An attack is the act that takes advantage of a vulnerability to compromise an asset, thus resulting in a loss. It is accompanied by a threat-agent that denies, damages or steals an organizations information or physical asset. A vulnerability is an identified weakness in a system, where controls are not present, or not effective or have become obsolete. Below you will find a list of attacks, threat agents and vulnerabilities. For this assignment you will need to pick five (5) of the below methods. Explain the method in detail and provide suggested prevention controls. For example, if malicious code were on the list below I would first explain the topic and then as suggested controls I would state: The obvious controls are good vulnerability management (e.g., installing patches on a regular basis), up-to-date antivirus, anti-spyware, etc., but there are also policy and awareness controls that guide users behavior (e.g., dont click on links in email, etc). Please make sure that your answers are detailed and well supported. You must use a minimum of 2 outside sources.
- Hoaxes with an attached virus
- Back doors
- Password attacks
- Denial-of-service (DoS) and distributed denial-of-service (DDos) attacks
- Man-in-the-middle (MITM)
- Timing attack