Attacks on Windows platforms can take on many forms. It is common to see several types of attacks combined to accomplish the attacker’s goal. TABLE 1-3 contains a brief list of the most common types of attacks on any information systems.
TABLE 1-3 Common Information Systems Attack Types |
|
---|---|
ATTACK TYPE | DESCRIPTION |
Phishing | Phishing attacks generally start with a message that contains a link or image to click, or a file to open. Taking these actions launches malware attacks. |
Malware | Malicious software, also called malware, is software that is designed to carry out tasks that the user would not normally allow. |
Denial of service | Any action that dramatically slows down or blocks access to one or more resources. |
Injection attacks | A family of attacks that depend on the ability to send instructions to a software application that cause the application to carry out unintended actions. SQL injection is the most commonly recognized type of this attack. |
Unprotected Windows Share | A situation that allows attackers to install tools, including malicious software. |
Session hijacking and credential reuse | Many online applications set up sessions with valid users providing authentication credentials at the beginning of the session. Attackers often attempt to take over valid sessions or capture the credentials provided to impersonate valid users. |
Cross-site scripting | Specially crafted malicious code used to attack web applications. |
Packet sniffing | The process of collecting network messages as they travel across a network in hopes of divulging sensitive information, such as passwords. |
© Jones & Bartlett Learning. |
18.191.181.36