Malware
What is Malware?
Software which contains malicious code and is intended to do harm in some way.
What does Condifdentiality mean in the CIA Triad?
Preventing access to those who should not have it.
AKA: Privacy
DOS Attack
Stands for "Denial Of Service"
This attack is made to deny service. It does this by overloading a server to max capacity, this stops real clients/customers from being able to access a website
Phishing Attack
Pretending to be someone you are not.
This attack is done to trick people into sending you important information/data by pretending to be someone they recognize or some sort of higher-up in the company. This is a very common attack!
What is a virus
A type of Malware which attaches to a program much like a human virus attaches to a cell. Viruses will replicate across other pieces of software and can quickly become a large problem. A virus can not start infecting until a human launches the executable in which the virus is active
What is Availability in the CIA Triad?
Authorized users should be able to access data when they need to.
This is essentially the opposite idea of Confidentiality, but they work hand in hand.
DDOS Attack
An iteration of a DOS attack, although it is a "Distributed Denial Of Service" attack. Instead of sending out packets from one machine, DDOS attacks users on a large number of machines with the help of infected computers called "Botnets". This is better used for large-scale attacks.
Tailgating
This is a social engineering attack where someone will often pretend to be an employee or something like a mailman who will sneak into the building with another employee.
What is a Worm?
A worm although similar to a Virus in concept does not need the initial human interaction to infect files. Worms are commonly injected through the internet with the use of fraudulent emails, often phishing emails.
What is Integrity in the CIA Triad?
Ensuring that data received is not tampered with. This is not just relevant to attacks, but also to data corruption.
Man-In-The-Middle-Attack
There are many different types of man-in-the-middle attacks. This is when there are two communicating parties, and somewhere within this line of connection, we have an attacker listening or possibly modifying this data for malicious intent.
Baiting
Tricking a victim into giving away personal information or money by offering fake awards such as gift cards or vacation give aways.
What is a Keylogger?
A piece of malware which is able to monitor your inputs AKA your Keystrokes. This is of course highly illegal as Keyloggers are often used maliciously without consent, and is no different than spying on someone's activity.
2-factor authentication would be an example of which?
Confidentiality - As it provides a security barrier to those who are not allowed to access it.
Brute Force Attack
This is an attack in which hackers will go through commonly used passwords and dictionary words to brute force password attempts on a account
Whaling
A type of phishing attack where the attacker is specifically pretending to be a higher-up and will use that power to attack other higher-ups within a company.
What Is a Rootkit?
A rootkit is a type of malware software which is designed to give the attacker root permission within a computer. This is especially dangerous within an organization as you can delete, download, and or modify important documents.
A data checksum would be an example of what?
Integrity - A checksum's function is an exact example of integrity in action. They are used to check for corrupted or tampered-with data which in turn allows for data integrity.
DNS Cache Poisoning Attack
This attack will alter DNS records so the name which the victim typed into their browser will resolve into a different website which can mimic the intended site.
Watering Hole
This attack infects a website which a targeted individual uses often in order to steal data and infect those users with malware. This is very much a specifically targeted attack.