Key words:
Forged E-mail
Hackers can create e-mail that appears to be coming from anyone they want. In a variation of this attack, they can spoof the reply-to address as well, making the forgery undetectable.
Trojan horse
A program that is surreptitiously installed on a computer for the purpose of providing access to a hacker.
Automated Password Guessing
Once a hacker has identified a host and found an exploitable user account or services like NetBIOS, Telnet, and Network File System (NFS), a successful password guess will provide control of the machine.
Phishing Phishing
It refers to the process of “fishing” for accounts and passwords by setting up a fake user interface such as a website that appears to be real and sending an e-mail message to trigger people to log on. (Hackers frequently change the initial f in a word to ph and the plural s to z in their jargon.)
https://www.youtube.com/watch?v=9TRR6lHviQc
https://www.youtube.com/watch?v=9TRR6lHviQc
Buffer Overruns Buffer overruns
They are a class of attacks that exploit a specific weakness common in software. Buffer overruns exploit the fact that most software allocates blocks of memory in fixed-size chunks to create a scratchpad area called a buffer, within which it processes inbound network information. Often these buffers are programmed to a fixed maximum size, or they are programmed to trust the message to correctly indicate its size.
Source Routing The TCP/IP protocol
The Protocol suite includes a little-used option for specifying the exact route a packet should take as it crosses a TCP/IP-based network (such as the Internet). This option is called source routing, and it allows a hacker to send data from one computer and make it look like it came from another (usually more trusted) computer. Source routing is a useful tool for diagnosing network failures and circumventing network problems, but it is too easily exploited by hackers and so you should not use it in your TCP/IP network. Configure your firewalls to drop all source-routed TCP/IP packets from the Internet.
Session Hijacking
Hackers can sometimes hijack an already established and authenticated networking connection.
MAN-in-the-middle
Any of a broad range of attacks in which an attacking computer redirects connections from a client through itself and then to the ultimate server, acting transparently to monitor and change the communication between the destinations. Man-in-the-middle attacks are rare and difficult to perpetrate, but they are extraordinarily effective when they work. In a man-in-the-middle attack, the hacker operates between one computer and another on your network or between a client computer on the Internet or other WAN network and your server computer in your secure LAN.
video:https://www.youtube.com/watch?v=-hd7XG-b6uk
Note:
NetBIOS Network Basic Input Output System. An older network fileand print-sharing service developed by IBM and adopted by Microsoft for use in Windows.
Source:
Strebe, Matthew. Network Security Foundations : Technology Fundamentals for IT Success (1). Alameda, US: Sybex, 2006. ProQuest ebrary. Web. 29 August 2016.
Copyright © 2006. Sybex. All rights reserved.
No hay comentarios:
Publicar un comentario