privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
Download this free guide
5 Ways to Prevent Ransomware: Download Now
Ransomware attacks are not only becoming more common, they’re becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances privilege escalation is required. There are two kinds of privilege escalation: vertical and horizontal.
Vertical privilege escalation requires the attacker to grant himself higher privileges. This is typically achieved by performing kernel-level operations that allow the attacker to run unauthorized code.
Horizontal privilege escalation requires the attacker to use the same level of privileges he already has been granted, but assume the identity of another user with similar privileges. For example, someone gaining access to another person’s online banking account would constitute horizontal privilege escalation.
This was last updated in November 2010
Certified Information Systems Auditor (CISA) Certified Information Systems Auditor is a credential that demonstrates an IT professional’s ability to assess risk and institute. See complete definition CISO (chief information security officer) The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an. See complete definition engine-level encryption Engine-level encryption is cryptographic encoding and decoding of data that is executed within a database engine. See complete definition
Dig Deeper on Database Security Management-Enterprise Data Protection