Chapter 9 Flashcards
people attack computers looking for _______ or trying to harm the ________
- valuable data
- computer system
6 steps that criminals use to attack info systems:
1) conduct reconnaissance
2) attempt social engineering
3) scan and map the target
4) research
5) execute the attack
6) cover tracks
use of deception to obtain unauthorized access to info resources
social engineering
involves use of variety of automated tools that identify computers that can be remotely accessed and the type of software they are running
scan and map the target
cover tracks by creating _______ they can use to obtain access if their initial attack is discovered
back doors
unauthorized access, modifications, or use of an electronic device or some element of a computer system
hacking
gaining control of a computer to carry out illicit activities without the user’s knowledge
hijacking
short for robot network
botnet
is a powerful network of hijacked computers, called zombies, that are used to attack systems and spread malware
botnet
installs software that responds to the hacker’s electronic instructions on unwitting PCs
bot herder
are delivered in a variety of ways: trojans, emails, instant messages, tweets
bot herder
use the combined power of the hijacked computers to mount a variety of internet attacks
bot herder
bot toolkits and easy-to-use software are available on the internet, showing hackers how to create their own
botnets
botnets are used to perform a _________ which is designed to make a resource unavailable to its users
denial-of-service attack
a trial-and-error method that uses software to guess info needed to gain access to a system
brute force attack
recovering passwords by trying every combination possible
password cracking
software generates user IDs and password guesses using a dictionary of possible user Ids and passwords to reduce number of guesses required
dictionary attacks
dictionary attacks are used by
spammers
reuses usernames and passwords from other data breaches to try to breaking into other systems
credential recycling
the best defense against brute force attacks (4)
1) monitoring system activity
2) longer and more complex passwords
3) limiting # of login attempts
4) using multifactor authentication
simultaneously sending the same unsolicited message to many ppl at the same time often in attempt to sell something
spamming
reduces the efficiency benefits of emailing and is also a source of many viruses, worms, and spyware programs
spamming
making an electronic communication look as if someone else sent it to gain the trust of the recipient
spoofing
making an email appear as though it originated from a different source
email spoofing
displaying an incorrect number on a caller ID display to hide the caller’s identity
caller ID spoofing
creating Internet Protocol (IP) packets with a forged source IP address to conceal the identity of the sender or impersonate another computer system
IP address spoofing
using short messages to change the name or number a text message appears to come from
SMS spoofing
“phishing” is also referred to as
web-page spoofing
potential point of attack bcuz it prob contains flaws
vulnerabilities
an attack between the time a new software vulnerability is discovered and the time a software developer releases a patch to fix the problem
zero-day attack
a vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanism and instruct the victim’s browser to execute the code
cross-site scripting
happens when the amount of data entered into a program is greater than the amount of memory set aside to receive it
buffer overflow attack
inserting malicious code in input such that it is passed to and executed by an application program
SQL injection attack
the idea is to convince the application to run the code that it was not intended to execute by exploiting a database vulnerability
SQL injection attack
places a hacker between a client and a host and intercepts network traffic between them
man-in-the-middle attack
man-in-the-middle attacks are often called
session hijacking attack
are used to attack public-key encryption systems where sensitive and valuable info is passed back and forth
man-in-the-middle attack
pretending to be an authorized user to access a system
masquerading/impersonating
using a neighbors wi-fi network is an example of
piggybacking
tapping into a communication line and electronically latching onto a legitimate user before the user enters a secure system
piggybacking
programming a computer to dial thousands of phone lines searching for dial-up modem lines
war dialing
driving around looking for unprotected wireless networks
war driving
attacking phone systems
phreaking