2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet605/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   601   602   603   604   605   606   607   608   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Spoofing Attacks
Spoofing
(also known as masquerading) is pretending to be something, or someone, else. 
There is a wide variety of spoofing attacks. As an example, an attacker can use someone 
else’s credentials to enter a building or access an IT system. Some applications spoof legiti-
mate logon screens. One attack brought up a logon screen that looked exactly like the oper-
ating system logon screen. When the user entered credentials, the fake application captured 
the user’s credentials and the attacker used them later. Some phishing attacks (described 
later in this section) mimic this with bogus websites.
In an IP spoofing attack, attackers replace a valid source IP address with a false one 
to hide their identity or to impersonate a trusted system. Other types of spoofing used in 
access control attacks include email spoofing and phone number spoofing.
Email Spoofing
Spammers commonly spoof the email address in the From field to make 
an email appear to come from another source. Phishing attacks often do this to trick users 
into thinking the email is coming from a trusted source. The Reply To field can be a differ-
ent email address and email programs typically don’t display this until a user replies to the 
email. By this time, they often ignore or don’t notice it.
Phone Number Spoofing
Caller ID services allow users to identify the phone number 
of any caller. Phone number spoofing allows a caller to replace this number with another 
one, which is a common technique on Voice over Internet Protocol (VoIP) systems. One 
technique attackers have been using recently is to replace the actual calling number with a 
phone number that includes the same area code as the called number. This makes it look 
like it’s a local call.

Understanding Access Control Attacks 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   601   602   603   604   605   606   607   608   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish