the statistical truth that it is far more likely in a room of 100 people to find two people who have the same birthday than it is to find a person with a specific birthday. For the exam, just associate birthday attack with probability.

 

Buffer Overflow

A buffer overflow attack is a very specific kind of attack that is very common when attacking Application level servers and services. Basically, a buffer is a memory stack that has a certain holding size. Through a specifically and maliciously crafted packet, information can overflow in that stack, causing a number of problems. Some buffer overflow attacks result in a simple denial of service while others can allow for system compromise and remote takeover of a system. Patches are usually issued to defend against specific buffer overflow issues.

 

Sniffing

A sniffing attack is one in which an attacker “sniffs” information, either off the media directly or from regular network traffic, in order to compromise the confidentiality or integrity of information. Un-switched Ethernet traffic can easily be sniffed when the NIC operates in “promiscuous” mode, the mode in which the NIC reads all traffic regardless of the destination IP address. Sniffing can be thwarted by careful attention to media security and switched networks.

 

Source by wikipedia

 

 

 

 

 To Become Cretified For CompTIA Security+ Please Visit This Link ;

Comments are closed.