Cybersecurity: Attackers and Their Attacks - Lecture 3, Lecture notes of Network security

attacks ddos virus protect network

Typology: Lecture notes

2020/2021

Uploaded on 08/09/2021

mohammad-tehabsim
mohammad-tehabsim 🇯🇴

2 documents

1 / 41

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Attackers and
Their Attacks
Lecture 3
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29

Partial preview of the text

Download Cybersecurity: Attackers and Their Attacks - Lecture 3 and more Lecture notes Network security in PDF only on Docsity!

Attackers and

Their Attacks

Lecture 3

Objectives

  • Develop attacker profiles
  • Describe basic attacks
  • Describe identity attacks
  • Identify denial of service attacks
  • Define malicious code (malware)

Main causes for data damage

1. Human Error like Deleting files accidentally. ... 2. Viruses and damaging malware. ... 3. Mechanical damages of hard drive. ... 4. Power failures. ... 5. Theft of computer. ... 6. Liquid damage like Spilling coffee, and other water damages. ... 7. Disasters like Fire accidents and explosions, earthquakes… 8. Software corruption 9. Hackers and insiders

Developing Attacker Profiles

  • Six categories:
    • Hackers
    • Crackers
    • Script kiddies
    • Spies
    • Employees
    • Cyberterrorists

Hackers

  • Person who uses advanced computer skills to attack computers, but not with a malicious intent
  • Use their skills to expose security flaws.
  • Person who violates system security with malicious intent
  • Have advanced knowledge of computers and networks and the skills to exploit them
  • Destroy data, deny legitimate users of service, or otherwise cause serious problems on computers and networks

Crackers

  • Person hired to break into a computer and steal information
  • Do not randomly search for unsecured computers to attack
  • Hired to attack a specific computer that contains sensitive information

Spies

  • One of the largest information security threats to business
  • Employees break into their company’s computer for these reasons: - To show the company a weakness in their security - To say, “I’m smarter than all of you” - For money

Employees

  • Three goals of a cyberattack:
    • Deface electronic information to spread disinformation and propaganda
    • Deny service to legitimate computer users
    • Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data

Cyberterrorists (continued)

  • Easiest way to attack a computer system requires almost no technical ability and is usually highly successful
  • Social engineering relies on tricking and deceiving someone to access a system
  • Social engineering is not limited to telephone calls or dated credentials

Social Engineering

Social Engineering

  • https://www.youtube.com/watch?v=Vo 1 urF 6 S 4 u 0
  • https://www.youtube.com/watch?v=lc 7 scxvKQOo
  • Watch at home: https://www.youtube.com/watch?v=nknq 9 sUu 8 ko
  • Develop strong instructions or company policies regarding:
    • When passwords are given out
    • Who can enter the premises
    • What to do when asked questions by another employee that may reveal protected information
  • Educate all employees about the policies and ensure that these policies are followed

Social Engineering (continued)

Password Guessing

  • Password: secret combination of letters and numbers that validates or authenticates a user
  • Passwords are used with usernames to log on to a system using a dialog box
  • Attackers attempt to exploit weak passwords by password guessing