Premium Essay

System Attacks

In: Computers and Technology

Submitted By bfrancia
Words 486
Pages 2
Types of System Attacks
Bryan Francia
Coleman University

Abstract
This paper is a brief overview of different types of Information Security System attacks.

Without Security measures or system controls, your data could be stolen, your computer hijacked or corrupted, or your network destroyed. There are so many different methods attackers use, attempting to cover down on all of them in a two page paper would be pointless, but will briefly cover some of the more common types of network attacks. Without a security plan, your data is vulnerable to any of the following types of attacks. There are active attacks and there are passive attacks. An active attack means the information is changed with intent to corrupt or destroy the data or network, while a passive attack generally means your information is being monitored. Eavesdropping is when an attacker who has gained access to data paths in your network listens or reads the traffic. It is known as sniffing or snooping. Eavesdroppers have the ability to monitor networks because the majority of network communications occur in an unsecured format and is generally the biggest problem that administrators face in an enterprise. After an attacker has accessed your data, he or she may alter it. This is referred to as Data modification. It is possible for an attacker to modify the data in a packet while in transit without the knowledge of the sender or receiver. This is especially important in business, as you would not want purchase orders containing item numbers, amounts or billing information of customers to be changed. IP Address Spoofing (Identity Spoofing) is when an attacker steals your IP Address. Most networks use the IP address of a computer to identify it as valid. An attacker could then use special programs to construct IP packets that would appear to come from valid addresses within the intranet of

Similar Documents

Premium Essay

Footprinting and System Attack

...ISSC362 Week 2 Lab #4: Lab Assessment Questions 1. What are the five steps of a hacking attack? Reconnaissance (Footprinting) Scanning (Port Scanning, Enumeration) Gaining Access (System Hacking) Maintaining Access (Planting Backdoors, Rootkits, Trojans) Covering Tracks (Disabling Auditing, Data Hiding) 2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting. A) Nmap uses the –O option to perform OS fingerprinting. The process monitors and captures network traffic. The traffic is then analyzed for patterns that would suggest which operating systems are in use. 3. 3. What step in the hacking attack process uses Zenmap GUI? A) The Zenmap GUI is used during scanning 4. What step in the hacking attack process identifies known vulnerabilities and exploits? A) Vulnerabilities and exploits are identified by enumeration, which is the most aggressive of the scanning stage. 5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”? MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873) MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741) MS03-043: Buffer Overrun in Messenger Service (828035) MS06-035: Vulnerability...

Words: 579 - Pages: 3

Free Essay

Strategies for Protecting Our Systems from Internal or External Attacks

...Table of Contents Introduction 2 System Description 2 System Strengths and Weaknesses 4 System Protection Options 5 Antivirus Protection 5 Firewall 6 Comprehensive system configuration management 6 Application Whitelisting 6 Disk and filesystem-level Encryption 7 Tiered level authentication and Biometric level access 7 Risk Mitigation Strategies 7 Conclusion 10 Bibliography 11 Introduction The purpose of this white paper is to demonstrate the strength and potential weaknesses of the firms’ computer systems, and also to address the upper managements concerns over a possible threat of an internal or external attack to our systems. In this paper we will also be discussing the steps that have been taken to secure our systems against both forms of attacks; we will also be exploring risk mitigation strategies that serve as a means to help prevent such attacks from ever occurring. As with ever system, there is always the possibility of a sophisticated attack being invented that is capable of breaching our systems, so we will be addressing the strategies and steps that will be taken in the event that our systems are ever breached by an internal or external attack. System Description The system in question that is being used by the organization is the Dell Precision R5500 Rack Workstation. We currently have a total of 20 such workstations and our systems are equipped with the latest technological components and...

Words: 1763 - Pages: 8

Premium Essay

Common Forms of Attacks on Microsoft Systems

...COMMON FORMS OF ATTACKS ON MICROSOFT SYSTEMS Corey Slate ISSC342 Professor Peter Mylonakos American Public University July 13, 2014 COMMON FORMS OF ATTACKS ON MICROSOFT SYSTEMS Ever since the Microsoft Company was founded in 1975, they have been working in the computer industry with one mission on their minds. The ability to enable people and businesses throughout the world to realize their full potential by creating technology that transforms the way people work, play, and communicate (Microsoft, 2014). Throughout the company’s journey to accomplish their mission they have had great success being a front runner in the development of operating systems for personal computers and even branching out into the mobile device world of today. With their many successes, however, as come some small setbacks that have caused the company problems in the past, the present, and surely in the future as well. What are these setbacks that can frustrate a major company like Microsoft, the answer is technology. The Microsoft Company has been using the advances in technology to lead their company to the top of the personal computer operating systems world for over a decade. They have developed many types of operating systems with many different versions to appease the different types of people and companies that require their operating systems to function on a daily level. However, with technology advancing attackers, or hackers, use the new technology to seek and exploit weaknesses...

Words: 584 - Pages: 3

Free Essay

Recent Cyber-Attack and Mitigation Techniques

...Recent cyber-attack and mitigation techniques ISSC 361 American Public University System April 9, 2016 Computer-based attacks have been going on the around the world. Individuals or governments hacking into individuals or rival governments systems. Private corporations are hacking each other in the quest of power. They have been several recent computer-based attacks that every information security expert should be aware of. This short paper will discuss one of these recent attacks, which provoked a collective blackout, the Cyber-Attack Against Ukrainian Critical Infrastructure and present an overview of some mitigation techniques. The Cyber-Attack Against Ukrainian Critical Infrastructure was conducted using a malware called BlackEnergy. This attack targeted six Ukrainian energy organizations was perpetrated by attacker from outside the organizations. This attack has had effect on about 225000 customers of Ukrainian regional electric power distribution companies (Lee 2016). The intruders organized the attack by conducting a recognition of the network of the victim. The attacks took place with an interval of 30 minutes from each other affecting many central and regional installations (Vicinanzo 2016). The attackers, controlled the breakers from distance by using distance control administration tools already in place on the operating system or “distance industrial control system (ICS) client software through virtual private network (VPN)” after gaining rightful access to...

Words: 893 - Pages: 4

Premium Essay

Information and Technology

...Information Technology (IT) and E-commerce have been on a constant up-rise, over the past couple of decades. Many organizations have found ways to grow and remain profitable, by creating a good mixture of e-commerce and IT. E-commerce can cover a range of areas, but focus mainly on internet sales and product marketing; while IT teams can handle any and all aspects of the organizations network. Security is becoming more important to organizations, as various attacks are on a rise. Natural disasters, malicious attacks, internal breach, and loss of team members, are all good cause to maintain strong security monitoring systems. The paper that follows will address security monitoring systems that should be conducted in the Cellular Phone Organization (CPO) with both Internal IT and e-commerce applications. Network Security Systems Organizations must have a secure network, in order to stay in business. There are many types of variations of ways to secure the network of an organization, and each must cater the type of business. The internal network is comprised of all servers, applications, data, and equipment used within the organization. The security of the internal network must consist of a mixture of both hardware and software. The Cellular Phone Organization employs 150 associates in an appropriate sized building. There are three teams: Customer Care; Tech Support: and Sales. There is also a Human Resources Team and Management team, for perspective departments. The company...

Words: 1127 - Pages: 5

Premium Essay

Cyber Warfare

...For over a decade, the concept of cyber warfare (computer warfare) has bee embedded i military doctrine. I 2000 the Defece white paper stated a ambition to repond to cyber warfare attacks. The 2007 Defence Update went further by calling for a focus on 'cyber warfare' to protect 'national networks and deny information'. The most recent Defence White Paper in 2009 also announced a 'major enhancement of Defence's cyber warfare capability...to maximise Australia's strategic capacity and reach in this field'. Given the rate of technological change and the number of system vulnerabilities discovered every day, the ADF's cyber capabilities will require dedicated and constant attention. This will be difficult to achieve and sustain if the ADF has not fully defined what it means by cyber warfare and how it will be used to serve Australia's interests. There are several definitions of cyber warfare, one of which was provided earlier this year by Defence Signals Directorate's (DSD) Deputy Director of Cyber and Information Security Mike Burgess in a speech to the Old Crows Association. He defined cyber warfare as 'an act...intended to degrade, destroy or deny computer accesses and systems' and added 'a true act of cyber warfare would have to be potentially lethal, instrumental and political'. Information stored on computers has become a key national asset and an element of our national power. Our ability to create information, store it, secure it, analyse it and harness it to make...

Words: 571 - Pages: 3

Premium Essay

Ping Sweeps

...port scans are examples of the threats that most organizations are likely to face. These two probes are the two major and fundamental ways through which hackers and crackers will assess the vulnerabilities of our infrastructure and design a plan to break in (Baskin, 2008). It is important that our organization understands the two primary attacks and their approach so that we can prevent them from taking place and proactively mitigate our risk of attack. Our competitive world and fast-paced market dictates that we effectively decrease our exposure to cyber attacks to protect the integrity of our data and infrastructure due to attack resulting from port scans or ping sweeps. The term “ping sweep” is a process that involves the attacker learning more about the functioning of our existing systems. For instance, if an attacker attempts to breach our servers, he or she will be able to detect if the system is active by performing a ping sweep. This will likely be an attacker’s first step in their attempts to probe our organization for vulnerabilities. The results of the ping sweep will assist the attacker to identify possible points of attack and available targets. After this process has been noted, the attacker will then apply some more measures so as to identify the security codes that are used in the organization (Graves, 2007). Once someone has an access to the security codes of an organization, the organization is extremely vulnerable and significantly compromised....

Words: 774 - Pages: 4

Free Essay

Vulnerability of a Cryptosystem

...Unit 2 Assignment 2 Vulnerability of a Cryptosystem What this vulnerability is doing is creating a rogue CA certificate, creating an MD5 collision on your next work. According to Microsoft this threat is not a major issue will no reports of this attack being used. Form the rewind that I have doesn’t I did not see any tools that were used to create this attack. I thin g that the system that they currently have still can be used by making some changes. N the system cannot be changed easily based on the size of the infrastructure. The exploit has not been released due to the fact that there are no reports of this attach being used. The likely hood of this being used is very small. I do not think that attacks would be conducted and the results would be crashing of sites and resources. This system is widely used for the University, and if it would become attacked the system its self would still be trustworthy you just need to change the algorithm to SHA-1. The information for eh technical audience is what is conveyed via the links. They need to know about the issues and be informed in order to determine if the change from MD5 to SHA-1 needs to be made. The nontechnical audience doesn’t really need to know anything about this attack. If the university is making the change the impacts will be very minimal and not affect them. If you are talking to management all you need to say is that you found a vulnerability and it can be taken care of with very minimal...

Words: 275 - Pages: 2

Premium Essay

Cyber Security

...security and privacy of a patient is one of the key points in the doctors’ profession. There are several ways in which patient’s information can be secured online through the internet and the intranet as used by various health facilities. This information regarding health care, patient, and administrator records need to be secure for a credible healthcare system (Shoemaker & Conklin, 2012). While designing any system it is necessary to determine the security risk that is generated while developing any platform that is used. In understanding the security risks estimation, one has to carefully analyze the intensity of the risk and classify them accordingly. One of the ways in which you can classify the risks is to look at the impact in which the risk may put to the information. This can be low impact and high impact. Low impact risk will be given lowest priority while responding to risk while that with the high impact will be given the highest priority. One of the ways used in analyzing the risks is by using the protection poker for software risk assessment. This analyzes the ease of attack. Ease of attack looks at the vulnerability of the site and program that can easily be of interest to the attacker. Risk assessment also looks at the computation of risk exposure. Cyber security must also check out the side effects that can be available while using the security program. The security must show greater awareness and understanding of cyber crimes...

Words: 596 - Pages: 3

Premium Essay

Week 4 Assignment

...our organization and explain the possible impacts. Therefore, I start to monitor the incoming and outgoing traffic in the network. It didn’t take too long to come across a active attack. Someone was trying to bypass or break into our secured system. The intruder was able to bypass our first layer firewall and then was stuck trying to access a specific IP range specific to our servers which hold hundreds of credit card information. We have been investigating and back tracking this threat with some forensic tools. It is difficult to back trace the intruder now that the connection has been broken. A few days passed when then someone brought to my attention that he received a phone call from someone stating they were from Microsoft and needed to run some updates on the employees workstation. The employee gave out his IP address so that the person from Microsoft can remote into the workstation. The employees workstation was compromised therefore the Desktop team has retrieved the workstation and started to trace anything that the person might have done while connected remotely. After the desktop support team did intense scans they did not find any malicious software installed or running the machine. They are checking on any possible data they might have viewed or accessed that will make them attack again or provide them with the information to cause the company a threat. We are now up to two threats and in a matter of several days apart. A lot of companies don’t think this happens...

Words: 1233 - Pages: 5

Free Essay

Information Security Chapter Two

...the enforcement of decisions that affect applications and the IT infrastructures that support them. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Without data there will be no record of anything that they have done. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? Both General management and IT management. 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? More risk, now that attackers have the potential to access the networks from anywhere. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. When information is held hostage until demands are met. 7. What measures can individuals take to protect against shoulder surfing? Avoid, if possible, accessing sensitive information whenever others are present. Be aware of your surroundings. 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? The perception of a hacker has changed and grown to include male/females from the ages of 12-60. 9. What is the difference between a skilled hacker and an unskilled hacker (other than skill levels)? How does the protection against each differ? A skilled hacker will create their own tools to get their jobs done, while an unskilled hacker...

Words: 907 - Pages: 4

Free Essay

Cmgt 420 Wk 1 Assessment

...business would be considered as anything that would keep business from happening as business as usual. A risk could come from natural occurances to cyber attacks design to cripple the process of how a business function. 2. What would cause some Risk to be greater than others - how would you measure or score these Risks? The greater risk would be if the attack can be rebound from. I would have to rate a natural event as a greater risk especially if it is a flood or mud slide. Cyber attacks also are a great risk to operations because client information maybe stolen and this can cause life changing results. I would rank them at the top as far as damage to recovery goes. 3. In the technology growth we are in today - list 3 of the Risks that business or individuals face by doing business via the Internet. Identity thief, malware attacks, and viruses 4. How prepared are you for a disaster? How prepared do you feel most businesses are for a disaster? What could be done to minimize the effect of a natural or man-made business outage? I think that I am prepared for the risk as a use will face with the help of firewalls, anti-virus technologies, and backup of important data specific to me. Most businesses are well prepared for risk because this is somewhat the norm of doing business these days. They all use some sort of backup to systems and are deploying the help of IT departments from 3rd party outsources. 5. What are your expectations in taking this class? First is to learn that...

Words: 327 - Pages: 2

Free Essay

Mission Analysis

...1/6 MISSION ANALYSIS WORKSHEET Page 1 of 2 YOUR PURPOSE – Penetrate the enemy’s defenses to secure the crossing sites over Stony Creek IOT allow the ME to continue on to attack the MEB Obj. YOUR RELATIONSHIP TO HIGHER AND ADJACENT PURPOSES 1/6 (Rein) prevents the enemy’s guard force (1/87th (Rein) from conducting a successful delay, which allows the 34th MID’s main effort (86th MIBR) to establish a prepared defense. This allows the RCT’s main effort to rapidly pass forward to destroy the enemy in the vicinity of (vic) MEB Obj 1 (RCT-6 task) in order to deny the 34th MID an orderly withdraw through JTF-V Obj A. SPECIFIED TASKS  Conduct a forward passage of lines with LAR as passing force  *Attack in zone to destroy En forces in vic of Reg Obj 2  Conduct a forward passing of lines with 3/6 at Phase Line Green  BPT follow on ME’s attack to MEB Obj  *Secure key crossing sites on Stony Creek  Locate Artillery Battalion  Located Tank Reserve  Turn over EPWs to CLB  Report usable LZs to RCT S-4  Plan NBC decontamination sites IMPLIED TASKS  Breach obstacles en route to Reg Obj 2  Use engineering assets to create a crossing location on Stony Creek if current bridges are not capable.  BPT continue attack with MOPP level increase     LIMITATIONS (CONSTRAINTS [C] and RESTRAINTS [R])  [C] Fires into no-fire areas (NFA) must be approved by RCT-6 fire support coordination center (FSCC). (p. 71)  [C] MOPP level 1. (p. 48)  [C] Report battalion...

Words: 685 - Pages: 3

Premium Essay

Issues on Date Rape

...a woman is raped every 2 minutes, according to the U.S. Department of Justice, and that sixty-eight percent of all rape victims know their attacker. About twenty-eight percent of all victims are raped by husbands or boyfriends, thirty-five percent by acquaintances, and five percent by other relatives according to, (Violence against Women, Bureau of Justice Statistics, U.S. Department of Justice 1994) which makes it very hard to prove, because it is your word against the attacker. It is very disappointing when someone you know and trust does this to you. Data shows that most rapes happen between 6pm and 6am. I think that’s why it is so important that if you have to travel after dark, to try and have someone with you, sort of like a buddy system, an attacker may think twice about trying something if you are not alone. It is very disturbing to know that date rape on college campuses has increased, and one in twelve college males have admitted to having sex that would legally fall under the definition of rape. The Florida Institute of Technology reports that, one in four college men admit to the use of sexual aggression with women. This type of behavior increases when mixed with drugs and alcohol, which are some of the things that go on at college parties. There are a number of date rape...

Words: 632 - Pages: 3

Premium Essay

Cyber Warfare Defence Report

...Introduction Despite being unmatched technologically in the battlefields, the low-cost, simple, complex and expensive asymmetric threats have proved to be significantly dangerous to the security of any country. While cyber-attacks are increasingly driven by automated processes, human beings still operate at human speeds. Today, cybercrime has developed and adversaries have gained sponsorship from governments, international organizations or individuals for their selfish interests. The most recent development in cyber-attacks are the advanced persistent threats. According to Vert, Gonen and Brown (2014), these kinds of attacks are known of being sophisticated and slow moving over a long period of time. Advanced persistent threats are computer network attacks in which unauthorized individuals gain access to network systems or its resources and continues to use the resources without detection for a long period of time. By definition, advanced persistent threats are highly sophisticated networked entity, typical of organized groups of attackers, which conduct hostile cyber-attacks against a computer system. As described in the scenario, the western interconnection power grid faces such a challenge. Adversaries intend to use malwares to gain access to the network system at the power grid. A. Analysis of the problem and Safeguards against the problem The lifecycle of an advanced persistent threat follows a six step process as shown in the diagram that follows. The first phase, the information...

Words: 1247 - Pages: 5