资源简介

(共13张PPT)
Chapter 6Computer Fraud and Abuse Techniques6-Learning ObjectivesCompare and contrast computer attack and abuse tactics.Explain how social engineering techniques are used to gain physical or logical access to computer resources.Describe the different types of malware used to harm computers.6-Computer Attacks and AbuseHackingUnauthorized access, modification, or use of a computer system or other electronic deviceSocial EngineeringTechniques, usually psychological tricks, to gain access to sensitive data or informationUsed to gain access to secure systems or locationsMalwareAny software which can be used to do harm6-Types of Computer AttacksBotnet—Robot NetworkNetwork of hijacked computersHijacked computers carry out processes without users knowledgeZombie—hijacked computerDenial-of-Service (DoS) AttackConstant stream of requests made to a Web-server (usually via a Botnet) that overwhelms and shuts down serviceSpoofingMaking an electronic communication look as if it comes from a trusted official source to lure the recipient into providing information6-Types of SpoofingE-mailE-mail sender appears as if it comes from a different sourceCaller-IDIncorrect number is displayedIP addressForged IP address to conceal identity of sender of data over the Internet or to impersonate another computer systemAddress Resolution Protocol (ARP)Allows a computer on a LAN to intercept traffic meant for any other computer on the LANSMSIncorrect number or name appears, similar to caller-ID but for text messagingWeb pagePhishing (see below)DNSIntercepting a request for a Web service and sending the request to a false service6-Hacking AttacksCross-Site Scripting (XSS)Unwanted code is sent via dynamic Web pages disguised as user input.Buffer OverflowData is sent that exceeds computer capacity causing program instructions to be lost and replaced with attacker instructions.SQL Injection (Insertion)Malicious code is inserted in the place of query to a database system.Man-in-the-MiddleHacker places themselves between client and host.6-Additional Hacking AttacksPassword CrackingPenetrating system security to steal passwordsWar DialingComputer automatically dials phone numbers looking for modems.PhreakingAttacks on phone systems to obtain free phone service.Data DiddlingMaking changes to data before, during, or after it is entered into a system.Data LeakageUnauthorized copying of company data.6-Hacking Embezzlement SchemesSalami TechniqueTaking small amounts from many different accounts.Economic EspionageTheft of information, trade secrets, and intellectual property.Cyber-BullyingInternet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.Internet TerrorismAct of disrupting electronic commerce and harming computers and communications.Internet Misinformation6-Hacking for FraudInternet MisinformationUsing the Internet to spread false or misleading informationInternet AuctionUsing an Internet auction site to defraud another personUnfairly drive up biddingSeller delivers inferior merchandise or fails to deliver at allBuyer fails to make paymentInternet Pump-and-DumpUsing the Internet to pump up the price of a stock and then selling it6-Social Engineering TechniquesIdentity TheftAssuming someone else’s identityPretextingInventing a scenario that will lull someone into divulging sensitive informationPosingUsing a fake business to acquire sensitive informationPhishingPosing as a legitimate company asking for verification type information: passwords, accounts, usernamesPharmingRedirecting Web site traffic to a spoofed Web site.TypesquattingTypographical errors when entering a Web site name cause an invalid site to be accessedTabnappingChanging an already open browser tabScavengingLooking for sensitive information in items thrown awayShoulder SurfingSnooping over someone’s shoulder for sensitive information6-More Social EngineeringLebanese LopingCapturing ATM pin and card numbersSkimmingDouble-swiping a credit cardChippingPlanting a device to read credit card information in a credit card readerEavesdroppingListening to private communications6-Type of MalwareSpywareSecretly monitors and collects personal information about users and sends it to someone elseAdwarePops banner ads on a monitor, collects information about the user’s Web-surfing, and spending habits, and forward it to the adware creatorKey loggingRecords computer activity, such as a user’s keystrokes, e-mails sent and received, Web sites visited, and chat session participationTrojan HorseMalicious computer instructions in an authorized and otherwise properly functioning programTime bombs/logic bombsIdle until triggered by a specified date or time, by a change in the system, by a message sent to the system, or by an event that does not occur6-More MalwareTrap Door/Back DoorA way into a system that bypasses normal authorization and authentication controlsPacket SniffersCapture data from information packets as they travel over networksRootkitUsed to hide the presence of trap doors, sniffers, and key loggers; conceal software that originates a denial-of-service or an e-mail spam attack; and access user names and log-in informationSuperzappingUnauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail6-

展开更多......

收起↑