Analyzing Potentially Malicious Activity

Question 1

Distributed denial of service attack (DDoS attack)

Answer 1

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with requests or response traffic.

Question 2

Traffic Spike

Answer 2

A sharp increase in connection requests in comparison with a baseline.

Question 3

Beaconing

Answer 3

A means for a network node to advertise its presence and establish a link with other nodes, such as the beacon management frame sent by an AP. Legitimate software and appliances do this, but it is also associated with Remote Access Trojans (RAT) communicating with a Command & Control server.

Question 4

Internet relay chat (IRC)

Answer 4

A group communications protocol that enables users to chat, send private messages, and share files.

Question 5

ARP Spoofing

Answer 5

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.

Question 6

Rogue Device

Answer 6

An unauthorized device or service, such as a wireless access point DHCP server, or DNS server, on a corporate or private network that allows unauthorized individuals to connect to the network.

Question 7

Non-standard Port

Answer 7

Communicating TCP/IP application traffic, such as HTTP, FTP, or DNS, over a port that is not the well-known or registered port established for that protocol.

Question 8

mismatched port/application traffic

Answer 8

Communicating non-standard traffic over a well-known or registered port.

Question 9

Worm

Answer 9

type of malware typically results in high volumes of traffic saturating switches and router interfaces

Question 10

How does 802.1x help protect against rogue devices?

Answer 10

802.1x limits network access to only pre-authorized devices.

Question 11

Privilege Escalation

Answer 11

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Question 12

Nessus

Answer 12

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security

Question 13

OpenVAS

Answer 13

An open-source vulnerability scanner, originally developed from the Nessus codebase at the point where Nessus became commercial software.

Question 14

Qualys

Answer 14

A cloud-based vulnerability management solution. Users install sensor agents at various points in their network, and the sensors upload data to the cloud platform for analysis

Question 15

Nmap

Answer 15

An IP and port scanner used for topology, host, service, and OS discovery and enumeration

Question 16

Metasploit Framework (MSF)

Answer 16

A platform for launching modularized attacks against known software vulnerabilities.