From the course: CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Cert Prep

Unlock the full course today

Join today to access over 24,200 courses taught by industry experts.

Understand attacks

Understand attacks

- [Instructor] After identifying potential threats to an information system, security analysts should move on to a phase where they consider the possible attacks against those systems. Let's take a look at the various type of attacks that may be used against information systems. Microsoft uses the STRIDE model to help categorize attacks. This model is a helpful starting point when you're trying to identify the attacks that may be used against any particular system. Each letter in the model represents a category of attack. S stands for spoofing. Spoofing attacks use falsified identity information to gain access to a system. This may be as simple as a social engineering attack that fakes the sender's name or email address, or it may be more complicated and involves spoofing IP addresses, MAC addresses, wireless network names, or other claims of identity. The best control against spoofing is strong authentication. T stands for tampering. Tampering attacks make unauthorized changes to…

Contents