Fundamentals of Information Systems Security Ch 3 - Attacks, Threats, Vulnerabilities

Asset

Any item that has value.

Botnet

A bunch of internet-connected computers under the control of a remote hacker.

Identity theft

When private data is used to impersonate an individual.

Organization's Assets

Customer Data
IT assets and network infrastructure
Intellectual property
Finances and financial data
Service accountability and productivity
Reputation

Armored virus

Virus with hardened code that makes it difficult to reverse-engineer and build an antivirus from the malware.

Ransomware

A new form of malware linked to a time clock, forcing the victim to pay a ransom to prevent their data from being deleted.

Cryptolocker

A specific form of ransomware that encrypts local files or data until the victim pays a ransom to obtain the decryption keys.

Polymorphic Malware

Malware that can morph, making it difficult to see and be remediated with antivirus or anti-malware applications.

Intellectual Property

An asset at the center of many organizations.

Downtime

The time during which a service is not available due to a failure or maintenance.

Opportunity cost

The amount of money a company loses during downtime.

True downtime cost

AKA opportunity cost. The amount lost during downtime.

Hacker

In the computing world, someone who enjoys exploring and learning how to modify something.
In the media, someone who breaks into a computer without permission.

Black-hat hacker

Will try to break IT security and gain access to systems with no authorization to prove technical prowess.

White-hat hacker

AKA an ethical hacker. An information security professional who has authorization to identify vulnerabilities and perform penetration testing.

Gray-hat hackers

A hacker with average abilities who may one day become a black or white hat hacker.

Cracker

A hacker with hostile intent, sophisticated skills, and interests in financial gain.
They represent the greatest threat to networks and information resources.

Protocol Analyzer

AKA a sniffer. Software program that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.

Promiscuous mode

Sniffers operate in promiscuous mode, allowing every packet to be seen and captured by the sniffer.

Port scanner

A tool used to scan for open IP ports that have been enabled.

Operating System (OS) fingerprint scanner

Software that allows an attacker to send a variety of packets to an IP host device, hoping to determine the target device's operating system (OS) from the response.

Software vulnerability

A bug or weakness in the program.

Exploit

Something a hacker can do once a vulnerability is found.

Vulnerability scanner

Software program used to identify and verify vulnerabilities on an IP host device.

National Vulnerability Database (NVD)

The List of Common Vulnerabilities and Exposure (CVE), which is maintained by the U.S. Department of Homeland Security.
https://cve.mitre.org

Exploit software

An application that incorporates known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.

Intrusive penetration testing

Positively verifies the network by working to exploit it.

Wardialer

A computer that dials telephone numbers looking for a computer on the other end.

Password cracker

Software that performs one of two things:
Brute-force password attack to gain unauthorized access into the system or recover passwords in the system.
Cryptographic hash to convert a large amount of data into a single long number using an algorithm.

Keystroke logger

Surveillance software or hardware that can record to a log file every keystroke made with a keyboard.

Security breach

Any event that results in the violation of any of the confidentiality, integrity, or availability security tenets.

Denial of Service (DoS)

An attack that results in downtime or inability of a user to access a system by impacting the availability.

Logic attacks

Use software flaws to crash or hinder the performance of remote servers.

Flooding attacks

Overwhelm the victim's CPU, memory, or network resources by sending large numbers of useless requests to the machine.

SYN flood

Popular technique to launch a flood attack.

Smurfing

Use directed broadcasts to create a flood of network traffic for a victim computer.

Distributed denial of service (DDoS)

A type of DoS attack that also impacts a user's ability to access a system by overloading the computer and preventing legitimate users from gaining access.

Wiretapping

Can be active, where attacker makes modifications to a line, or passive, where the unauthorized user simply listens to the transmission without changing the contents.

Between-the-lines wiretapping

Does not alter the messages sent by legitimate users, but inserts additional messages into the communication line when the legitimate user pauses.

Piggyback-entry wiretapping

Intercepts and modifies the original message by breaking the communications line and routhing the message to another computer that acts like a host.

Backdoors

Hidden access methods left by developers so they can access the system again without struggling with security controls.

Netcat

A utility that is the most popular backdoor tools in use today.

Rootkits

Malicious software programs designed to be hidden from normal methods of detection. Installed by attackers once they obtain root or system administrator access privileges.

Spam

Unwanted email.

Spim

Unwanted IMs and chats.

Phishing

An email that is fake or bogus to trick the recipient into clicking on an embedded URL link or opening an email attachment.

Hoax

An act intended to deceive or trick the receiver. Usually an email.

Cookie

A text file containing details gleaned from past visits to a website. Stored in cleartext.

Risk

The probability that something bad is going to happen.

Vulnerability

A weakness in the design or software code itself. Can be exploited as a threat.

Disclosure threats

Occurs when unauthorized users access private or confidential information that is stored in a network resource while it is in transit between network resources.

Sabotage

The destruction of property or obstruction of normal operations.

Espionage

The act of spying to obtain secret information, typically to aid another nation state.

Information leak

Any instance of someone who purposely distributes information without proper authorization.

Attack

An attack on a system succeeds by exploiting a vulnerability in the system.

Fabrications

The creation of some deception to trick unsuspecting users.

Interceptions

Eavesdropping on transmissions and redirecting them for unauthorized use.

Interruptions

A break in the communication channel which blocks the transmission of data.

Modifications

The alteration of data contained in transmissions or files.

Birthday attacks

A type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

Brute-force password attack

Attacker tries different passwords until one of them is successful.

Dictionary password attack

A simple attack that relies on users making poor passwords. A password-cracker program takes a dictionary file and attempts to log on by entering each dictionary entry as a password.

Spoofing

A person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

Address resolution protocol (ARP) poisoning

When an attacker spoofs the MAC address of a targeted device by sending fake ARP resolution responses with a different MAC address.

Christmas (Xmas) attack

Sending advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, lighting the IP router up like a Christmas tree.

Man-in-the-middle hijacking

Attacker uses a program to take control of a connection by masquerading as each end of the connection.

Browser or URL hijacking

The user is directed to a different website than what they requested, usually a fake page the attacker created.

Session hijacking

Attacker tries to take over an existing connection between two network computers.

Replay attack

Capturing data packets from a network and retransmitting them to produce an unauthorized effect.

Masquerade attack

A user or computer pretends to be another user or computer.

Social engineering

Tricking authorized users into carrying out actions for unauthorized users.

Phreaking

Exploiting bugs and glitches in the telephone system.

Spear phishing

Using email or instant messages to target a specific organization, seeking unauthorized access to confidential data.

DNS poisoning

Pharming that poisons a domain name server.

Pharming

Domain spoofing.

Malware

Malicious software that infiltrates one or more target computers and follows the attackers instructions.

Virus

Software program that attaches itself to or copies itself to another program or a computer.

Worm

A self-contained program that replicates and sends copies of itself to other computers, generally across a network, without any input or action.

Trojan

Malware that masquerades as a useful program.

Rootkits

Modifies or replaces one or more existing programs to hide traces of attacks.

Spyware

Malware that specifically threatens the confidentiality of information.

Attack on availability

Impacts access or uptime to a critical system, application, or data.

Attack on people

Using deception to get another human to perform an action.

Attack on IT assets

Penetration testing, unauthorized access, stolen passwords, deletion of data, etc.

Wireless network attacks

Perform intrusive monitoring, packet capturing, and penetration tests on a wireless network.

User Domain

...

WAN Domain

...