Exploiting Vulnerabilities to Launch Attacks

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Exploiting Vulnerabilities to Launch Attacks:


Default and Maintenance Accounts: Default and maintenance accounts are weaknesses that can be employed to access information systems especially default and maintenance accounts that still have preset or easily decoded passwords. Access to hardware by maintenance personnel can also qualify as a security violation.

Data-Scavenging Attacks: Data scavenging is the method of assembling data bits over a duration and gradually piecing them together to obtain useful information. These are:

  • Keyboard Attacks – uses normal utilities and tools to garner information available to normal system users who are sitting at the keyboard.
  • Laboratory Attacks – uses advanced and specialized electronic equipment.

Initial Program Load Vulnerabilities: The initial installation of a system is referred to as the initial program load (IPL) and harbors a unique set of vulnerabilities. During the IPL process the system administrator pulls up the facility’s system and can put the system into a single-user mode, void of important security features. In single-user mode the administrator has access to unauthorized programs or data, reset passwords, modification of various resources, and reassignment of the data ports or communications lines.

In a local area network (LAN), a system administrator could also override the system’s security settings by booting the system from a tape, CD-ROM, or floppy disk.

Social Engineering: In social engineering, an attacker employs social skills to gather information needed to corrupt information systems from an unsuspecting user. This can be sensitive information such as a password to secure access to a system. Social engineering can be achieved by:

  • Impersonation – the attacker impersonates an authorized person and uses their qualifications to solicit information or to persuade an unsuspecting user to alter system settings.
  • Intimidation – includes verbal abuse directed towards the user or threatening behavior to permit access or release information.
  • Flattery – positive reinforcement used to impel the user into giving access or information for system access.

Network Address Hijacking: 

View Topics

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel