Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

Cha[ter 6 - Thrests and Attacks A threat can be either : - Intentional - Accidental An attack ...

Education
Ng Ching Onn
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
Cha[ter 6 - Thrests and Attacks A threat can be either : - Intentional - Accidental An attack is action that exploits velneranility incontrolled system. Done intentionally by Mind Map: Cha[ter 6 - Thrests and Attacks A threat can be either : - Intentional - Accidental An attack is action that exploits velneranility incontrolled system. Done intentionally

1. 6.3 Social engineering

1.1. art of convincing people to reveal confidential info

1.2. social engineer depend on the fact that people are unaware of their valueble information

1.3. Behaviour vulnerable to attacks

1.3.1. human nature of trust

1.3.2. ignorance about social engineering

1.3.3. non-compliance with their request

1.3.4. promissing something for nothing

1.3.5. moral obligation

1.4. factor of companies vulnerable to attack

1.4.1. Insufficient security training

1.4.2. Easy access of information

1.4.3. Lack of security policies

1.4.4. several organizational units

1.5. why is social engineering effective?

1.5.1. weakest link, humans susceptible factors

1.5.2. difficult to detect

1.5.3. no method to ensure complete security

1.5.4. no specific softwware or hardware for defending

1.6. phase of attack

1.6.1. 1. research on targeted company

1.6.2. 2. select victim

1.6.3. 3. develop relationship

1.6.4. 4.exploit relationship

1.7. impact of attack

1.7.1. economic losee

1.7.2. loss of privacy

1.7.3. damage of goodwall

1.7.4. temporary of permenent closure

1.7.5. Lawsuits and Arbitrations

1.7.6. Dangers of Terrorism

1.8. method

1.8.1. human-based social engineering

1.8.2. computer-based social engineering

1.8.3. mobile-based social enginerring

2. 6.4 Network specific threats and attack types

2.1. DoS attack on computer or network that reduces restrict or prevents legitimate of its resources

2.2. flood victim system with non-legitimate service request or traffic to overload its resources

2.3. symptoms of DoS attack

2.3.1. unavailability of a particular website

2.3.2. Inability to acccess any website

2.3.3. unusually slow network

2.3.4. dramatic increase in the amount of spams

2.4. Dos attack technique

2.4.1. Bandwidth attacks

2.4.2. service request flood

2.4.3. SYN Flooding attack

2.4.4. ICMP Flood Attack

2.4.5. peer-to-peer attacks

2.4.6. permanent denial-of-service DoS attack

2.4.7. Application-Level Flood Attacks

2.5. spoofing

2.5.1. attackers pretends to be another user

2.5.2. initiate new session using victim's stolen credentials

2.6. Hijacking

2.6.1. process of taking over an existing active session

2.6.2. attackers relies on legitimate user to make a conection and authenticate

3. 6.1 Attacker goals, capabilities, and motivations

3.1. Attacks = motive+method+vulnerability

3.1.1. Natural threats

3.1.2. Physical security threats

3.1.3. Human threats

3.1.4. Network threats

3.1.5. Host threats

3.1.6. Application threats

3.2. Goals : motive of disrupting business cotinuity, steak information, data manipulationand taking revenges.

3.3. Motives : target system stoees or processes something valueble and leads to threat of an attack on the system.

3.3.1. Who is Hacker? -excellent Computer Skills -hobby of hacking -do illegal things on -someone with malicious intent

3.4. Objectives : use various tools to exploit vulnerabilities in computer system

3.4.1. effects of hacking on business : -business reputation decreases -business loss -business down time n effect revenues -business secret leaked

4. 6.2 Malware

4.1. A program inserted into system with the intent of compromising confidentiality, integrity or availability of victim

4.1.1. Viruses

4.1.1.1. self-replicating itself to another program, computer boot sector and document. transmit through file downloads, infected disk/flash drives and email.

4.1.1.1.1. -inflict damage to competitors

4.1.1.1.2. -financial benefits

4.1.1.1.3. -research projects

4.1.1.1.4. -play prank

4.1.1.1.5. -Vandalism

4.1.1.1.6. -Cyber terrorism

4.1.1.1.7. -Distribute political messages

4.1.2. Worms

4.1.2.1. Malicious programs that replicate , execute, and spread across network connections indepently

4.1.2.2. carry a payload to damage host system as well

4.1.2.3. use worms to install backdoors in infected computers, which turns them into zombies and creates botnet

4.1.3. Spyware

4.1.4. Botnets

4.1.5. Trojan Horses

4.1.5.1. malicious or harmful code that get control and cause damage , such as file allocation on hard disk

4.1.5.2. replicate, spread and activated once triggered by predefined actions

4.1.5.3. attackers get access to stored password in trojanned computer , enable hacker to read personal documents, delete files and display pictures/messages.

4.1.5.4. purpose: -delete or replace operating systems's crictical files -generate fake traffic to form DOS attacks -download spyware, adware -record screenshot audio and video -steal benificial such as passwords, security codes and credit cards info -disable firewall and antivirus create backdoor to gain access -control victim pc as botnet to perform DDoS attacks

4.1.6. Rootkits