In this video you will learn about social engineering, DDoS, DoS, zero-day attacks, man-in-the-middle attacks, brute force, dictionary attacks, rainbow tables, spoofing, non-compliant systems, and zombie attacks.
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. Six common social engineering techniques that you need to know for the CompTIA A+ 220-1002 examination are:
A distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. The traffic is so overwhelming that the site is unreachable by normal traffic and is effectively shut down. Exploited machines can include computers and other trusted networked resources such as IoT devices.
A denial-of-service attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device’s normal functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to additional users. A DoS attack is characterized by using a single computer to launch the attack.
A zero-day vulnerability is a computer software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.
In cryptography and computer security, a man-in-the-middle attack is a cyberattack where the attacker secretly relays and possibly alters captured communications between two parties who believe that they are directly communicating with each other.
In cryptography, a brute force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. System and network administrators setting up password rules that require a system to lock after a specified number of incorrect password are input is one way to prevent a brute force attack. Longer passwords also aid in the fight against brute force attacks.
In computer security, a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying thousands or millions of likely possibilities, such as words in a dictionary or previously used passwords, often from lists obtained from past security breaches. Dictionary attacks can be prevented by locking systems after a specified number of incorrect passwords are offered and by requiring sophisticated passwords that do not include identifiable information such as birthdays, family names, etc.
A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database. A rainbow table attack (similar to a brute force attack, except more mathematically sophisticated & takes less time) is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in the database.
Spoofing is a situation in which a person or program successfully identifies as a trustworthy source by falsifying data, to gain an illegitimate advantage. Phishing, spear phishing, and rogue antivirus programs are three examples of spoofing.
Non-compliant systems are computer systems on a network that do not have the most up-to-date security patches installed and are therefore very vulnerable to attacks. An example would be a user attempting to use their personal laptop to log into their company’s network without first having their personal laptop updated with the most up-to-date security patches to comply with the company’s network standards.
In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread email spam and launch DoS attacks. Most owners of “zombie” computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies.