Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-48738-9
12345678910
Book IX
Chapter 1
Fundamentals
of Security
1043
Identifying Types of Attacks
To protect against password attacks, users should use strong passwords,
which is a password comprising of letters, numbers, and symbols with a
mix of uppercase and lowercase characters and a minimum length of eight
characters.
Denial of service
Another popular network attack is a denial of service (DoS) attack, which
can come in many forms and is designed to cause a system to be so busy
that it cannot service a real request from a client, essentially overloading
the system and shutting it down.
For example, say you have an e-mail server, and a hacker attacks the e-mail
server by flooding the server with e-mail messages, causing it to be so busy
that it cannot send anymore e-mails. You have been denied the service that
the system was created for.
There are a number of different types of DoS attacks: for example, the ping
of death. The hacker continuously pings your system, and your system is so
busy sending replies that it cannot do its normal function.
To protect against denial of service attacks you should have a firewall
installed and also keep your system patched.
Spoofing
Spoofing is a type of attack in which a hacker modifies the source address
of a network packet, which is a piece of information that is sent out on the
network. This packet includes the data being sent but also has a header sec-
tion that contains the source address (where the data is coming from) and
the destination address (where the data is headed). If the hacker wants to
change “who” the packet looks like it is coming from, the hacker modifies
the source address of the packet.
There are three major types of spoofing — MAC spoofing, IP spoofing, and
e-mail spoofing. MAC spoofing is when the hacker alters the source MAC
address of the packet, IP spoofing is when the hacker alters the source
IP address in a packet, and e-mail spoofing is when the hacker alters the
source e-mail address to make the e-mail look like it came from someone
other than the hacker.
An example of a spoof attack is the smurf attack, which is a combination of a
denial of service and spoofing. Here is how it works:
1. The hacker pings a large number of systems but modifies the source
address of the packet so that the ping request looks like it is coming
from a different system.
49_487389-bk09ch01.indd 104349_487389-bk09ch01.indd 1043 9/10/09 11:03 PM9/10/09 11:03 PM