Unit 2: Threats and Attack Modes
This unit introduces common threats and attack modes on information systems. The unit begins by differentiating between threats, attacks, and attack agents, and continues with a description of access control, spoofing, social engineering, application, web application, malware, and denial of service attacks. Understanding the method of an attack is instrumental to understand mitigation efforts used in information systems, and is a segway into the next unit on cryptographic models used to protect information from these attacks.
Completing this unit should take you approximately 10 hours.
2.1: Threat Terminology
In this section, you will learn the relationship and differences between threats and attacks. Recall that in the previous unit you learned about incident response. Incidents may occur due to attacks. Attacks are deliberate actions meant to exploit a system. A threat is the potential of a system to be attacked as a threat is a known weakness in a system that has the potential to impact a system in a negative way. Attacks can be implemented by hackers, but not all hackers mean to cause harm as some attackers are considered ethical hackers and can test the security of a system. Hackers can be white hat, blue hat, gray hat, or black hat, and can also be called crackers, phrackers, script kiddies, and hactivists. This section will explain the differences between threats and attacks and will explain the characteristics of different types of hackers. You will also learn about threat modeling, identifying threats, and anti-forensic principles, or data minimization.
2.2: Types of Attacks
To select the appropriate countermeasures to protect against system attacks, you must first know if an attack is passive or active and if the threat agents are non-target specific, employees, criminals, corporations, human-unintentional, human-intentional, or natural. You will then understand the mechanisms used to respond to the attack. There are many types of system attacks. This unit will explain some common types to include birthday attacks, botnets, man-in-the-middle attacks, teardrop attacks, war dialing, and zero-day exploits.
2.3: Spoofing Attacks
An attack that is commonly used today is spoofing or pretending to be someone or something that you are not. Spoofing occurs for various reasons, and one common reason is for financial gain. For instance, a website may be spoofed to obtain a bank account or credit card password and username. The prevention of spoofing is primarily through awareness training or simply being aware of the methods used in spoofing attacks. As an information security professional, you may have to identify spoofing techniques or you may have to train personnel on spoofing methods, but first you must understand spoofing techniques. This unit will describe email spoofing, caller ID spoofing, and IP address spoofing, and will describe how to identify and counter these techniques.
2.4: Social Engineering
Another type of attack is social engineering. Many are not aware that social engineering is a type of attack as it is not a technical method of attack but appeals to the trusting and social nature of humans. Social engineering is sometimes the most productive type of attack as it is the simplest and least costly type of attack. You have probably seen social engineering methods used in movies. An investigator gathers information from papers disposed of in the trash, a nefarious person watches over the shoulder of a coworker as they type on their cell phone or computer, or someone follows another person through a locked door of an apartment building. These methods can all be used to gather information or to gain access to a system. In this unit, the methods of social engineering examined include dumpster diving, shoulder surfing, tailgating, spear-phishing and pretexting.
2.5: Application Attacks
Attacks are often launched against applications because the code is proprietary and often unprotected by common defense methods. To understand how to protect against these attacks the information security professional must understand the attack methods. There are many types of application attacks, and some of the most common ones are discussed in this unit and include buffer overflow, time of check to time of use, escalation of privilege, and firmware resilience. The methods used to prevent these types of attacks are also addressed.
2.6: Web Application Attacks
The most common web application attacks are cross-site scripting (XSS) and SQL injection attacks. Injection attacks input malicious code into a web application and alters its behavior. You can see why this type of attack would be undesirable as passwords, or other personal information can be stolen without the owner’s knowledge of the attack. There are ways to prevent injection attacks from occurring, and it may be the job of the security professional to ensure that appropriate procedures are followed to circumvent these types of attacks. This section describes XSS and SQL injection attacks and a few other types of web application attacks as well as the recommended methods to prevent the attacks from occurring.
2.7: Malware attacks
You have learned about many types of attacks on a system. In this unit you will learn about the different types of malware and the harm it can cause a system. Malware can take on the form of viruses, worms, trojan horses, and logic bombs. Each type attacks a system and spreads to other parts of the system in a different manner. To understand how to combat and to contain these types of attacks it is important to understand how each type enters the system, the mechanism of harm, and how malware infects other parts of the system.
2.8: Denial of Service (DoS) and Distributed Denail of Service (DDoS)
Denial of service (DoS) attacks are used by hackers, and sometimes by governments to prevent systems from operating. This method consists of flooding a system’s network with traffic until the system overloads and crashes. One famous attack was during the Russo-Georgian War in 2008. Russia shutdown the Georgian president’s website, and other Georgian websites using a distributed denial of service attack (DDoS). These types of attacks can occur at any business and the security professional should understand this concept of this type of attack when it happens. This unit will describe denial of service (DoS) attacks and distributed denial of service attacks (DDoS) and will explain what happens to a system during a successful attack. As we have discussed in other sections, it is important to understand the effects of this type of attack on the tenets of the CIA triad.
Unit 2 Assessment
- Receive a grade