Page 1270 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1270

botnet to launch attacks on other systems, or to send spam or phishing
               emails. Bot herders also rent botnet access out to other criminals.

               Understand zero-day exploits. A zero-day exploit is an attack that

               uses a vulnerability that is either unknown to anyone but the attacker
               or known only to a limited group of people. On the surface, it sounds
               like you can’t protect against an unknown vulnerability, but basic
               security practices go a long way toward preventing zero-day exploits.
               Removing or disabling unneeded protocols and services reduces the

               attack surface, enabling firewalls blocks many access points, and using
               intrusion detection and prevention systems helps detect and block
               potential attacks. Additionally, using tools such as honeypots and
               padded cells helps protect live networks.

               Understand man-in-the-middle attacks. A man-in-the-middle
               attack occurs when a malicious user is able to gain a logical position
               between the two endpoints of a communications link. Although it

               takes a significant amount of sophistication on the part of an attacker
               to complete a man-in-the middle attack, the amount of data obtained
               from the attack can be significant.

               Understand sabotage and espionage. Malicious insiders can
               perform sabotage against an organization if they become disgruntled
               for some reason. Espionage is when a competitor tries to steal
               information, and they may use an internal employee. Basic security

               principles, such as implementing the principle of least privilege and
               immediately disabling accounts for terminated employees, limit the
               damage from these attacks.

               Understand intrusion detection and intrusion prevention.
               IDSs and IPSs are important detective and preventive measures
               against attacks. Know the difference between knowledge-based
               detection (using a database similar to anti-malware signatures) and

               behavior-based detection. Behavior-based detection starts with a
               baseline to recognize normal behavior and compares activity with the
               baseline to detect abnormal activity. The baseline can be outdated if
               the network is modified, so it must be updated when the environment
               changes.

               Recognize IDS/IPS responses. An IDS can respond passively by
   1265   1266   1267   1268   1269   1270   1271   1272   1273   1274   1275