Attacks

Question 1

Denial of Service Attack

Answer 1

In a DoS attack, a hacker overloads a specific server with so much data that the server is too busy to service valid requests coming from real clients on the network.

Question 2

(SYN) flood (DoS)

Answer 2

“SYN is an aspect of TCP/IP that allows systems to synchronize with each other while communicating. One system sends a SYN packet that is acknowledged by another system. The target system then waits for another acknowledgement from the sender. This process can be abused by a malicious hacker by sending forged SYN packets to a host that is unable to reply to the request because the return address is incorrect. This causes the host to halt communications while waiting for the other system to reply. overloaded and unable to respond to legitimate requests. If the host is flooded with a high number of forged SYN packets, it will be This process can be abused by a malicious hacker by sending forged SYN packets to a host that is unable to reply to the request because the return address is incorrect. This causes the host to halt communications while waiting for the other system to reply. overloaded and unable to respond to legitimate requests.
If the host is flooded with a high number of forged SYN packets, it will be

Question 3

Back Door

Answer 3

“A back door is traditionally defined as a way for a software programmer to access a program while bypassing its authentication schemes.
In hacking terms, a back door is a program secretly installed on an unsuspecting user?s computer so the hacker can later access the user?s computer, bypassing any security authentication systems.”

Question 4

Back Door Mitigation

Answer 4

Anti-virus programs can detect the presence of back-door programs. Personal firewalls can also detect suspicious incoming and outgoing network traffic from a computer. Port-scanning software can also be used to identify any open ports on the system, including those you do not recognize. These open ports can be cross-referenced with lists of ports used by known back-door programs.

Question 5

Blue jacking

Answer 5

Blue jacking is the sending of unsolicited messages (think spam) over the Bluetooth connection

Question 6

Bluesnarfing

Answer 6

Bluesnarfing is the gaining of unauthorized access through a Bluetooth connection. This access can be gained through a phone, PDA, or any device using Bluetooth. Once access has been gained, the attacker can copy any data in the same way they would wi

Question 7

Cross-site scripting (XSS)

Answer 7

is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007

Question 8

Data emanation

Answer 8

as unprotected and unsecured wireless communications can be easily intercepted and an unauthorized user can steal user names and passwords and sensitive private data. All information on an unsecured WLAN is transmitted in clear text, and any wireless user can use a protocol analyzer or sniffer application to view the data traversing the WLAN. All WLANs should communicate using secure encrypted channels to prevent eavesdropping from unauthorized users.

Question 9

DNS Poisoning

Answer 9

“The DNS poisoning technique takes advantage of a DNS server?s tables of IP addresses and host names by replacing the IP address of a host with another IP address that resolves to an attacker?s system.
For example, a malicious user can masquerade her own web server by poisoning the DNS server into thinking that the host name of the legitimateweb server resolves to the IP address of the rogue web server. The attacker can then spread spyware, worms, and other types of malware to clients connecting to her web server. This type of attack has a great potential for damage, as several thousand clients can be using the DNS server or its cache of IP addresses and host names, and all of themwill be redirected to the poisoned address in the DNS cache tables.
The malicious attacker can perform this attack by exploiting vulnerabilities in a DNS server that does not perform authentication or any type of checks to ensure the DNS information is coming froman authentic source. This information can be passed fromone DNS server to another, almost like a worm, and the rogue address can be quickly spread.
DNS poisoning attacks can be mitigated by ensuring that your DNS sever updates its information only from authoritative sources by proper authentication or the use of secure communications.MostDNSsoftware has been updated to prevent these types of attacks, and typically only out-of-date DNS software is vulnerable to DNS poisoning.

”

Question 10

DNS Poisoning Mitigation

Answer 10

DNS poisoning attacks can be mitigated by ensuring that your DNS server updates its information only from authoritative sources by proper authentication or the use of secure communications. Most DNS software has been updated to prevent these types of attacks, and typically only out-of-date DNS software is vulnerable to DNS poisoning.

Question 11

Domain Kiting

Answer 11

refers to the practice of registering a domain name, then deleting the registration after the five-day grace period, and then re-registering it to start another five-day grace period. This results in the domain being registered to the user without his having to pay for the registered domain.

Question 12

Dynamic NAT

Answer 12

Provides a pool of various external IP addresses that can be used when an internal client wants to access something externally. Dynamic NAT helps in environments that have only a limited amount of external addresses to use and not all of the clients are going to be active at the same time

Question 13

Extranet

Answer 13

“An extranet is an extension of your private network or intranet.
An extranet extends outside the body of your local network to enable other companies or networks to share information. For example, an automobile manufacturing company could have an extranet that connects selected business partners, so they can access and share specific information on availability and inventories between the networks. These are often referred to as business-to-business (B2B) communications or networks because one company uses the internal resources and services of another.”

Question 14

MAC address-based VLAN

Answer 14

“Tracks clients and their respective VLAN memberships through the MAC address of their network card. The switches maintain a list of MAC addresses and VLAN membership, and they route the network packets to their destinations, as appropriate.
The advantage of MAC address-based VLANs is if their VLAN membership changes, they needn?t be physically moved to another port. One drawback of this method is that being part of multiple VLANs can cause confusion with the switch?s MAC address tables. This model is recommended for single VLAN memberships. “

Question 15

Man-in-the-middle (MITM) bucket-brigade attack, or sometimes Janus attack

Question 16

Man-in-the-middle Mitigation

Answer 16

“To prevent man-in-the-middle attacks, a unique server host key can be used to prove its identity to a client as a known host. This has been implemented in newer versions of the SSH protocol, which was vulnerable to man-in-the-middle attacks in the past.
“

Question 17

Network Access Control

Answer 17

“Network access control (NAC) lets your network devices allow or deny access to clients based on predefined access policies.
These policies set out rules for what clients can access the network and define a minimum set of parameters to which clients must adhere to ensure they are properly
configured. NAC policies help prevent viruses and worms that have infected a client on your network from infecting other systems by
denying the client access to the network based on its current status.”

Question 18

Network address translation (NAT)

Answer 18

is a service that allows private IP addresses on your internal network to be translated into routable addresses for communication on the Internet.

Question 19

NULL sessions

Answer 19

A null session is a session established with a server when no credentials are supplied.

Question 20

Null Sessions Mitigation

Question 21

Overloaded NAT

Answer 21

Shares one single external address for all internal clients by assigning an individual port socket address that is mapped to the one external address. This technique is also called port address translation (PAT) and is widely used in home-based network devices

Question 22

Port-based VLAN

Answer 22

“Uses the specific port of a network switch to configure VLANs, where each port is configured as part of a particular
VLAN. To assign a client workstation to that VLAN, it must be plugged into that port.
“

Question 23

Privilege escalation

Answer 23

“Privilege escalation refers to the practice of exploiting coding bugs that exist within software.

In certain situations, it can be possible for an unauthorized user to gain more privileged access to a network device by taking advantage of the bug exploit to bypass the device security and perform commands with higher privileged access than expected.”

Question 24

Protocol-based VLAN

Answer 24

The most flexible and logical type of VLAN uses the addresses of the IP layer to assign VLAN settings, so an entire IP subnet can be assigned a certain VLAN membership.

Question 25

Replay

Question 26

Replay Mitigation

Answer 26

“To prevent replay attacks from succeeding, timestamps or sequence numbers can be implemented.
This allows the authentication system to accept only network packets that contain the appropriate stamp or sequence number.
If the timestamp is beyond a certain threshold, the packet is discarded.”

Question 27

Rogue access points

Answer 27

With wireless networks, much of the typical physical security that prevents someone fromplugging into a network is unavailable.Anyone within the vicinity of a WLAN can connect to it easily with the use of a laptop or other wireless-equipped device. Unauthorized users can also set up their own wireless access points to which unsuspecting users connect and transmit sensitive and private data, including user name and password credentials, directly on the hacker?s network.

Question 28

Smurf Attack

Answer 28

A smurf attack uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP A hacker uses a smurf utility to build a network packet with a spoofed IP address that contains an ICMP ping message addressed to an IP broadcast address broadcast address includes all nodes of a certain network, and messages to that address will be seen by all of them. The ping echo responses are sent back to the target address. The amount of pings and echo responses can flood the network with raffic, causing systems on the network to be unresponsive

Question 29

Smurf Attack Mitigation

Answer 29

To prevent smurf attacks, IP broadcast addressing should be disabled on the network router, because this broadcast addressing is used only rarely.

Question 30

Spoofing

Question 31

Spoofing Mitigation

Question 32

SSID broadcast

Answer 32

Broadcasting your SSID

Question 33

TCP/IP Hijacking

Answer 33

An unauthorized user can effectively hijack a network connection of another user. For example, by monitoring a network transmission, an attacker can analyze the source and destination IP addresses of the two computers. Once the attacker knows the IP address of one of the participants, she can knock them off their connections using a DoS or other type of attack, and then resume communications by spoofing the IP address of the disconnected user. The other user is tricked into thinking he is still communicating with the original sender.

Question 34

TCP/IP Hijacking Mitigation

Question 35

The firewall device

Answer 35

“is used to regulate network traffic and prevent access to the private network from a public network such as the Internet.
The firewall uses a special set of rules to permit or deny network access, as appropriate, such as allowing only FTP traffic to a specific server. “

Question 36

Virtual LAN

Answer 36

A VLAN is a type of logical network that exists as a subset of a larger physical network. Smaller networks can be fairly easily divided into segments, with little administrative overhead. Splitting a network into segments allows network data and broadcast traffic to stay on the local segment,without broadcasting data to the entire network. Segmentation of LANs also provides extra security, because a user on one LAN will not have access to another LAN without special permission.

Question 37

War driving

Answer 37

Hackers have been known to roam neighborhoods with a large corporate presence, using simple laptops with wireless connectivity to connect to unprotected WLANs and access their resources.

Question 38

Weak passwords

Answer 38

Select a password that is at minimum eight characters in length, that includes both uppercase and lowercase characters, numbers, and special characters such as the # symbol.

Question 39

XSS Mitigations

Answer 39

Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of migitgations any security mitigations are implemented by the site’s owner.

Question 40

Static NAT

Answer 40

Provides a one-to-one address mapping in which one internal address is mapped to one public external address

Question 41

Dynamic NAT

Answer 41

Provides a pool of various external IP addresses that can be used when an internal client wants to access something externally. Dynamic NAT helps in environments that have only a limited amount of external addresses to use and not all of the clients are going to be active at the same time

Question 42

Overloaded NAT

Answer 42

Shares one single external address for all internal clients by assigning an individual port socket address that is mapped to the one external address. This technique is also called port address translation (PAT) and is widely used in home-based network devices