Introduction to Network Security

Asset: - Answer- A person, device, location, or information that SecOps aims to protect from attack. Attack: - Answer- An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset. Risk - Answer- The potential of a threat to exploit a vulnerability via an attack. SecOps - Answer- The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of attacks. Threat: - Answer- Something or someone that can exploit a vulnerability to attack an asset. Vulnerability: - Answer- A weakness in software, hardware, facilities, or humans that can be exploited by a threat. Spoofing - Answer- This is a man-in-the-middle attack where the attacker impersonates the sender and receiver of the traffic. Spoofing - Answer- The server unknowingly exchanges information with the attacker, believing they are the client, then the attacker forwards the information to the client so nobody notices a break in connection Wiretapping - Answer- This form of attack can include putting special taps in-line with a computer's network cable and then using a packet sniffer to listen and record the traffic on the network. Social Engineering - Answer- This is the act of manipulating human trust to gain access or information. Examples include impersonation and phishing. Poor Physical Security Measures - Answer- If an attacker gains access to your files or to your physical computers, the attacker can simply steal a copy of the data and crack encryption at their own pace. Smurf attack - Answer- An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target. Honeypot -