You can categorize a session hijacking attack as either an active attack or a passive attack. Let’s look at both. Active Attack A session hijacking attack is considered active when the attacker assumes the session as their own, thereby taking over the legitimate client’s connection to the resource. In an active attack the attacker is … Read more
DoS attacks come in many flavors, each of which is critical to your understanding of the nature of the DoS attack class. Service Request Floods In this form of DoS attack, a service such as a web server or web application is flooded with requests until all resources are used up. This would be the … Read more
Social engineering will put your layered defenses to the true test. Even with strong security controls, a naïve or untrained user can let the social engineer into the network. Never underestimate the power of social engineers — and that of your users and helping them get their way. Policies Specific policies help ward off social … Read more
As part of mapping out your network, you can search public databases and resources to see what other people know about your systems. WHOIS The best starting point is to perform a WHOIS lookup by using any one of the tools available on the Internet. In case you’re not familiar, WHOIS is a protocol you … Read more
The amount of information you can gather about an organization’s business and information systems that is widely available on the Internet is staggering. To see for yourself, the techniques outlined in the following sections can be used to gather information about your own organization. Social media Social media sites are the new means for businesses … Read more
t’s one thing to know generally that your systems are under fire from hackers around the world and malicious users around the office; it’s another to understand the specific attacks against your systems that are possible. This section discusses some well-known attacks but is by no means a comprehensive listing. Many security vulnerabilities aren’t critical … Read more
Where does reverse engineering fit in for the ethical hacker? Reverse engineering is often viewed as the craft of the cracker who uses her skills to remove copy protection from software or media. As a result, you might be hesitant to undertake any reverse engineering effort. The Digital Millennium Copyright Act (DMCA) is often brought … Read more
Although you can’t know about and detect all vulnerabilities in advance of deployment, you certainly can be proactive in mitigating the potential of a SCADA security breach by taking the following defense-in-depth methods into consideration: • Develop a security policy. • Implement ACLs (access control lists). • Use MAC address filtering. • Use VLAN segmentation. … Read more
SCADA stands for supervisory control and data acquisition. SCADA networks control and monitor the critical utility and process control infrastructures for manufacturing, production, and power generation for utility companies, including electricity, natural gas, oil, water, sewage, and railroads. The development of SCADA can be traced back to the beginning of the 19 th century through … Read more
To protect against VoIP attacks, you should follow the same conventional methods and security best practices that you use for any other software segment. Test your system thoroughly via penetration testing and implement a strategy of defense in depth that encompasses the entire system. Defense in depth is achieved by • Making it harder for … Read more