<Sniffing
Sniffing (Sniffing) network to eavesdrop on the other side of the packet exchange other than their own means. Sniffing, eavesdropping on network traffic (Eavesdropping).
[Preventive]
Sniffing attacks using the vulnerability of data on the network is sent in plain text. Important information such as ID and password during transmission by encrypting the transmission or OTP (One Time Password), you can reduce the risk of important information leaked.
Denial-of-service attack (DoS: Denial of Service)>
Attack techniques that interfere with the normal operation of the system. Indicates the attack techniques as for the usual, well resources were used on the Internet, users or institutions no longer receive services from a situation in which large amounts of data packets to the network, or sending e-mail.
[Preventive]
DoS down by the system that the system is unable to handle large amounts of traffic to be things that are not normal service and a clear distinction is not so clear measures. But, to some extent, increase the buffer system resources such as memory management, CPU efficiently when prevention is possible.
Auto-scan attack
Exploitable vulnerabilities of security systems, including the system of its own bugs, problems on the system configuration to isolate the system for a number of attacks that appear most frequently and scan attack is an attack. Bug in the system of self-scanning system for a number of attacks using these tools, a tool that automatically network hacking vulnerability scanner (Scanner) to the initial attack as the most frequent network security vulnerability discovered by security measures by been developed for the purpose of strengthening it by exploiting the problem was being used by a malicious user to system intrusions targeting illegal. About a surge in attacks using powerful scanning tool mscan and sscan In addition to scanning and detection of attacks that can prevent concealment Scan Stealth Scan attack, attack only for the particular vulnerability scanning that particular vulnerability scanning, network structure scan attack and has been
[Preventive]
Complementary way to identify vulnerabilities in advance and how to prevent attacks automatically scan how to scan attack detection. Scan can detect attacks in the log how to analyze and scan attack detection methods to monitor network traffic, and how to use the tools.
Backdoor (Backdoors)>
Obtained after the root privileges after successful hack on the computer, also called a trap door that specific programs that can be accessed at any time by changing the re-access password, if not get in the way. Fix various system-related programs to hide the traces after hacking hacking when using command history and delete it from your system connected.
Distributed denial-of-service attack (DDoS: Distributed DoS)>
Means that cooperation with a large number of systems on the Internet service by attacking one target system to prevent creating Target system messages due to flooding that eventually the system operation is stopped by normal users will not be able to receive services from that system.
Modulation Homepage>
Homepage alteration is specific on the homepage when connected differently than the original screen change to put the wrong site or tteudorok Hackers seized the server administrator privileges to change the homepage of the site and information ppaegagi are used as a means to expose their claims to the modulation site.
[Preventive]
Caused by the absence of system security settings, and web site development when setting. Modulation corresponding Protection Agency (KISA, NCSC, etc.) of the website adhere to the guidelines or defend against Web firewall using dedicated equipment and eliminates the vulnerability should be.
Botnet attacks
Is a set of PC is infected with malware, bots, botnets E-mail or instant messaging to propagate the bots after PC intermediary for the infection of the malicious code, according to the command of the coming robot manipulators controlled bots on the server moves.
Bot control server vertex botnets come true, according to the command of robot manipulators infected PC to attack other computers.
The propagation of bots, but a similar path and virus / worm infected PC's speed after one connected disability of specific symptoms, so it is not easy to figure out whether you have been infected.
[Preventive]
Infected PC's speed after one connected disability of specific symptoms, so it is not easy to figure out whether you have been infected.
Web vulnerability exploitation
Web Service through the website or the information, or incorrectly configured web server or website wrong with the implementation of related programs, including several security vulnerabilities have become a prime target of hackers.
[Preventive]
Caused by the absence of system security settings, and web site development when setting. Modulation corresponding website of the agencies at all levels (KISA, NCSC, etc.) in compliance with the guidelines or defend against Web firewall using dedicated equipment and eliminates the vulnerability should be.
Zero-day attacks (zero-day)>
Exploit this vulnerability when a security vulnerability is discovered, the problem of the existence of the widely publicized even before the attacks made security. Attack countermeasures publicity even before the convention, or zero-day (zero-day) attacks because it typically complement to the author or the developer vulnerability and patch deployment of newly discovered vulnerabilities in the computer users take it down to deal with coping There is no way to
Yet undiscovered vulnerabilities by analyzing the characteristics of the packets used in an attack to block attacks yet unknown, the weak point in the attack on a program that can attack them belong, but research is in progress and yet a definitive solution has not been found .
Worms / viruses, hacking combined attack
BOT as a combination of two or more attacks and DDoS attacks combined to increase the success rate of the attack is a prime example. And multiple attack complexity is found difficult to cope.
[Preventive]
Propagated by most of the worm / virus systems, applications, vulnerabilities and infections. Quickly installed by vendor-provided security patches, vulnerability, remove the engine version of the vaccine, and always kept up to date is important.
Phishing, pharming>
Stomach-mail sent from the Web sites of financial institutions, such as the number or certification of individuals to steal credit card numbers, account numbers, etc. Phishing is a scam illegally using Farmington to seize the domain itself in the middle of the site had been officially operating techniques, and is characterized by personal ID, password, account information, such as always using the site to know without a doubt that exposure.
[Preventive]
When possible, the user access to the Internet site accessed directly by typing the URL address into your browser, and well-managed web site does not post the link, click do not. Security patch installation and management of vaccines to prevent malware pharming is essential.
No comments:
Post a Comment