Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-48738-9
12345678910
Book IX
Chapter 1
Fundamentals
of Security
1041
Identifying Types of Attacks
that a social engineering attack would be successful if the company does not
educate its users. A large company usually has the IT staff or management
located at the head office, but most branch locations have never talked to IT
management, so those branch employees would not recognize the voices of
the IT folks. A hacker could impersonate someone from the head office, and
the user at the branch office would never know the difference.
There are a number of popular social engineering attacks scenarios — and
network administrators are just as likely to be social engineering victims
as “regular” employees, so they need to be aware. Here are some popular
social engineering scenarios:
Hacker impersonates IT administrator. The hacker calls or e-mails an
employee and pretends to be the network administrator. The hacker
tricks the employee into divulging a password or even resetting the
password.
Hacker impersonates user. The hacker calls or e-mails the network
administrator and pretends to be a user who forgot her password,
asking the administrator to reset her password for her.
Hacker e-mails program. The hacker typically e-mails all the users on
a network, telling them about a security bug in the OS and that they
need to run the update.exe file attached to the e-mail. In this example,
the update.exe is the attack — it opens the computer up so that the
hacker can access the computer.
Educate your users never to run a program that has been e-mailed to
them. Most software vendors, such as Microsoft, state that they will
never e-mail a program to a person: Instead, they will e-mail the URL to
an update, but it is up to the person to go to the URL and download it. A
great book to learn more on the process a hacker takes to compromise
a system is Kevin Beaver’s Hacking For Dummies, 2nd Edition (Wiley).
Network-based attacks
A network-based attack uses networking technologies or protocols to per-
form the attack. Here are the most popular types.
Ensure that you are familiar with the different types of network-based
attacks for the A+ exams.
Password attacks
There are a number of different types of password attacks. For example,
a hacker could perform a dictionary attack against the most popular user
accounts found on networks. With a dictionary attack, hackers use a pro-
gram that typically uses two text files:
49_487389-bk09ch01.indd 104149_487389-bk09ch01.indd 1041 9/10/09 11:03 PM9/10/09 11:03 PM