Latest News

Repudiation is the denial of having been a part of a data exchange. This repudiation might be to avoid responsibility for an action. Nonrepudiation is a security feature that helps ensure that data has been sent and received by the ... [full story]

Session replay is a form of a man-in-the-middle attack, where the intruder captures a packet sequence and modifies part of the data before forwarding it on normally. This type of attack relies on an inherent weakness in data traffic authentication. Session ... [full story]

An IP spoofing attack involves an external or internal hacker who pretends to be using a trusted computer by using the address of that computer. The hacker either uses an IP address within the range of trusted internal addresses for ... [full story]

Data manipulation, or impersonation, is made possible by vulnerabilities in IP protocols and related applications. Data manipulation attacks are often called “man-in-the- middle” attacks because the attacks typically involve an individual located between TCP/IP-exploited IP vulnerabilities. Common forms of these ... [full story]

While the threat of DoS attacks can’t be eliminated, it can be reduced through the following three methods: Anti-DoS features Proper implementation and configuration of anti-DoS features available on routers and firewalls can help limit the effectiveness of an attack. These ... [full story]

While many reasons or rationalizations exist that an individual or group of individuals might choose to launch a form of DoS attack on a network, one thing common to many attacks is anger. Real or imagined, the attacker blames the ... [full story]

Variations of the DoS attack are likely to be a major component of global terrorism and even a part of government-sponsored acts of aggression against its perceived enemies. The possible devastating that effect a massive distributed attack could have on ... [full story]

Knowing about common, well-known attacks can be useful and interesting, and when someone indicates an attack is a variation of the Ping of Death, you will know what that means. Well-known attacks include the following: TCP SYN Flood Uses the TCP ... [full story]

The latest variation on the DoS, the DRDoS, involves one or more hosts sending a series of TCP SYN requests or ICMP ping requests to many unsuspecting, even thoroughly secure, hosts using the “spoofed” source address of the target. When ... [full story]

DDoS attacks start by the attacker(s) placing Zombie (technically, “bot,” short for “robot”) programs in a series of compromised computers hooked by relatively high-bandwidth connections to the Internet. These Zombies are programmed to monitor specific Internet Relay Chat (IRC) chat ... [full story]

Denial of service (DoS) attacks in their many forms are by far the most infamous, and possibly the most threatening to organizations who conduct any business over the Internet. The primary purpose of any DoS attack is to deny access ... [full story]

Once initial access has been accomplished, the hacker will attempt to exploit any privileges associated with that access, including the ability to get into shared resources. If the initial account has limited access permissions, the hacker will try to gain ... [full story]

To use a user account on a server or network, you must first have the user name and password. Discovering the user names is a fairly straightforward process described in the preceding section. Attackers use password crackers to crack the ... [full story]

The term social engineering relative to security came from early hacking efforts on telephone systems and long-distance services. Social engineering is based on the concept of why risk breaking into a system by brute force or tools when you can ... [full story]

In many cases, the first objective is to gain initial access, so additional reconnaissance can be conducted. This reconnaissance could include scouting out resources, IP addresses, and possibly running a network discovery (mapping) program or even a sniffer-type packet-capturing utility, ... [full story]

Access attack is a catch-all phrase to encompass a variety of forms of unauthorized access of computer resources. An access attack could be an outside individual, or a group that uses various methods to ... [full story]

The most common and widely used hacking tools are reconnaissance tools. Many of these tools have been developed by hackers to aid them in their illicit activities. Other tools used by hackers are the same tools commonly used by network ... [full story]

The attacker must perform electronic reconnaissance to find what systems and resources are on the network. Unless the attacker has prior knowledge of the target network, he or she must find where the company resources are logically located. Once the ... [full story]

Employee names and e-mail addresses provide a good start in guessing the user name for an employee’s account. Common practice is to use an employee’s first initial and last name as the user name for their network computer account. E-mail ... [full story]

A reconnaissance attack, as the name implies, is the efforts of an unauthorized user to gain as much information about the network as possible before launching other more serious types of attacks. Quite often, ... [full story]

While there are many variations and often different names, the four most common types of network attacks are Reconnaissance attacks Access attacks Denial-of-service attacks Data manipulation attacks STUDY TIP  Some texts and certification exams might consider only the first three as specific types of network ... [full story]

External threats are threats from individuals outside the organization, often using the Internet or dial-up access. These attackers don’t have authorized access to the systems. In trying to categorize a specific threat, the result could ... [full story]

Internal threats originate from individuals who have or have had authorized access to the network. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past ... [full story]

Structured threats are more focused by one or more individuals with higher-level skills actively working to compromise a system. The targeted system could have been detected through some random search process, or it might ... [full story]

Unstructured threats often involve unfocused assaults on one or more network systems, often by individuals with limited or developing skills. The systems being attacked and infected are probably unknown to the perpetrator. These attacks are often the result of people ... [full story]

In an attempt to categorize threats both to understand them better and to help in planning ways to resist them, the following four categories are typically used. Unstructured threats Structured threats Internal threats External threats [full story]

Many network devices have default settings that emphasize performance or ease of installation without regard for security issues. Installation without adequate attention to correcting these settings could create serious potential problems. Some common configuration issues include the following: Ineffective access control ... [full story]

Policy weakness is a catchall phrase for company policies, or a lack of policies, that inadvertently lead to security threats to the network system. Chapter 2 covers in detail the importance and implementation of a written security policy, which is ... [full story]

Whether IOS based or embedded in the circuitry, such as application-specific integrated circuit (ASIC), network devices can have vulnerabilities, often called “holes,” that can be exploited. Some might lay dormant for years until someone stumbles across one, and either exploits ... [full story]

Regardless of the manufacturer or whether it’s an open standard or proprietary product, every operating system (OS) has vulnerabilities that need to be addressed through patches, upgrades, and best practices. Every time a major upgrade comes out, the possibility for ... [full story]