ATTACK AND MONITOR OF THREATS AND WORMS

• Brute Force attacks
  
• Attempts to gain access many times using different input
• Password guessing and war dialing are examples

• Dictionary attacks
  
• More selective than a brute force
• Submits identification credentials from a dictionary, or a list of commonly used user IDs

• Denial of Service (DOS) attacks
  
• Attacker saturates network, rendering access to the system impossible or unbearably slow

• Spoofing attacks
  
• Attacker presents a substitute login screen
• Fake login screen stores the user ID and password, then displays a failed login message

• Man-in-the-Middle attack
  
• Uses a network sniffer or hardware/software that intercepts network packets, to grab traffic en route to another destination

• Monitoring
• Event log auditing
• System events
• Application events
• User events
• Keystroke monitoring
• Normally only used by hackers or to investigate suspected inappropriate activity
• HoneyPot
• Entices a potential hacker to attack

• Intrusion Detection
• Intrusion detection systems(IDS)
• Network-based IDS - monitors network segment
• Monitor a network or system
• Host-based IDS - monitors a single system
• Signature-based
• Contains a database of recognized attacks
• Activity is compared with signature database
• Sounds an alarm for suspcious activity
• Behaviour-based
• Detects usage anomalies
• Sometimes called an expert system
• Generally results in more false positives than signature-based IDS
• Penetration Testing
• Legal hacking
• Set of attacks to judge how vulnerable your system really is
• Exhaustive penetration tests can uncover vulnerabilities