14.1 Network Threats Flashcards
Describe (AAA) Authentication Authorization Accounting
describes the three components that are used to protect network access and communications.
Authentication is the act of identifying a network user (i.e., asking for a username and password).
Authorization is permitting or denying of network resources (e.g., allowing users to access files or commands needed to perform their specific role, but denying access to everything else).
Accounting is the process of documenting user actions and collecting user data (e.g., how many resources the user uses, which files the user accesses, etc.).
Describe TACACS+
refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server
Describe (RADIUS) Remote Authentication Dial-in User Service
RADIUS is used by Microsoft servers for centralized remote access administration.
Describe a Threat actor
a person or organization that poses a threat to an organization’s security. This can be an internal or an external threat. Some threats aren’t even malicious; they can be caused by internal negligence.
Describe a White Hat hacker
This is a skilled hacker who uses skills and knowledge for defensive purposes only. White hat hackers interact only with a system that they have explicit permission to access. These are the ethical hackers.
Describe Black hat Hacker
This hacker is also very skilled, but uses knowledge and skills for illegal or malicious purposes. A black hat is also known as a cracker. These hackers are highly unethical.
Describe Gray Hat Hacker
The gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn’t being malicious like a black hat hacker.
Describe Suicide Hacker
A hacker who is concerned only with taking down the target for a cause. This hacker has no concern with being caught or going to jail. The only concern is the cause.
Describe Cyber Terrorist
This hacker is motivated by religious or political beliefs and wants to cause severe disruption or widespread fear.
Describe State Sponsored Hacker
A hacker who works for a government and attempts to gain top-secret information by hacking other governments.
Describe Hacktivist
A hacker whose main purpose is to protest and get views and opinions out there. Hacktivists often deface websites or use denial-of-service attacks.
Describe Script Kiddie
This person is extremely unskilled and uses tools and scripts that real hackers have developed.
Describe an Advanced Persistent Threat
a stealth attack that gains access to a network or computer system and remains hidden for an extended period of time.
Describe Threat Modeling
the process of analyzing the security of the organization and determining security holes
Describe Active attack
Active attacks are a perpetrator’s attempt to compromise or affect the operations of a system in some way. For example, a brute force root password attack on a web server is an active attack. A distributed denial of service (DDoS) attack is also an active attack.
Describe Passive attack
Passive attacks occur when perpetrators attempt to gather information without affecting the flow of that information from the targeted network. For example, sniffing network packets or performing a port scan are both types of passive attacks. The goal isn’t to immediately compromise a system, but to learn about that system.
Describe External attack
External attacks are attempted breaches of a network by unauthorized individuals, typically from off-site. It’s key to remember that the perpetrator in an external attack is unauthorized for any level of access to the network.
Describe Inside attack
Inside attacks, on the other hand, are initiated by authorized individuals inside the network’s security perimeter who attempt to access systems or resources and handle them in an unauthorized way. For example, an inside attack is a disgruntled employee accessing confidential company documents and leaking them to the public.
Describe Entry Points
Recognize all vulnerabilities and entry points of possible attacks. This includes public-facing servers, workstations, Wi-Fi networks, and personal devices. You must account for anything that connects to the network as a possible entry point.
Describe Inherent vulnerabilities
Identify inherent vulnerabilities or systems that lack proper security controls. For example, if your organization uses an older version of Windows for a particular application, then you must identify that system as a vulnerability. IoT and SCADA devices are both systems that lack proper security controls, and therefore must be dealt with appropriately.
Describe Documentation
Document all network assets in your organization and create a suitable network diagram that you can use as a reference. This is probably one of the most important components of knowing your system. If you don’t know the underlying infrastructure of your network, then you can’t adequately secure it. Proper network documentation and diagrams will not only help you identify a weak network architecture or design, but protect against system sprawl and unknown systems.
Describe Network Baseline
Identify a network baseline. This means that you need to know your systems’ normal activity, such as its regular traffic patterns, data usage, network activity, server load, etc. Mainly, you need to know what your network looks like in normal day-to-day usage. Knowing this allows you to identify unusual or atypical activity that can indicate an attack in progress or a compromised network. To identify a network baseline, you can use network tools that monitor network traffic and create a graphical representation of the collected data, such as Cisco’s NetFlow tool.
Describe Network Segmentation
imiting network damage from a compromised system or systems.
What is the most common way to implement network segmentation
is to create multiple VLANs for each network zone. These zones can also be separated by firewalls to ensure only specific traffic is allowed. You can categorize systems into different zones (for example, a no-trust zone, low-trust zone, medium-trust zone, high-trust zone, and highest-trust zone).
