1.4 Network Attacks

Question 1

What is a Wireless Attack?

Answer 1

Wireless attacks are specific to wireless networks. Mostly these attacks attempt to gain unauthorized access to a wireless network.

Question 2

What are the [8] types of wireless attacks?

Answer 2

• Evil Twin
• Rogue Access Point
• Bluesnarfing
• Bluejacking
• Disassociation
• Jamming
• Radio Frequency Identification (RFID)
• Near-Field Communication (NFC)

Question 3

What is an Evil Twin?

Answer 3

Unauthorized wireless access points deceive users into believing that they are legitimate network access points.

• Corporate Networks, Private Networks, and Public Wi-Fi Hotspots

Question 4

What is a Rogue Access Point?

Answer 4

An unauthorized wireless access point on a corporate or private network that allows unauthorized individuals to connect to the network.

• Can allow man-in-the-middle attacks

Question 5

What is Bluesnarfing?

Answer 5

A wireless attack is where an attacker gains access to unauthorized information on a wireless device by using a Bluetooth connection.

• Close range attack
  *Bluetooth transmission limit is 328 ft
• Can access and steal private information from Bluetooth Devices.
  Email messages
  Contact Information
  Calendar Entries
  Images, Videos, and other data

Question 6

What is Bluejacking?

Answer 6

A wireless attack where an attacker sends unwanted Bluetooth signals from a smartphone, mobile phone, it laptop to other Bluetooth - enabled devices.

Question 7

What is Bluetooth?

Answer 7

A short-range wireless radio network transmission medium is normally used to connect two personal devices, such as a mobile phone and a wireless headset.

Question 8

What is Wireless Disassociation?

Answer 8

A wireless attack where an attacker spoofs the MAC address of a wireless access point to force a target device to try and reassociate with the WAP.

Question 9

What is Jamming?

Answer 9

A situation where radio waves from other devices (benign or malicious) interface with the wireless signals used to communicate over wireless networks. Also referred to as interference.

Question 10

What is RFID System Attack?

Answer 10

RFID: A technology that uses electromagnetic fields to automatically identify and track tags or chips affixed to selected objects and store information about the objects.

• Tag and Reader
• Inventory Management and Tracking
• Human and Animal Identification and Tracking
• Contactless Payments
• Smart Cards

Question 11

What is Near Field Communication (NFC)?

Answer 11

Commonly found on smartphones and many mobile device accessories, NFC is a standard that establishes radio communications between devices in close proximity. It is often used to perform device-to-device data exchanges, set up direct communications, or access more complex services. It lets you perform synchronization between devices by touching them together or bringing them within centimeters of each other. Many contactless payment systems are based on NFC.

Question 12

What is an Initialization Vector (IV) Attack

Answer 12

A wireless attack where the attacker predicts or controls the IV used in an encryption process, rendering the encrypted data vulnerable.

Question 13

What is an Initialization Vector (IV)?

Answer 13

A mathematical and cryptographic term for a random number is used to reduce predictability and repeatability.

Question 14

What are the top [10] wireless security best practices?

Answer 14

• Disable SSID broadcasting (AKA hide your network)
• Use MAC Filtering
• Reduce the signal strength to only cover the area needed
• Change default SSID and default admin passwords
• Set policies for any devices that access the network
• Enable a firewall at the WAP
• Physically secure access to WAPs
• Use an SSID that does not provide identifying information
• Setup alerting for new MAC addresses that connect to the WAP
• Review devices connected to the WAP regularly

Question 15

What is On-Path Attack? AKA Man-In-The-Middle

Answer 15

This attack happens when a hacker inserts themselves between a user and a website. There are many types of On-Path attacks such as eavesdropping, spoofing, or hijacking. Each attacker’s intent is different but these types of attacks can be mitigated by using a VPN, having an IDS in place, having strong firewall rules in place, using encrypted protocols, and regularly conducting penetration testing.

Question 16

What are Layer 2 Attacks?

Answer 16

Layer 2 of the Open Systems Interconnection (OSI) model is also known as the Data Link layer, where Ethernet operates.

Question 17

What is Address Resolution Protocol (ARP) Poisoning?

Answer 17

Layer 2 Attack: Changing the registration of IP to MAC address in the ARP table thereby transmitting falsified ARP resolution data

Question 18

What is Media Access Control (MAC) address?

Answer 18

The physical address of a network interface card (NIC)

Question 19

What is Domain Naming System (DNS)?

Answer 19

Resolves URL to IP addressing

Question 20

What is MAC Flooding?

Answer 20

Layer 2 Attack: An attack that floods a switch with Ethernet frames with a randomized source MAC address causes it to get stuck flooding once it can no longer properly forward traffic.

Question 21

What is MAC Cloning/Spoofing?

Answer 21

Layer 2 Attack: Used to impersonate another system, often a valid or authorized network device, to bypass port security or MAC filtering limitations.

Question 22

What is MAC Filtering?

Answer 22

Layer 2 Attack: This is a security mechanism intended to limit or restrict network access to those devices with known specific MAC addresses.

Question 23

What port is DNS?

Answer 23

Port 53

Question 24

What is Port 53?

Answer 24

DNS

Question 25

What is Domain Hijacking?

Answer 25

Is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.

Question 26

What is DNS Poisoning?

Answer 26

It is an attack that uses altered Domain Name records to redirect traffic to a fraudulent site

Question 27

What is Uniform Resource Locator (URL) Redirection?

Answer 27

A vulnerability that allows an attacker to force users of your application to an untrusted external site

Question 28

What is Domain Reputation?

Answer 28

Is like a credit score for your sending email domain. Email service providers calculate your domain reputation on a scale of 0-100. The closer to 100 your domain score is, the more receiving email servers will trust your emails.

Question 29

What is Distributed Denial-Of-Service (DDoS)?

Answer 29

Occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.

Question 30

What is a Smurf Attack?

Answer 30

This form of DRDoS uses ICMP echo reply packets (ping packets).

Question 31

What is a Powershell?

Answer 31

Powershell is an attacker’s tool of choice for conducting fileless malware attacks. Powershell is a powerful scripting language that provides unprecedented access to a machine’s inner core, including unrestricted access to Windows APIs.

Question 32

What is Python?

Answer 32

Scripting attacks are favored by cybercriminals and nation-states because they are hard to detect by endpoint detection and response (EDR) systems.

Question 33

What is Bourne Again Shell (Bash)?

Answer 33

The bash shell to run commands and run executables and automated tasks primarily in Linux, Unix, and MacOS.

Question 34

What are Macros?

Answer 34

A program or script is written in a language that is embedded into specific files, such as Word documents, Excel spreadsheets, and Adobe PDFs

Question 35

What is Visual Basic for Applications (VBA)?

Answer 35

Visual Basic for Applications is a computer programming language developed and owned by Microsoft. With VBA you can create macros to automate repetitive word and data processing functions and generate custom forms, graphs, and reports.