Two-Minute Drill 549 TWO-MINUTE DRILL Identify Security Issues for Converged Networks T Attacks may be passive or active. Eavesdropping is an example of a passive attack. Password cracking is an example of an active attack. T An attacker's motive may be to target your organization specifically, or they may attack promiscuously. T Password cracking and password attacks are used to gain access to valid credentials for network penetration. T A brute-force password attack is an attack where every possible password is attempted using a random or logical algorithm. T VoIP networks may be vulnerable to eavesdropping attacks when encryption is not used. T Social engineering is used to gain access to data and information without using technical methods. T A zero-day hack is a fresh or newly discovered hack. T Wireless networks may introduce vulnerabilities, such as eavesdropping, that are more easily exploited than wired networks. T Many wireless security recommendations are actually myths, such as the supposed benefits of SSID hiding, MAC filtering, and WEP encryption. ch13.indd 549 10/4/11 12:45 PM