Chapter 10 - Network-Based Threats, Attacks and Vulnerabilities Flashcards
Threats
The expressed potential for the occurrence of a harmful event such as an attack.
Attacks
Actions taken against a target resource with the intention of doing harm:
- DoS
- DDoS
-Teardrop
- Sequence Number
- Smurf
- Ping of death
- SYN flood
- Worms
- Spam
- Phishing
DoS
Denial of Service attack is an attempt to incapacitate a target system or resource:
- high volume
- malfunction
DDoS
Distributed Denial of Service attack is designed to overwhelm a target with a vast amount of incoming traffic that originates from multiple sources.
Sequence Number
A sequence number attack consists of an attacker who attempts to hijack or disrupt an existing TCP session by injecting packets that pretend to originate from one of the two computers in the session.
Smurf
A smurf attack consists of a large number of forged ICMP echo requests. The packets are sent to a target network’s broadcast address, which causes all systems on the network to respond. The packets are forged with the ‘from’ address of the target system, resulting in a large number of ICMP echo reply messages from all of the systems on the network.
PoD
Ping of Death attack is an attack where the attacker sends a ping packet of length 65,535 bytes to the target system. The TCP/IP protocol will fragment this packet as it travels through the network. It is then reassembled on the target system, causing a buffer overflow.
historic attack
SYN Flood
A SYN flood attack is a denial-of-service attack in which the attacker sends a large number of SYN packets to the target system. This attack is designed to overwhelm the resources of the target system until it is unable to respond to legitimate traffic.
Worms
A worm is a type of malware that has the means for automatic self-replication.
They spread by exploiting known vulnerabilities that permit the malicious program to infect
new victims.
Spam
Spam is the common term for unsolicited commercial e-mail (UCE).
Spam greatly adds to the volume of e-mail traffic on the Internet. Often, the volume of spam is so high that over 90 percent of all e-mail on the Internet is spam.
Spam’s effect on networks is the degradation of performance through network and e-mail
server congestion, as well as the machine cycles required to filter and remove spam messages
Phishing
Phishing is a type of spam where the contents of a message is designed to masquerade as a trustworthy organization, with the intention of defrauding recipients by tricking them into downloading and executing a malicious program or luring them to an authentic-looking website where they will enter secret information such as userids, passwords, bank
account etc.
Vulnerabilities
Vulnerabilities are defined as weaknesses that make targets susceptible to attack, resulting in
harm or compromise of sensitive information.
Examples of Vulnerabilities
- unnecessary Open Ports
- Unpatched Systems
- Poor and outdated configurations
- Default Passwords
- Exposed cabling
Network Countermeasures
Network countermeasures refer to defensive strategies and actions taken to protect computer networks, systems, and data from various threats and vulnerabilities. These countermeasures are designed to prevent unauthorized access, mitigate risks, and respond to security incidents.
Network Countermeasures examples
- Access Control List
- Firewalls
- Intrusion Detection Systems (IDS)
- Intrusion Prevention System (IPS)
- Data Leakage Prevention System (DLP)
- Network Cabling Protection
- Anti-Virus Software
- Private Addressing
