Page 109 - StudyBook.pdf
P. 109
General Security Concepts: Attacks • Chapter 2 93
Passive Attacks
Packet sniffers such as Tcpdump or Wireshark can be used to view all
traffic on a network.This is helpful for administrators to diagnose network
problems, but can also be used by attackers to harvest valuable information
sent in the clear. Protect yourself by encrypting sensitive data, and using
more secure management tools like SSH rather than Telnet.
Password Attacks
Password attacks are extremely common, as they are easy to perform and
often result in a successful intrusion.
Brute force, in its simplest definition, refers to simply trying as many
password combinations as possible until hitting on the right one.
Simple passwords, such as any individual word in a language, make the
weakest passwords, because they can be cracked with an elementary
dictionary attack. In this type of attack, long lists of words of a particular
language called dictionary files are searched for a match to the encrypted
password.
Code Attacks
Viruses are programs that automatically spread, usually when an innocent
victim executes the virus’ payload, and generally cause damage.Viruses
have a long history in computing, and take many different forms.Today’s
antivirus software is effective in catching most viruses before they can
spread or cause damage.
Worms are basically network viruses, spread without user knowledge that
wreak havoc on computers and systems by consuming vast resources.
Because they are self-replicating, a worm outbreak can reach hundreds of
thousands of machines in a matter of days or hours.
Trojan horses are different from viruses in that they require the user to run
them.They usually come hidden, disguised as some kind of interesting
program, or sometimes even as a patch for a virus or common computer
problem. Installing back doors or deleting files are common behaviors for
Trojan horses. Most antiviral software can catch and disable Trojan horses.
www.syngress.com
