Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-48738-9
12345678910
Book IX
Chapter 1
Fundamentals
of Security
1045
Identifying Types of Attacks
Man-in-the-middle
A man-in-the-middle attack involves the hacker monitoring network traf-
fic but also intercepting the data, potentially modifying the data, and then
sending out the modified result. The person the packet is destined for never
knows that the data was intercepted and altered in transit.
To protect against man-in-the-middle attacks you should restrict access to
the network and implement encryption and authentication services on the
network.
Session hijacking
A session hijack is similar to a man-in-the-middle attack, but instead of the
hacker intercepting the data, altering it, and sending it to whomever it was
destined for, the hacker simply hijacks the conversation — a session — and
then impersonates one of the parties. The other party has no idea that he is
communicating with someone other than the original partner.
To protect against session hijacking attacks you should restrict access to
the network and implement encryption and authentication services on the
network.
Buffer overflow
A very popular type of attack today is a buffer overflow attack, which
involves the hacker sending more data to a piece of software than what
it is expecting. The information sent to an application is typically stored
in an area of memory (a buffer). When more data than expected is sent to
the application, the information is stored in memory beyond the allocated
buffer. If the hacker can go beyond the allocated buffer, he can run their
own code. This code executes in the context of the user account associated
with the software that was hacked — normally an administrative account!
To protect against buffer overflow attacks you should keep the system
patched and its applications.
Wireless attacks
There are a number of different attacks against wireless networks that you
should be familiar with. Hackers can crack your wireless encryption if you
are using a weak encryption protocol such as WEP. Hackers can also spoof
the MAC address of their system and try to bypass your MAC address fil-
ters. Also, there are wireless scanners such as Kismet that can be used to
discover wireless networks even though SSID broadcasting is disabled.
49_487389-bk09ch01.indd 104549_487389-bk09ch01.indd 1045 9/10/09 11:03 PM9/10/09 11:03 PM