Man-in-the-Middle/ Brute Force Attacks (Comptia Objective 2.5)

Question 1

What is a Man-in-the-middle attack and how do they work?

Answer 1

• How can a bad guy watch what you’re doing without you knowing? Man-in-the-middle
• Redirects your traffic then passes it on to the destination( You never know you traffic was redirected)
• One of the common ways Man-in-the-middle attacks occur is through ARP Poisoning or spoofing(Address Resolution Protocol Poisoning) as ARP has no security.
  Basically ARP Poisonings occur when a device is communicating across the network requesting a MAC address of a specific device such as a router by providing it’s IP address. A Man in the middle then states that they are the IP address in question but the MAC address they provide is not the the device the user was trying to connect to instead it’s the MAC address of the bad guy thus giving them access to the data that was sent across the network. They they can also do this with the router itself sending the routers traffic to them as well.

Question 2

What are some ways you can mitigate against a Man-In-The-Middle attack?

Answer 2

• Use encrypted protocols such as HTTPS or SSH.
• Communicate over a secure channel using something like a Client based VPN.
• Use encrypted wireless networks. Avoid insecure networks such as public Wifi, Hotels etc.

Question 3

What is a brute force attack? How do they work?

Answer 3

• This is a way of trying to gain access to a users username and password
• Often deals with password hashes stored in a password file which uses one way cryptography to turn a regular password into a hashed password which is much harder to decipher.
• The password is the key( secret phrase, stored hash etc)
• Brute Force attacks can occur online where the bad guys will keep trying the login process over and over again but this can be very slow and most accounts will lockout after a number of failed attempts so for that reason the bad guys really like to get their hands on:
• The Offline Password file and then brute force the hash so that they don’t get locked out while trying to crack the password. They do this by obtaining the list of users and hashes then calculate a password hash and compare it to a stored hash. This requires a large computational resource requirement.

Question 4

What are Dictionary Attacks?

Answer 4

• People use common words as passwords( You can find these words in the dictionary)
• If you’re using brute force you should start with the easy ones( 123456, password, ninja, football etc)
• Many common wordlists are available on the net. Some are customized by language or line of work
• This will catch the low-hanging fruit( You’ll need some smarter attacks for the smarter people)

Question 5

What are Rainbow Tables? How are they used and what makes them dangerous when it comes to Brute force attacks?

Answer 5

• An optimized, pre-built set of hashes. Doesn’t need to contain every hash the calculations have already been done. Allows you to search a database of hashes and then translate these into real passwords
• This allows a remarkable increase in speed of cracking a password especially with longer password lengths.
• Needs different tables for different hashing methods( Windows is different than Linux and MySQL etc) making it more challenging.
• For best possible security we store our hashed passwords alongside with an additional random value known as a “salt” . Rainbow Tables won’t work with salted hashes.