![]() ![]() While this vector may or may not be independent of the direct access vector in your exam, the countermeasure remains physical security and external device port security. We soon see the attack find success, when a prison guard gleefully picks up the free u s b drive and satisfies his natural curiosity by plugging it straight into an internally networked device. Robot scene from season 1, episode 6, where the malware author working with Elliot casually drops infected U S B drives in the parking lot of a prison. A very good pop-culture example of this attack vector is the Mr. Removable media, while tied closely to the direct access vector, is unique in that it is so portable. ![]() Your exam might obscure the phrase user training by showing you examples, or sub-sects, like fishing simulations or security awareness programs. ![]() Your exam wants you to identify user training as the key countermeasure of this vector. ![]() There are 13 unique attacks of this vector type covered later in domain 1 of this course, most of them in the social engineering sub-section. The lead countermeasure that your exam will ask you to identify is, secure Wi-Fi networks.Įmail is the vector used for attacks such as spam, the many varieties of fishing, invoice scams, and ransomware. The wireless attacks sub-section of this course covers a total of 9 attack types along this vector. These attacks are covered in depth during the attacks by type, network level sub-set, wireless attacks sub-section of this course. These are: rogue access points, unsecure access points, and the evil twin attack. The comp teaya exam focuses on three wireless attack vectors. The lead countermeasure that your exam will ask you to identify is, physical security. Common attacks inlude keylogger equipment and malware, malicious flash drive payloads, and well-hidden network or data capture software and systems. When the attacker has direct access it can be trivial to infect devices and systems. The attack vectors that the comp teaya 20 22 security + exam wants you to be familiar with include direct access, wireless, e mail, removable media, social media, cloud systems, and supply chains.ĭirect access encomposes attack methods where the hacker gains physical access to facilities, hardware, and infrastructure. Phishing: sending deceptive messages to end users to entice them to reveal confidential information, such as passwords. Some real world examples of common attack vectors include:Įxploiting buffer overflows this is how the Blaster worm was able to propagate.Įxploiting webpages and email to support loading and subsequent execution of JavaScript, or other types of scripts without properly limiting their powers.Įxploiting networking protocol flaws to perform unauthorized actions at the other end of a network connection. In order to limit the chance of discovery once installed, the code in question is often obfuscated by layers of seemingly harmless code. These tasks may include things such as spreading itself further, opening up unauthorized access to the IT system, stealing or encrypting the user's documents, and more. When the unsuspecting end user opens the document, the malicious code in question, known as the payload, is executed and performs the abusive tasks it was programmed to execute. For instance, malicious code, I E code that the user did not consent to being run and that performs actions the user would not consent to, often operates by being added to a harmless seeming document made available to an end user. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity. In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. Some sections compiled with voice to text software - So there are one or two funny spelling errors ![]()
0 Comments
Leave a Reply. |