Ethical Hacking - U1

A threat is an internal flaw; a vulnerability is an external actor.

A threat is a potential danger; a vulnerability is a weakness that could be exploited.

A threat is a specific exploit code; a vulnerability is a type of malware.

A threat is an active attack; a vulnerability is always passive.

Only verified users gain access

Actions of users can be traced uniquely to them

All access is encrypted

No data is ever deleted

Ensuring timely access to data

Ensuring data is not tampered with

Ensuring unauthorized users cannot access sensitive data

Ensuring data is backed up regularly

A DDoS attack

An unauthorized user viewing patient records

Data loss due to hardware failure

A corrupted file from malware

Data is accessible to all users

Data is encrypted at rest

Data is accurate and unaltered

Data is always available

Confidentiality

Integrity

Availability

Accountability

Hackers flood a web server to crash it

Password database is leaked

An attacker alters transaction logs without detection

System fails to boot after a power outage

Data is accessed only by those who have permission

Data remains correct and unmodified

Authorized users have timely access to information and systems

All traffic is encrypted

Packet sniffing

SQL injection

Distributed Denial of Service (DDoS) attack

Man-in-the-middle attack

Modifying packets in transit between two hosts

Sniffing network traffic to capture credentials

Injecting malicious SQL statements into a database

Denial of Service attack on a web server