Packet Capture: A packet capture utility can capture data that is sent across the network or from a PC's NIC card. The packets can contain username and password, credit card numbers, social security card numbers or anything that is in plain text. An attacker can read this data from a packet capture utility and use it for malicious intent.
Ping sweep and port scan: Some attacks start with a scan of the network to identify devices to target on the network. A ping sweep will ping a range of IP addresses and wait for a reply. A ping reply might indicate that there is a network resource at those IP addresses. Once a collection of IP addresses is identified, a port scan can be ran to see what services are available on the host. Port scans can also help gather more information about the target system such as what operating system it's running.
Dumpster Diving: Many companies throw away confidential data without properly shredding it. An attacker can rummage through a company's trash in hopes of discovering data that could be used to compromise network resources.
Wiretapping: If an attacker gains access to a network wiring closet, they can then physically tap into a telephone line and eavesdrop on the conversation. They could also insert a hub inline with the network cable and receive copies of the data.
Social Engineering: Phone techniques can be used to obtain information from end users. For example someone could pose as a member of the IT department and ask for the end users login information.
Electromagnetic interfaces interception: Data is often transmitted over a wire, often called a network cable. Attackers can copy data traveling over the wire by intercepting the EMI being emitted by the wire. The EMI emissions are sometimes called emanations.
Visit Matt's latest website Event Log Monitoring for listing of Event Log Monitoring Software. Also check out Order Management Software for a list of Order Management Software and inventory software.
No comments:
Post a Comment