Page 1199 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1199

Security professionals need to be aware of common attack methods so
               that they can take proactive steps to prevent them, recognize them

               when they occur, and respond appropriately in response to an attack.
               This section provides an overview of many common attacks. The
               following sections discuss many of the preventive measures used to
               thwart these and other attacks.




                             We’ve attempted to avoid duplication of specific attacks

                  but also provide a comprehensive coverage of different types of
                  attacks throughout this book. In addition to this chapter, you’ll see
                  different types of attacks in other chapters. For example, Chapter

                  14, “Controlling and Monitoring Access,” discusses some specific
                  attacks related to access control; Chapter 12, “Secure
                  Communications and Network Attacks,” covers different types of
                  network-based attacks; and Chapter 21 covers various types of
                  attacks related to malicious code and applications.




               Botnets

               Botnets are quite common today. The computers in a botnet are like
               robots (referred to as bots and sometimes zombies). Multiple bots in a
               network form a botnet and will do whatever attackers instruct them to

               do. A bot herder is typically a criminal who controls all the computers
               in the botnet via one or more command-and-control servers. The bot
               herder enters commands on the server, and the zombies check in with
               the command-and-control server to receive instructions. Zombies can
               be programmed to contact the server periodically or remain dormant
               until a specific programmed date and time, or in response to an event,
               such as when specific traffic is detected. Bot herders commonly

               instruct the bots within a botnet to launch a wide range of attacks,
               send spam and phishing emails, or rent the botnets out to other
               criminals.

               Computers are typically joined to a botnet after being infected with
               some type of malicious code or malicious software. Once the computer
               is infected, it often gives the bot herder remote access to the system
   1194   1195   1196   1197   1198   1199   1200   1201   1202   1203   1204