Professional Documents
Culture Documents
Information Security
ISEC-210
Module Compiler
Allan Nila Chongwe – MSc. Computer Science, BSc. Information Technology
2021
All rights are reserved. No part of this publication may be reproduced, stored in a
retrieval system or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording or otherwise without copyright
clearance from Malawi University of Science and Technology.
2.0 Introduction
During the course of this unit, you will find the following key words or
phrases. Watch out for these and make sure that you understand what
they mean.
Threat Attacks Risks
Polymorphic worm Malware Vulnerabilities
The main difference between a threat and an attack is that a threat can
be either intentional or unintentional where as an attack is intentional.
The Chinese general Sun Tzu Wu's 'The Art of War', written around 500
B.C., emphasizes the importance of knowing yourself as well as the
threats you face. These two points also applies in information security
for organisations today in the sense that it is important to;
2.3.1.7 Theft
An attack of this sort in which many computers are hijacked and used to
flood the target with so many requests than the server can handle,
thereby blocking normal traffic, is called a distributed denial of service
(DDoS) attack. DDoS attacks can be disastrous for companies that make
their money operating online, potentially causing millions in lost
revenue every day the service is down. The British Internet service
provider Cloudnine is believed to be the first business affected by a
denial-of-service attack in January 2002.
Critical to the scenario is that the victim is not aware of the man in the
middle. In the well-known man-in-the-middle or TCP hijacking attack,
an attacker monitors (or sniffs) packets from the network, modifies
them, and inserts them back into the network. This type of attack uses
IP spoofing to enable an attacker to impersonate another entity on the
network. It allows the attacker to eavesdrop as well as to change, delete,
reroute, add, forge, or divert data.