Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?
Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This
information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to
trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer
name, IP address, employee ID, or other information that can be misused.
Answer option D is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or
network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the
Internet. Following are the types of password guessing attacks:
Brute force attack
Dictionary attack
Answer option B is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the
attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser
interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks
require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With
the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.
Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending large amount of
unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best
irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for
protection against this type of attack.
Currently there are no comments in this discussion, be the first to comment!