- Pretexting: an attacker masquerades as the helpdesk or creates a legitimate-sounding scenario to convince the user to reveal sensitive network information.
- Phishing: an attacker sends an email posing as a legitimate organization and requests verification of account username and passwords.
- Vishing/phone phishing: an attacker uses Voice over Internet Protocol (VoIP) to leave a message with a user that claims to be from a banking service with a callback number.
- Virus: typically attached to and activated within another legitimate program.
- Worm: runs independently to send copies of itself.
- Trojan horse: looks like a legitimate program to trick the user into intalling.
- Denial of service (DoS): attackers also use bandwith and available connections to affect the network's operation. A DoS attack floods a network or server with traffic, preventing any legitimate connections or use.
- DoS - Synchronous (SYN) flooding: flooding a server with requests from a fake IP address and cause the server to use resources responding to these requests.
- DoS - Ping of death: attackers send a ping greater than the maximum allowed and causes a system to shut down.
- DDoS - Distributed Denial of Service: attackers use multiple hosts to attack a single server or servcie. Usually there'll be botnets used to attack a target site.
- Brute force: repeated attempts to crack usernames/passwords with software that uses combinations.
Don't forget that internal users can also (un)intentionally harm a network and an ISP should be the first line of defence!
Here are some common methods for protecting our networks:
- Virus protection
- Spyware protection
- Spam blocker
- Popup blocker