Chapter 2 - Introduction Vulnerabilities, Threats and Attack
Chapter 2 - Introduction Vulnerabilities, Threats and Attack
Chapter 2 - Introduction Vulnerabilities, Threats and Attack
CHAPTER 2
VULNERABILITIES
A vulnerability is an inherent weakness in the design, configuration, or implementation of a network or system that renders it susceptible to a threat. Most vulnerabilities can usually be traced back to one of three sources:
Poor design Poor implementation Poor management
THREATS
A threat is anything that can disrupt the operation, functioning, integrity, or availability of a network or system. There are different categories of threats:
Natural threats (floods, earthquakes, or storms) Unintentional threats (result of accident or stupidity) Intentional threats (result of malicious indent)
THREATS
Unstructured threats Structured threats Internal threats
created by an inexperienced person who is trying to gain access to your network implemented by a technically skilled person who is trying to gain access to a network occurs when someone from inside your network creates a security threat to your network. occurs when someone outside your network creates a security threat to your network.
External threats
ATTACK
An attack is a specific technique used to exploit a vulnerability. There are two categories of attack: Passive attack
very difficult to detect because there is no overt activity that can be monitored or detected. Example: packet sniffing or traffic analysis.
Active attack
Employ more overt action on the network or system. Example: denial-of-service.
ATTACK
Reconnaissance attack Access attack Distributed Denial of service attack Malicious code attack
Reconnaissance Attack
Reconnaissance attacks are the first step in the process of intrusion and involve unauthorized discovery and mapping of systems, services, or vulnerabilities. These discovery and mapping techniques are commonly known as scanning and enumeration. Common tools, commands, and utilities that are used for scanning and enumeration include ping, Telnet, nslookup, finger, rpcinfo, File Explorer, srvinfo, and dumpacl. Other third-party public tools include Sniffer, SATAN, SAINT, NMAP, and netcat.
Access Attack
Access attack are an attempt to gain access to information that the attacker dont have authorization to have. Access attack in network
Snooping Eavesdropping Interception
Snooping
Snooping is looking through information files in the hopes of finding something interesting. If the files are on paper, an attacker may do this by opening a file drawer and searching through files. If the files are on a computer system, an attacker may attempt to open one file after another until information is found.
Eavesdropping
Eavesdropping is when someone listens in on a conversation that they are not a part of. To gain unauthorized access to information, an attacker must position himself at a location where information of interest is likely to pass by. The introduction of wireless networks has increased the opportunity to perform eavesdropping.
Interception
Unlike eavesdropping, interception is an active attack against the information. When an attacker intercepts information, he is inserting herself in the path of the information and capturing it before it reaches its destination. After examining the information, the attacker may allow the information to continue to its destination or not
Worms
Spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.
Trojan Horse
Appear to be useful software but will actually do damage once installed or run on your computer. Designed to be annoying and malicious (like changing your desktop, adding silly active desktop icons) or can cause serious damage (create a backdoor, deleting files) Do not reproduces by infecting other files
Spreading of computer virus, Replicate itself on your mostly by sharing infecting system, creating a huge files or sending e-mails with devastating effect. viruses as attachments in the e-mail.
It also passing the infection from one infected system to another (attach to executable file) Example: Brain virus
Example: Beast
Others Attack
Logic Bombs Port Scanning Man-in-the-middle Traps Door Replay Attack Back Door Attack Spoofing Attack