1.4 - Network Attacks Flashcards
Analyze Potential Indicators Associated with Network Attacks
1
Q
Rogue Access Point
A
- An unauthorized wireless access point
- Doesn’t have to be malicious, but it a security threat
- A significant potential backdoor
- Could be an employee or an attacker
- Very easy to plug in a wireless access point
- To combat: Schedule a periodic survey of wireless connections. Look for 3rd party tools or pineapples
To combat: Consider using 802.1x (Network Access Control) - must authenticate, regardless of connection type
2
Q
802.1x
A
- Network Access Control
- Must authenticate (sign in) regardless of connection type
- If someone was to install a rogue access point and someone gained access, they couldn’t get in if you were running 802.1x b/c they would still need to authenticate
3
Q
Wireless Evil Twin
A
- Looks legitimate, but is malicious
- Wireless version of phishing
- Try to get users to connect to your access point
- Can overpower signal from other access points and become the primary access point
- Ex: Public wifi, very easy to install wireless evil twin
- To combat: want to make sure all communication is sent via HTTPs and VPN (this will encrypt communication). Especially, if using public wifi
4
Q
Bluejacking
A
- Sending an unsolicited message to another device via Bluetooth
- No mobile carrier required
- Bluetooth usually operates in a radius of around 10 meters
- Sometimes can include other types of media or messages
- Relatively low security concern, small area, no enhanced capabilties
- To combat: train users
5
Q
Bluesnarfing
A
- Attacker can access data on device using Bluetooth
- More of a concern than Bluejacking
- Released in 2003, modern devices shouldn’t be susceptible
- Ex: attacker might gain access to calendar, email, contacts
6
Q
Wireless Disassociation
A
- a type of DoS (Denial of Service) attack
- aka Wireless Deauthentication
- Causes wireless devices on network to not be able to communicate to access point
- Ex: wireless keeps dropping in and out
- To remedy you might have to get a patch cable and physically connect with ethernet cable. Although generally nothing you can do about it.
7
Q
802.11 management framework
A
- Mobile device -> access point via management frames
- These management frames manage quality and allow devices to associate / disassociate with access point
- original 802.11 standard didn’t provide any protection (Sent in the clear, no authentication / validation)
- These can be exploited for a Wireless Disassociation attack
- IEEE has an updated to address this problem 802.11w made in July 2014
8
Q
802.11w
A
- The updated version to protect against Wireless Disassociation attacks
- Some important management frames are now encrypted (disassociate, deauthnticate, channel switch announcements etc.)
- Although some management frames have to be not encrypted in order to allow connections
- Updated July 2014
- If you’re running 802.11 ac compliance or later then you’re already running 802.11w
9
Q
RF Jamming
A
- Radio Frequency Jamming
- A way for an attacker to create a DoS attack, by overwhelming good signal
- Prevents wireless communication
- Decrease the signal - to - noise ratio at the receiving device
- If the amount of noise is able to overwhelm the good signal then the device can’t communicate over wifi
- Sometimes this in unintentional (ex: turning on a microwave) but it can be malicious.
10
Q
Techniques to create Noise
A
- Send constant, random bits / constant, legitimate frames over network
- Or attacker could send random timed, intermittent data and legitimate frames
- Or attacker could send “reactive jamming” only sending noise when someone else tries to communicate
- Jamming device needs to be relatively close (physically close or install device near physical network) - See Fox Hunting
11
Q
Fox Hunt
A
- Take a directional antenna w/ headphones device to try to find jamming devices (that create noise and disrupt wifi)
- look for signal and then triangulate it
- Can be challenging but need the right equipment and techniques to remove the jamming devices
12
Q
RFID
A
- Radio Frequency Identification
- uses radio energy transmitted to the tag, which powers the tag and the ID is transmitted back (no battery)
- Some bi-directional communication (most are unidirectional)
- There are some RFID that have a battery (so doesn’t need energy transmitted to tag)
- It’s everywhere, can be very small
- Ex: in pets, inventory tracking, access badges
13
Q
RFID Vulnerabilities
A
- Similar vulnerabilities to any wireless network
- Ex: Data capture (b/n RFID tag and reader), especially if not encrypted
- Could potentially spoof the reader and modify the contents of RFID tag
- Could create a DoS with signal jamming
- Many keys are on google to decrypt
14
Q
NFC
A
- Near Field Communication
- Two- way wireless communication, builds on RFID which is usually one way
- Commonly see if used in stores for payment options (tapping phone to pay for something)
- Bootstrap for other wireless, can use as an authentication (using phone to pay for something)
15
Q
NFC Security Concerns
A
- Remote capture
- Wireless communication, so any interference could potentially create a DoS (Ex: Frequency jamming)
- If not encrypted, someone could sit in the middle of the conversation and relay / replay attack (on-path attack)
- Could potentially lose the RFC device itself (ex: losing your phone)
16
Q
Cryptography without Randomization
A
- Without randomization, an encrypted form could look similar to the original data or image, it could be reversed engineered by an attacker
17
Q
Cryptographic Nonce
A
- Arbitrary number that is used once
- Random value or randomized (hard to replicate it)
- “For the time being”
- Ex: during login process, server gives you a nonce, calculate your password hash using the nonce, each password hash sent to the host will be different so a replay won’t work
- Every time you send the hash back to the server, it will be different every time (b/c the nonce will be unique each time)
18
Q
IV
A
- Initialization Vector
- A common type of cryptographic nonce
- Used for randomizing an encryption scheme
- The more random the better
- Can attach the IV to an Encryption key (like WEP key) and that will make the overall encryption method much stronger
- IV is also used in some implementations of SSL
19
Q
Salt
A
- A type of password randomization (and an example of a nonce)
- Makes the password hash unpredictable
- Password storage should always be salted
- If two users had the same password, they would get a different salt and their hash would look very different
20
Q
On-path attack
A
- Sits in the middle of communication
- attacker receives your communication and then passes it on to the intended destination (making it hard to know that the traffic was redirected)
- Can occur without anyone knowing
- aka “man in the middle” attack
21
Q
ARP poisoning
A
- Address Resolution Protocol Poisoning
- Common type of on-path attack
- Attacks the local IP subnet
- Attacker will send ARP message to target device with information that was not requested, but b/c no security the receiving device will update the information it has in it’s cache and any future requests will be sent to the attacker’s address (now the attacker will perform the same poisoning to the router). Now it’s sitting gin the middle.
- ARP has no security (Devices receive and modify ARP tables without any authentication)
- Not an easy type of attack (need to be on local network)