• Choose a category
• All
• Classic-Fiction

Be able to describe a TCP/IP hijacking. TCP/IP hijacking occurs when an unauthorized system replaces the authorized system without being detected. This allows access privileges to be kept in the session. Hijacking attacks are hard to detect because everything appears to be normal except the hijacked system. Hijacking attacks take advantage of the sequencing numbers used in TCP sessions.

Know how social engineering occurs. Social engineering is a process in which an unauthorized person attempts to gain access to information by asking the help desk or other employees for account and password information. This assault typically occurs when an attacker acts as someone who would legitimately have a right to that information.

Be able to describe the two methods used in password guessing. The two methods used to guess passwords are brute force and dictionary. Brute-force attacks work by trying to randomly guess a password repeatedly against a known account ID. In a dictionary attack, a dictionary of common words is used to attempt to find a user’s password.

Know how software exploitation occurs. Software exploitation involves using features or capabilities of a software product in a manner either unplanned for or unanticipated by the software manufacturer. In many cases, the original feature enhanced the functionality of the product but, unfortunately, creates a potential vulnerability.

Know the characteristics and types of viruses used to disrupt systems and networks. Several different types of viruses are floating around today. The most common ones are polymorphic viruses, stealth viruses, retroviruses, multipartite viruses, and macro viruses.

Be able to explain the characteristics of Trojan horses and logic bombs. Trojan horses are programs that enter a system or network under the guise of another program. Logic bombs are programs or snippets of code that execute when a certain predefined event occurs.

Know how worms operate. Worms attack systems and attempt to procreate and propagate. Worms spread using files, e-mail, and physical media, such as a USB drive. A worm will also frequently contain a virus that causes the destruction of a system.

Be able to describe how antivirus software operates. Antivirus software looks for a signature in the virus to determine what type of virus it is. The software then takes action to neutralize the virus based on a virus definition database. Virus definition database files are regularly made available on vendor sites.

Know how audit files can help detect unauthorized activity on a system or network. Most operating systems provide a number of audit files to record the results of activities. These log files will frequently contain unsuccessful logon attempts as well as reports of excessive network traffic. They should be reviewed on a regular basis to determine what is happening on a system or a network.

Hands-On Labs

The labs in this chapter are as follows:

Lab 2.1: Identify Running Processes on a Windows-Based Machine

Lab 2.2: Identify Running Processes on a Linux-Based Machine

Lab 2.1: Identify Running Processes on a Windows-Based Machine

It is important to know what processes are running on a machine at any given time. In addition to the programs that a user may be using, there are always many others that are required by the operating system, the network, or other applications.

All recent versions of Windows include the Task Manager to allow you to see what is running. To access this information, follow these steps:

1. Right-click an empty location in the Windows Taskbar.

2. Choose Task Manager from the pop-up menu that appears.

3. The Task Manager opens to Applications by default and shows what the user is actually using. Click the Processes tab. Information about the programs that are needed for the running applications is shown, as well as all other processes running. (If the Show Processes From All Users check box appears beneath this tab, be sure to click it.) Many of the names of the processes appear cryptic, but definitions for most (good and bad) can