If you are in the business of IT security, you may perhaps know the answer to this elementary question: “What is the most common type of attack? a) Buffer overflow; b) Trojan horse; c) Operating system; d) Application.”
To the rest of us, the answer is d, the application attack, as Richard A. Deal writes in ‘CCNA Security’ (www.tatamcgrawhill.com). In this type of attack, the perpetrator tries to gain access to the application and the data the application has access to, the author explains. “Because modern applications tend to be complex, it can be easy for an attacker to find and exploit a weakness associated with an application.”
In a chapter on ‘endpoint security,’ the author describes the five possible phases of attack. Probe is the first. In this phase, the attacker uses ping and port scans to discover computers, the operating systems they are running, the applications they are running, and the possible vulnerabilities that the operating system and applications may have.
The second phase is ‘penetrate,’ during which the attacker uses email attachments, such as a virus or Trojan horse, buffer overflows and other methods ‘to take advantage of a vulnerability in order to gain initial access to a computer.’
Persist is the next stage. “The attacking or exploitation software will modify a computer’s existing configuration to become and remain resident on the computer – this is typically done by installing new code or programs or overwriting existing code or programs.”
The fourth phase is ‘propagate,’ wherein the attacking or exploitation software scans for other targets ‘attempting to exploit a vulnerability on other targets and gain access to them.’
Finally comes ‘paralyse,’ the phase in which the attacker crashes the computer, steals data, or deletes or modifies files or disk space on the computer.
Recommended addition to the IT professionals’ shelf.