2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet439/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   435   436   437   438   439   440   441   442   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Domain Hijacking
Domain hijacking
, or 
domain theft
, is the malicious action of changing the registration of 
a domain name without the authorization of the valid owner. This may be accomplished 
by stealing the owner’s logon credentials, using XSRF, hijacking a session, using MitM (see 
Chapter 21, “Malicious Code and Application Attacks,” for coverage of these attacks), or 
exploiting a flaw in the domain registrar’s systems.
Sometimes when another person registers a domain name immediately after the original 
owner’s registration expires, it is called 
domain hijacking
, but it should not be. This is a 
potentially unethical practice, but it is not an actual hack or attack. It is taking advantage 
of the oversight of the original owner’s failure to manually extend their registration or 
configure autorenewal. If an original owner loses their domain name by failing to maintain 
registration, there is often no recourse other than to contact the new owner and inquire 
regarding reobtaining control. Many registrars have a “you snooze, you lose” policy for 
lapsed registrations.
When an organization loses their domain and someone else takes over control, this can 
be a devastating event both to the organization and its customers and visitors. The original 
website or online content will no longer be available (or at least not available on the same 
domain name). And the new owner might host completely different content or host a false 
duplicate of the previous site. This later activity might result in fooling visitors, similar to 
a phishing attack, where personally identifiable information (PII) might be extracted and 
collected.
An example of a domain hijack is the theft of the Fox-IT.com domain in September 
2017; you can read about this attack at 
https://www.fox-it.com/en/insights/blogs/
blog/fox-hit-cyber-attack/
.
Converged Protocols
Converged protocols
are the merging of specialty or proprietary protocols with standard 
protocols, such as those from the TCP/IP suite. The primary benefit of converged protocols 
is the ability to use existing TCP/IP supporting network infrastructure to host special or 

Converged Protocols 
471
proprietary services without the need for unique deployments of alternate networking hard-
ware. This can result in significant cost savings. However, not all converged protocols pro-
vide the same level of throughput or reliability as their proprietary implementations. Some 
common examples of converged protocols are described here:

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   435   436   437   438   439   440   441   442   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish