seeking Clarification in CISSP topic
-
Unsolved Type of Assessment - WAR . . .
-
Actually I wanted to ask the following question,
In the types of Assessment discussed in the part 4 of Understand/Apply Risk Management concept there is term WAR. I did not understand it. Pls. explain what it means?
-
Rahim,
I hope all is well. The concept of 'WAR...' is actually a reference to a group of activities that an attacker/bad actor may engage in when attempting to better understand potential targets via reconnaissance.
The full term is a variant depending on the specifics of the activity, I.E., WARdriving, WARwalking, WARchalking, WARflying, etc...
The idea is that the person engaging in the activity is using a combination of wireless reconnaissance software and hardware to create an understanding of the topology of the wireless network(s) being examined.
The goal if you are an attacker is to map the network, all potential access points, connected endpoints, etc... looking for vulnerabilities that can be exploited during an attack.
The goal if you are a defender is also to map the network, all potential access points, connected endpoints, etc... looking for vulnerabilities that can be exploited during an attack, but then to use that information to bolster the defenses of the network and hopefully thwart attacks.
I hope that helps. You may also want to take a look at the following Wikipedia entry:
https://en.wikipedia.org/wiki/Wardriving
If I can be of any additional assistance, please let me know.
Good luck with your studies.
Cheers,
Adam
-
Thank you very much for the response.