Author: examcert

Buffer Overflow (38.5.3) Buffers are memory areas allocated to an application. A buffer overflow occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. This can lead to a system crash or data compromise, or provide…

Application Attacks (38.5) Applications are also vulnerable to attacks. This section explores some of the more common attacks and how they can best be mitigated. Cross-Site Scripting (38.5.1) Attacks carried out through web applications are becoming increasingly common. Threat actors exploit vulnerabilities in the coding of a web-based application to gain access to a database…

Radio Frequency Jamming (38.4.3) Wireless signals are susceptible to electromagnetic interference (EMI), radio frequency interference (RFI), and even lightning strikes or noise from fluorescent lights. Attackers can take advantage of this fact by deliberately jamming the transmission of a radio or satellite station to prevent a wireless signal from reaching the receiving station. To successfully…

Organizations can take several steps to defend against various attacks. These include the following: Check Your Understanding—Cyber Attacks (38.3.13)Refer to the online course to complete this activity. Wireless and Mobile Device Attacks (38.4)Protecting wireless and mobile devices present their own challenges. This section discusses many of these attacks and how to prevent them. Grayware and…

Layer 2 Attacks (38.3.6)Layer 2 refers to the data link layer in the Open Systems Interconnection (OSI) data communication model.This layer is used to move data across a linked physical network. IP addresses are mapped to each physical device address (also known as media access control [MAC] address) on the network, using a procedure called…

Logic Bombs (38.3.2) A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off malicious code. Until this trigger event happens, the logic bomb will remain inactive. Once activated, a logic bomb implements malicious code that causes harm to a computer in various…

Piggybacking and Tailgating (38.2.6)Piggybacking or tailgating occurs when a criminal follows an authorized person to gain physical entry into a secure location or a restricted area. Criminals can achieve this by: One way of preventing this is to use two sets of doors. This is sometimes referred to as a mantrap and means individuals enter…

Deception (38.2)Deception comes in many forms. This section explores some of the different ways attackers can attempt to deceive a person or organization. Social Engineering (38.2.1)Social engineering is a non-technical strategy that attempts to manipulate individuals into performing risky actions or divulging confidential information.Rather than software or hardware vulnerabilities, social engineering exploits human nature by…

Threat Complexity (38.1.12)The threat landscape has continued expand not only in the number of vectors, but also in their complexity. An advanced persistent threat (APT) is a continuous attack that uses elaborate espionage tactics involving multiple actors and/or sophisticated malware to gain access to the target’s network. Attackers remain undetected for a long period of…

Threats to the Local Area Network (38.1.7)The local area network (LAN) is a collection of devices, typically in the same geographic area, connected by cables (wired) or airwaves (wireless).Because users can access an organization’s systems, applications, and data from the LAN domain, it is critical that it has strong security and stringent access controls.Examples of…