INJECTION ATTACKS

CROSS-SITE SCRIPTING (XSS) ATTACKS

A type of injection attack where the attacker can insert malicious
code and target the user of the service. Common method to achieve
a session hijacking.

SQL INJECTION ATTACK

-Target entire website if the website is using a SQL database.
Attackers can potentially run SQL commands that allow them to
delete website data, copy it, and run other maicilious commands.

PASSWORD ATTACK
-Utilize software like password-crackers that try and guess your
password.

BRUTE FORCE ATTACK

Which just continuesly tries different combinations of characters
and letters until it gets access.

DICTONARY PASSWORD/ATTACKS
-It tries out words that are commonly used in passwords.

SOCIAL ENGINEERING
-An attack method that relies heavily on interactions w/ humans
instead of computers.

PHISING ATTACK (FISH BAIT)

-

SPEAR PHISING
- Specifically targets individual or group. And often will include
information known to be of interest to the target, such as current
events or financial documents.

EMAIL SPOOFING
-A source masquerading around as something else.

BAITING
-Physical contact attack like USB with malware.

TAILGATING
-Gaining access into a restricted area of building by following
a real employee in.

DECEPTIVE ATTACKS
-To disguise their identities, intents, and motives.

MOST COMMON SOCIAL ENGINEERING ATTACKS.

1. PHISING - fish bait, using clickbait links. Clickbait such as
pet videos, gossip, new scandals, oppostunities to win iPhone, etc.
2. SPOOFING- Alter the header on phising emails in order to appear
to originate from a legitimate business or reputable person(fake
bank web)
3.SPEAR PHISING - Use details about victim's life to win victim's
trust (ex, facebook poser).
4.WHALING - Big target or "WHALE".
5.VISHING - Attacker use voice over IP (VoIP) to make phone calls
pretending to be reputable companies.
TARGETED AND IN-PERSON DECEPTIVE ATTACKS
1.SHOULDER SURFING- Specific victim.
2.TAILGATING- Unauthorized party gains physical access to a
restricted area by simply following a person or group of person
who have authorized access.
3.IMPERSONATION - Attacker pretending to someone and call IT
Support team for a password reset, or attacker pretending to be
from IT Support Team.
4.DUMPSTER DIVING - Shredding all confidential docu is an easy way
to prevent this.
5.EVIL TWIN- Installing fake wifi and attackers gains access to
the victim's wireless transimissions.

PHYSICAL SECURITY MEASURES

1.GUARDS - Monitor controlled access to prevent unauthorized
access.
2.DOOR LOCKS- Area to be restricted. Autorized person only.
3. EQUIPEMENT LOCKS - Restrict the movement of sensitive equipment,
like servers storage. Only authorized person can have access
to sensitive equipment.
4.VIDEO SURVEILLANCE - Video cameras allow observation and recorde
dactivity playback w/in controlled areas.
5.ALARM SYSTEM - Notify security by sounding an alarm or sending
a message when a controlled area is accessed.
6.MOTION SENSORS - Are devices that detect movement w/in a
controlled area. Motion sensors can trigger alarm systems or
video survelliance.

PROTECTING THE ENTRY POINTS OF A BUILDING

1.ACCESS CONTROL VESTIBULES - Create a space between two sets of
interlocking doors or gateways to prevent unauthorized person
from following authorized individuals intro controlled facilities.
2. BADGE READERS - Are devices that read information encoded
into a plastic card. To identify each user by the badge they present
to the device. Badge readers can be used to control electrically
operated door locks and can be built into computer terminals to
control access to information.

PROTECTING THE OUTSIDE BUILDING

1. BOLLARDS - Are sturdy, short, vertical posts placed to
restrict access of vehicles to a controlled areas.
2.FENCES - Are physical barriers,to keep out external threats.

KEY TAKEAWAYS
It's essential to ensure that an organization's technical assets
and data are protected physically and virtually.ge