Types of Attacks
Cyber-attacks come in two main forms: passive attacks and active attacks.
In a passive attack, an intruder monitors a system and network communications and scans for open ports and other vulnerabilities (for example, an unpatched system). The intruder will try to collect as much information as he or she can to use it later to attack the system or network; this type of attack is also known as footprinting and is used to gather intelligence about the target system to attack it in a later step. An example is when an intruder records network traffic using a packet analyzer tool (such as Wireshark) for later analysis. Installing a keylogger is also a kind of passive attack where an intruder waits for the user to enter his or her username and password and records them for later use.
An active attack involves using information gathered during a passive attack to attack a user or network. There are many types of active attacks. In a masquerade attack, an intruder will pretend to be another user to gain access to the restricted area in the system. In a reply attack, the intruder steals a packet from the network and forwards that packet to a service or application as if the intruder were the user who originally sent the packet. Other kinds of active attacks are denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, which work by preventing authorized users from accessing a specific resource on a network or the Internet (for example, flooding a web server with more traffic than it can handle).
To counter these Internet attacks, individuals and companies deploy a set of defenses to protect their digital assets; however, despite your precautions, it is always possible that your system will get breached. This book will present you with a wide array of techniques and tools that teach you in detail how you can assure your privacy and security are at the highest level. Following the steps in this guide, not only will you learn how to protect your private data, but you will also become computer security literate, meaning you will be able to understand what current and future risks you are facing online and how to counter them. You will also learn how an intruder, whether a person or an entity, can invade your PC and what best practices should be implemented when using the Internet in your daily communications.
The majority of Internet users, especially nonprofessionals, do not consider Internet privacy an issue! For this reason, we will start by talking about who wants your private data when you are surfing online. Later, we will show how outside observers can benefit from the accumulated information by exploiting it to draw a complete picture about all your life’s aspects.