- [Voiceover] An attack vector is a mechanism by which someone gains unlawful entry into a system and can include email, webpages, wireless, automobiles, and the user. The goal is to deliver a malicious payload or other malicious acts by taking advantage of system vulnerabilities or known weak spots to gain entry. Old school viruses have been declining. However, serious malware makers have progressed to more aggressive attacks using Trojan horses, rootkits, and spyware.
Most methods involve programming yet some involve social engineering. An email and email attachments are one of the original methods to send malware spam and bogus links and continue to improve in sophistication. Email attachments are handy and are used by just about everyone. While antivirus scans are tune to scan for viruses in attachments, modern day malware is polymorphic in nature and can change to elude detection. To minimize this attack vector, keep antivirus updated and educate users to use caution when opening attachments.
Unfortunately, this makes your machine vulnerable to an attack. As when the install takes place, the user generally agrees to an end user license agreement which may include wording that allows additional function or add-ons such as an app that allows BIT claim on your machine. Avoid these services. But if they must be used, read the end user license agreement and make sure malware protection is used with egress filtering to block communication with malicious websites.
Wireless networks are pervasive in today's world and provides an attractive attack vector. The 802.11 standard or Wi-Fi is characteristically insecure and will continue to be more vulnerable to attack than a wired network and that wireless is unbounded media. Protect against attacks by minimizing the vulnerabilities by taking advantage of the security mechanisms available. A recent attack vector includes the automobile.
Most modern vehicles can be hacked. Research is revealing how fragile modern vehicles, computerized systems can be. As accessing a car's internal network can infiltrate computer control systems including brakes and engine. Car manufactures and anti-malware companies are looking into vulnerabilities to prevent a hacker from taking control of a number of functions such as brakes, display, radio, and windshield wipers. Watch and respond to manufacturer's recall notification.
In addition, because many attacks are done through remote connections, be cautious and avoid connecting to a road wireless network which could allow an attacker to steal credentials for remote mobile apps. The most vulnerable attack vector is the user which is the weakest link in any system. Over 600 million people worldwide have fallen victim to some sort of cyber crime. That includes online scams, malware and phishing attacks, credit card fraud, compromised social-networking profiles, and explicit content.
Although humans can be our weakest link, steps can be taken to avoid falling prey to cyber crime and protect your data offline and online. Change your password often and don't use the same password for all sites. Don't friend strangers. Don't click on suspicious links. And use caution when using public Wi-Fi networks.
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases