Flashcards in Chapter 3 Key Concepts and Terms Deck (85)
Address resolution protocol (ARP) poisoning
When an attacker spoofs the MAC address of a targeted device by sending fake ARP resolution responses with a different MAC address.
Virus with hardened code that makes it difficult to reverse-engineer and build an antivirus from the malware.
Any item that has value.
Attack on availability
Impacts access or uptime to a critical system, application, or data.
Attack on IT assets
Penetration testing, unauthorized access, stolen passwords, deletion of data, etc.
Attack on people
Using deception to get another human to perform an action.
An attack on a system succeeds by exploiting a vulnerability in the system.
Hidden access methods left by developers so they can access the system again without struggling with security controls.
Does not alter the messages sent by legitimate users, but inserts additional messages into the communication line when the legitimate user pauses.
A type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
Will try to break IT security and gain access to systems with no authorization to prove technical prowess.
A bunch of internet-connected computers under the control of a remote hacker.
Browser or URL hijacking
The user is directed to a different website than what they requested, usually a fake page the attacker created.
Brute-force password attack
Attacker tries different passwords until one of them is successful.
Christmas (Xmas) attack
Sending advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, lighting the IP router up like a Christmas tree.
A text file containing details gleaned from past visits to a website. Stored in cleartext.
A hacker with hostile intent, sophisticated skills, and interests in financial gain.
A specific form of ransomware that encrypts local files or data until the victim pays a ransom to obtain the decryption keys.
Denial of Service (DoS)
An attack that results in downtime or inability of a user to access a system by impacting the availability.
Dictionary password attack
A simple attack that relies on users making poor passwords. A password-cracker program takes a dictionary file and attempts to log on by entering each dictionary entry as a password.
Occurs when unauthorized users access private or confidential information that is stored in a network resource while it is in transit between network resources.
Distributed denial of service (DDoS)
A type of DoS attack that also impacts a user's ability to access a system by overloading the computer and preventing legitimate users from gaining access.
Pharming that poisons a domain name server.
The time during which a service is not available due to a failure or maintenance.
The act of spying to obtain secret information, typically to aid another nation state.
An application that incorporates known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.
Something a hacker can do once a vulnerability is found.
The creation of some deception to trick unsuspecting users.
Overwhelm the victim's CPU, memory, or network resources by sending large numbers of useless requests to the machine.