Upload File

threats and attacks explained

prev
next
out of 3
Download Threats and Attacks Explained

Upload: ajay-sonkar

Post on 05-Apr-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/31/2019 Threats and Attacks Explained

    1/3

    Threats and Attacks Explained

    The following explanations briefly describe some of the threats and attacks mentioned above:

    Brute force attacks. Attacks that use the raw computer processing power to try

    different permutations of any variable that could expose a security hole. For example, ifan attacker knew that access required an 8-character username and a 10-characterpassword, the attacker could iterate through every possible combination (256 multipliedby itself 18 times) in order to attempt to gain access to a system. No intelligence is usedto shape or filter likely combinations.

    Buffer overflows. The maximum size of a given variable (string or otherwise) isexceeded, forcing unintended program processing. In this case, the attacker uses thisbehavior to cause insertion and execution of code in such a way that the attacker gainscontrol of the program in which the buffer overflow occurs. Depending on the program'sprivileges, the seriousness of the security breach will vary.

    Canonicalization attacks. There are multiple ways to access the same object and anattacker uses a method to bypass any security measures instituted on the primaryintended methods of access. Often, the unintended methods of access can be less

    secure deprecated methods.Cookie manipulation. Through various methods, an attacker will alter the cookiesstored in the browser. Attackers will then use the cookie to fraudulently authenticatethemselves to a service or Web site.

    Cookie replay attacks. Reusing a previously valid cookie to deceive the server intobelieving that a previously authenticated session is still in progress and valid.

    Credential theft. Stealing the verification part of an authentication pair (identity +credentials = authentication). Passwords are a common credential.

    Cross-site scripting. An attacker is able to inject executable code (script) into astream of data that will be rendered in a browser. The code will be executed in thecontext of the user's current session and will gain privileges to the site and informationthat it would not otherwise have.

    Connection pooling. The practice of creating and then reusing a connection resourceas a performance optimization. In a security context, this can result in either the clientor server using a connection previously used by a highly privileged user being used for alower-privileged user or purpose. This can potentially expose vulnerabilities if theconnection is not reauthorized when used by a new identity.

    Data tampering. An attacker violates the integrity of data by modifying it in localmemory, in a data-store, or on the network. Modification of this data could provide theattacker with access to a service through a number of the different methods listed inthis document.

    Denial of service. Denial of service (DoS) is the process of making a system orapplication unavailable. For example, a DoS attack might be accomplished bybombarding a server with requests to consume all available system resources, or bypassing the server malformed input data that can crash an application process.

    Dictionary attack. Use of a list of likely access methods (usernames, passwords,coding methods) to try and gain access to a system. This approach is more focused andintelligent than the brute force attack method, so as to increase the likelihood ofsuccess in a shorter amount of time.

    Disclosure of sensitive/confidential data. Sensitive data is exposed in someunintended way to users who do not have the proper privileges to see it. This can oftenbe done through parameterized error messages, where an attacker will force an errorand the program will pass sensitive information up through the layers of the programwithout filtering it. This can be personally identifiable information (PII) or system data.

  • 7/31/2019 Threats and Attacks Explained

    2/3

  • 7/31/2019 Threats and Attacks Explained

    3/3

    attacker can influence the creation of a SQL statement, he or she can gain access to thedatabase with privileges otherwise unavailable and use this in order to steal or modifyinformation or destroy data.

    Throttling. The process of limiting resource usage to keep a particular process frombogging down and/or crashing a system. Relevant as a countermeasure in DoS attacks,where an attacker attempts to crash the system by overloading it with input.


Attacks with Exploits: From Everyday Threats to … · Attacks with Exploits: From Everyday Threats to Targeted Campaigns #truecybersecurity. Contents ... 2015 and 2016. It also looks

Client-side threats - Anatomy of Reverse Trojan attacks

Eclipse Attacks on Overlay Networks: Threats and Defenses

Assessment and Threats: Protecting Your Company from Cyber Attacks

HTML5 Top 10 Threats Stealth Attacks and Silent Exploits Abstract

HTML5 Top 10 Threats Stealth Attacks and Silent Exploits - here

Golden ticket, pass the ticket mi tm kerberos attacks explained

The Cybersecurity Report: Emerging Global Threats from Cyber Attacks

VoIP – some threats, security attacks and security mechanismslarsstrand.no/NR/files/RiskNet-workshop-LarsStrand-240609.pdf · VoIP – some threats, security attacks and security

Chapter 2 Vulnerabilities, Threats and Attacks

Information Security at USF: threats (attacks ...ejung/courses/683/lectures/InfoSecUSF.pdfInformation Security at USF: threats (attacks), vulnerabilities, countermeasures, risk Nick

OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and Attacks Network-Based Security Threats and Attacks

Cyber Attacks, Threats, Espionage and Hackingvenkrajen.in/docs/CyberWarAttacksandHacking.pdf · Cyber Attacks, Threats, Espionage and Hacking V. Rajendran Advocate and Cyber Law Consultant

Vulnerabilities, Threats, Attacks, and Controls 11 coml A ...€¦ · Vulnerabilities, Threats, Attacks, and Controls . coml . A computer-based system has three separate but valuable

Threats and Attacks

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Web 2.0 Attacks - Next Generation Threats on the Rise

Designing and Implementing - staroceans.org And... · Layer 4 Security Threats 49 TCP Attacks 50 UDP Attacks 51 TCP and UDP Port Scan Attacks 51 Layer 5, 6, and 7 Security Threats

DDoS Threats Landscape : Countering Large-scale DDoS attacks

3 (IMP) Security Threats(Attacks)

Mobile Threats and Attacks

HTML5 Top 10 Threats Stealth Attacks and Silent Exploits

Non-Control Data Attacks Are Realistic Threats

Computer threats, Attacks and Assets upasana pandit 411165 T.E comp

Network Threats & Attacks - University of California, Irvine

Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!

Advanced Persistent Threats and Other Advanced Attacks

Principles of Information Security, 2nd Edition1 Threats and Attacks

Threats, Vulnerabilities, and Attacks

802.11 security – the attacks explained – part1

Vulnerabilities, Threats, Attacks, and Controls 11 … · Vulnerabilities, Threats, Attacks, and Controls . coml . A computer-based system has three separate but valuable components:

death threats, two chemical attacks, two Viewpoints

Threats posed by terrorism, anthrax attacks still shape

Preventing Lunchtime Attacks: Fighting Insider Threats

C hapert Threats, Attacks, and Vulnerabilities