Common Security Attacks - Mitigation Flashcards
Motivations behind attacks
Financial Gain
Disrupt Service by competitor, protestor, or for attention seeker
Geopolitical
Social Engineering Attacks
Shoulder watching
Fake phone call
Phishing Mail
Lost USB left for someone to use. as a trap.
Phishing Attack
Email
DNS(pharming)
Phone Calls
SMS messages
Defending Against Social/phishing attack
training, policies, simulations
anti-virus, firewalls, e-mail filters
web and email security(Cisco WSA & ESA)
endpoint security to restrict user access
DOS(Denial of service) Attack
Massive amounts of requests sent to a server to tie up its resources. So legitimate users cannot access the server.
DDOS(Distributed Denial of service) Attack
Attacker Zombies/Botnets to DOS attack simultaneously
DDOS Attack Mitigations
Network/Application Firewalls
Resource Access
Spoofing Attacks
Attacker fakes the identity of another device
MAC Spoofing
IP Spoofing
Application Spoofing
IP Spoofing Mitigation
Infrastructure ACLs
URPF(Unicast Reverse Path Forwarding) to check if spoofed IPs match the routing table for incoming interface
Man in the middle attacks
Both parties believe they are communicating with each other
ARP/IP/DHCP/DNS Spoofing
Reflector/Reflective Attack
Attack spoofs victim’s IP address. Attacker sends many DNS server requests, but the DNS server sends the replies to the IP of the victim
Amplification Attack
Reflector attack but used with a botnet and multiple DNS servers
Reconnaissance Attack
learning information about a target network.
os, services, ip addresses, vulnerabilities.
Probing to plan for future attacks.
CDP/LLDP, Ping sweeps, packet sniffers, port scan, internet information Queries(nslookup)
Mitigate Reconnaissance Attacks
Disable un-needed services
Application & Network firewalls as proxies(Firewall/IPS)
Two factor authentication
Encryption
Ant-sniffer tools to detect packet sniffer attacks
