To help colleagues "outrage"
In the previous article I tried to describe the general concepts of information security management, in order to reduce risks. They included the concepts of threat, vulnerability, attack and risk. In this material, we consider the main types of harmful effects or potential threats.
Probably the most common type of violators of information security, apart from harmful employees, is malware or malware (malware or software and mathematical influence).
Malware - malicious software - suspicious software, any software designed to gain unauthorized access to PC computing resources or information on a PC or to cause harm (damage) by copying, distorting, deleting or changing information - wiki mode enabled. In general, the CIA is at stake.
Here are the types of this beast:
1. Adware - pop-ups - "Buy, check, check in - well, click." VPO on PC, the main purpose of which is to display interactive annoying ads during work.
2. Virus - (user interaction, replication, activation, reasonable - result searching). A self-propagating, necessarily executable code, often attached to a normal object, with a specific goal. It can create copies of itself and be embedded in the code of other programs, system memory areas, boot sectors, and also distribute its copies via communication channels in order to disrupt the proper functioning of the infrastructure.
3. Scareware - fake scan for vulns -> need to fix -> activate virus. Something like adware, which broadcasts about the presence of multiple vulnerabilities on the PC, and in order to fix them you need to download “special” software.
4. Spyware is a malware that secretly (without the user's consent) to collect information and send to the right receiver, almost always reduces PC performance (ie Keylogger).
5. Trojan - download-install “legal” soft - background activation - works like a container. Unlike viruses, they are spread manually. Attackers are placed on open resources, come as an attachment to letters, are downloaded by the user from compromised addresses or resources.
6. Backdoor - VPO secretly opens access, ports, services. Usually installed on a PC after receiving initial access in order to re-gain access to the system.
7. Rootkit - utils with system level access. The main feature is activation prior to downloading antivirus software, usually hiding deep in the depths of the operating system and specially written in such a way as to avoid detection by antivirus and other security tools.
8. Botnet - robot network is a computer network consisting of a certain number of hosts running bots - standalone software, “Zombies”.
9. Logic bomb - waits and starts when certain time or information conditions are performed to perform malicious actions (as a rule, unauthorized access to information, distortion or destruction of data).
10. Ransomware - “give me money and I will unlock”. Malicious software that works as an extortionist. It was well, very popular 2-3 years ago.
11. Polymorphic malware - malware with variable code or behavior, which makes it difficult to detect (file changes, compression and encryption with variable keys, variable ports), while the main functions usually remain the same.
12. Armored virus - proactive behavior to antiviruses, complex reverse engineering. The type of virus that was designed to make it difficult to analyze the code.
As you can see, the main feature of HPE is its deep encapsulation. Therefore, after a single check on the PC on the PC, you can get the whole set of the above.
1. MITM - a person in the middle, a compromised communication channel, in which by connecting to the channel, you can make a good sniff and not only (arp-spoofing).
2. DoS, DDoS - denial of service or availability.
3. Replay - actions in which data is captured and then re-sent for unauthorized access.
4. Smurf attack (Salyut or fireworks) - is to transfer to the network broadcast ICMP requests on behalf of the victim computer. As a result, computers that have received such broadcast packets respond to the victim computer, thereby receiving it.
5. Spoofing - a class of attacks based on the substitution of a trusted source - L2 / L3.
6. Spam - it is spam in Africa and spam: sending commercial and other advertising or other types of messages to people who have not expressed a desire to receive them.
7. Phishing - getting access to confidential user data - usernames and passwords, by misleading the user, for example, redirecting the user to a fake website, very similar to, for example, a banking site, where the user will highlight his login / password.
8. Spim - spam over instant messaging (IM).
9. Spear phishing - targeted phishing.
10. Xmas attack - attack on open ports scanning - discovering.
11. Pharming - procedure for covertly redirecting a victim to a false IP address.
12. Privilege escalation - getting more rights than it should be.
13. Malicious insider threat - offended employee, very dangerous type.
14. DNS poisoning & ARP poisoning - damage to the integrity of the data in the DNS system by filling the DNS server cache with data when resolution occurs with a compromised IP address. Similarly with ARP, only L2 is poisoning.
15. Transitive access is analogous to a mathematical rule, A-> B, B-> C, A-> C.
16. Client-side attacks -> Application Attacks.
17. Password attacks: brute force, dictionary, hybrid, birthday, rainbow tables - various password attack techniques.
18. Typo squatting / URL hijacking - gns.com -> not, gns.net –yes!
19. Watering hole attack - the study of "habits", compromise, infection.
There are fewer strict concepts:
1. Shoulder surfing - almost the same thing, when someone skillfully wrote off on your control =), beware when you stand at the ATM!
2. Dumpster diving - analysis of garbage waste, very entertaining shown in the films Operation Argo or Gun Baron.
3. Tailgating is when someone passes behind you without logging in, “oh, hold the door, I forgot the key for the intercom”.
4. Impersonation - relevant for employees of HD / SD, the ability to impersonate another person.
5. Hoaxes - something like Scareware, only through human persuasion
6. Whaling - email phishing big fish))), puff directors and supervisors.
7. Vishing - the same as phishing only through voice (phone call), the prelude to the battle between Acid Burn and Crash Override if you understand what I mean.
8. Principles: authority, intimidation, social proof, scarcity, urgency, liking, trust - these are the principles on which social engineering techniques are based.
1. Rouge access point - unauthorized access point, physical connection.
2. Jamming / interference - noise-generating point.
3. Evil twin - broadcasting a false SSID when the legal AP is wired.
4. War driving - scanning open SSIDs and documenting how Google did))
5. War chalking - special characters for open networks.
6. Bluejacking - recording “special” information to the device via Bluetooth
7. Bluesnarfing - stealing data from a device via Bluetooth
8. WEP attacks - based on weak key initialization.
9. NFC - through device synchronization, it is possible to access critical data.
10. WPS - hacking the PIN and gaining access to the preshared keys.
1. Cross-site scripting - the introduction of a malicious code page (which will be executed on the user's computer when he opens this page) and the interaction of this code with an attacker’s web server.
2. CSRF - forcing to perform any actions on a vulnerable site on behalf of the victim
3. SQL injection - embedding arbitrary SQL in the query
4. LDAP injection - similarly with LDAP statements on behalf of the user.
5. XML injection - well, it is clear what kind of animal.
6. Directory traversal / command injection - getting access to a resource that should not be available: ../../../../../../../../etc/passwd.
7. Buffer overflow - arises due to incorrect work with data received from outside.
8. Integer overflow - a variable of integer type is attempted to assign a value greater than it can hold.
9. 0-day.
10. Cookies and attachments - interception or acquisition of data from the previous session.
11. Locally Shared Objects - other stored locally critical data and having authorized sharing.
12. Malicious add-ons - various optimizers, etc. embedded in the browser.
13. Session hijacking - session interception.
14. Header manipulation - add "unexpected" data to the headers of packages or other containers.
15. Arbitrary CE / Remote CE - remote enforcement of code
About WEB application security is a resource OWASP, there are many interesting things.
It is likely that somewhere in the description there will be minor inaccuracies, but it is rather difficult to draw a clear line between certain concepts.
PS In the title I wrote "Bezopasnik", but my favorite Word corrected me, I decided to leave the corrected version))
Probably the most common type of violators of information security, apart from harmful employees, is malware or malware (malware or software and mathematical influence).
Malware
Malware - malicious software - suspicious software, any software designed to gain unauthorized access to PC computing resources or information on a PC or to cause harm (damage) by copying, distorting, deleting or changing information - wiki mode enabled. In general, the CIA is at stake.
Here are the types of this beast:
1. Adware - pop-ups - "Buy, check, check in - well, click." VPO on PC, the main purpose of which is to display interactive annoying ads during work.
2. Virus - (user interaction, replication, activation, reasonable - result searching). A self-propagating, necessarily executable code, often attached to a normal object, with a specific goal. It can create copies of itself and be embedded in the code of other programs, system memory areas, boot sectors, and also distribute its copies via communication channels in order to disrupt the proper functioning of the infrastructure.
3. Scareware - fake scan for vulns -> need to fix -> activate virus. Something like adware, which broadcasts about the presence of multiple vulnerabilities on the PC, and in order to fix them you need to download “special” software.
4. Spyware is a malware that secretly (without the user's consent) to collect information and send to the right receiver, almost always reduces PC performance (ie Keylogger).
5. Trojan - download-install “legal” soft - background activation - works like a container. Unlike viruses, they are spread manually. Attackers are placed on open resources, come as an attachment to letters, are downloaded by the user from compromised addresses or resources.
6. Backdoor - VPO secretly opens access, ports, services. Usually installed on a PC after receiving initial access in order to re-gain access to the system.
7. Rootkit - utils with system level access. The main feature is activation prior to downloading antivirus software, usually hiding deep in the depths of the operating system and specially written in such a way as to avoid detection by antivirus and other security tools.
8. Botnet - robot network is a computer network consisting of a certain number of hosts running bots - standalone software, “Zombies”.
9. Logic bomb - waits and starts when certain time or information conditions are performed to perform malicious actions (as a rule, unauthorized access to information, distortion or destruction of data).
10. Ransomware - “give me money and I will unlock”. Malicious software that works as an extortionist. It was well, very popular 2-3 years ago.
11. Polymorphic malware - malware with variable code or behavior, which makes it difficult to detect (file changes, compression and encryption with variable keys, variable ports), while the main functions usually remain the same.
12. Armored virus - proactive behavior to antiviruses, complex reverse engineering. The type of virus that was designed to make it difficult to analyze the code.
As you can see, the main feature of HPE is its deep encapsulation. Therefore, after a single check on the PC on the PC, you can get the whole set of the above.
Infrastructure (enterprise)
1. MITM - a person in the middle, a compromised communication channel, in which by connecting to the channel, you can make a good sniff and not only (arp-spoofing).
2. DoS, DDoS - denial of service or availability.
3. Replay - actions in which data is captured and then re-sent for unauthorized access.
4. Smurf attack (Salyut or fireworks) - is to transfer to the network broadcast ICMP requests on behalf of the victim computer. As a result, computers that have received such broadcast packets respond to the victim computer, thereby receiving it.
5. Spoofing - a class of attacks based on the substitution of a trusted source - L2 / L3.
6. Spam - it is spam in Africa and spam: sending commercial and other advertising or other types of messages to people who have not expressed a desire to receive them.
7. Phishing - getting access to confidential user data - usernames and passwords, by misleading the user, for example, redirecting the user to a fake website, very similar to, for example, a banking site, where the user will highlight his login / password.
8. Spim - spam over instant messaging (IM).
9. Spear phishing - targeted phishing.
10. Xmas attack - attack on open ports scanning - discovering.
11. Pharming - procedure for covertly redirecting a victim to a false IP address.
12. Privilege escalation - getting more rights than it should be.
13. Malicious insider threat - offended employee, very dangerous type.
14. DNS poisoning & ARP poisoning - damage to the integrity of the data in the DNS system by filling the DNS server cache with data when resolution occurs with a compromised IP address. Similarly with ARP, only L2 is poisoning.
15. Transitive access is analogous to a mathematical rule, A-> B, B-> C, A-> C.
16. Client-side attacks -> Application Attacks.
17. Password attacks: brute force, dictionary, hybrid, birthday, rainbow tables - various password attack techniques.
18. Typo squatting / URL hijacking - gns.com -> not, gns.net –yes!
19. Watering hole attack - the study of "habits", compromise, infection.
Social engineering
There are fewer strict concepts:
1. Shoulder surfing - almost the same thing, when someone skillfully wrote off on your control =), beware when you stand at the ATM!
2. Dumpster diving - analysis of garbage waste, very entertaining shown in the films Operation Argo or Gun Baron.
3. Tailgating is when someone passes behind you without logging in, “oh, hold the door, I forgot the key for the intercom”.
4. Impersonation - relevant for employees of HD / SD, the ability to impersonate another person.
5. Hoaxes - something like Scareware, only through human persuasion
6. Whaling - email phishing big fish))), puff directors and supervisors.
7. Vishing - the same as phishing only through voice (phone call), the prelude to the battle between Acid Burn and Crash Override if you understand what I mean.
8. Principles: authority, intimidation, social proof, scarcity, urgency, liking, trust - these are the principles on which social engineering techniques are based.
Attacks on Wi-Fi.
1. Rouge access point - unauthorized access point, physical connection.
2. Jamming / interference - noise-generating point.
3. Evil twin - broadcasting a false SSID when the legal AP is wired.
4. War driving - scanning open SSIDs and documenting how Google did))
5. War chalking - special characters for open networks.
6. Bluejacking - recording “special” information to the device via Bluetooth
7. Bluesnarfing - stealing data from a device via Bluetooth
8. WEP attacks - based on weak key initialization.
9. NFC - through device synchronization, it is possible to access critical data.
10. WPS - hacking the PIN and gaining access to the preshared keys.
Application Attacks.
1. Cross-site scripting - the introduction of a malicious code page (which will be executed on the user's computer when he opens this page) and the interaction of this code with an attacker’s web server.
2. CSRF - forcing to perform any actions on a vulnerable site on behalf of the victim
3. SQL injection - embedding arbitrary SQL in the query
4. LDAP injection - similarly with LDAP statements on behalf of the user.
5. XML injection - well, it is clear what kind of animal.
6. Directory traversal / command injection - getting access to a resource that should not be available: ../../../../../../../../etc/passwd.
7. Buffer overflow - arises due to incorrect work with data received from outside.
8. Integer overflow - a variable of integer type is attempted to assign a value greater than it can hold.
9. 0-day.
10. Cookies and attachments - interception or acquisition of data from the previous session.
11. Locally Shared Objects - other stored locally critical data and having authorized sharing.
12. Malicious add-ons - various optimizers, etc. embedded in the browser.
13. Session hijacking - session interception.
14. Header manipulation - add "unexpected" data to the headers of packages or other containers.
15. Arbitrary CE / Remote CE - remote enforcement of code
About WEB application security is a resource OWASP, there are many interesting things.
It is likely that somewhere in the description there will be minor inaccuracies, but it is rather difficult to draw a clear line between certain concepts.
PS In the title I wrote "Bezopasnik", but my favorite Word corrected me, I decided to leave the corrected version))
')
Source: https://habr.com/ru/post/232405/
All Articles