Module 3: Network Security Concepts Flashcards
Describe the Attack Type
Eavesdropping Attack
Also called sniffing or snooping
This is when a threat actor captures and “listens” to network traffic.
Describe the Attack Type
Data Modification Attack
If threat actors have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver.
Describe the Attack Type
IP Address Spoofing Attack
A threat actor constructs an IP packet that appears to orginate from a valid address inside the corporate intranet.
Describe the Attack Type
Password-based Attacks
Specifically what can be done with a valid user account password
Used the password of a valid user account, to obtain lists of other users, network information, change server and network configurations, and modify, reroute, or delete data.
Describe the Attack Type
Denial of Service Attack
(DoS)
Prevents normal use of a computer or network by flooding traffic to either slow down or shut down systems and networks.
Describe the Attack Type
Man-in-the-Middle Attack
(MitM)
When a threat actor positions themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently.
Describe the Attack Type
Compromised-key Attack
If a threat actor obtains a secret key, it becomes compromised. It can be used to gain access to secure communications without the sender or receiver being aware of the attack.
Describe the Penetration Testing Tool
Password Crackers
List some tools
Used to find or ‘recover’ a password, either by removing the original password or by discovery by repeated guessses (Brute Force Attack) or using lists of commonly used passwords (Dictionary Attacks)
e.g. John the Ripper, Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, Medusa
Describe the Penetration Testing Tool
Wireless Hacking Tools
List some tools
Used to discover and hack wireless networks.
Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, NetStumbler
Describe the Penetration Testing Tool
Network Scanning and Hacking Tools
List some tools
Used to probe network devices, servers, and hosts for open TCP or UDP ports.
Nmap, SuperScan, Angry IP Scanner, NetScan Tools
Describe the Penetration Testing Tool
Packet Crafting Tools
List some tools
Used to probe and test a firewall’s robustness using specifically crafted forged packets.
Hping, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis
Describe the Penetration Testing Tool
Packet Sniffers
List some tools
Used to capture and analyse packets within traditional Ethernet LANs or WLANs.
Wireshark, Tcpdump, Ettercap, Dsniff, EtherApe, Paros, Fiddler, Ratproxy, SSLstrip
Describe the Penetration Testing Tool
Rootkit Detectors
List some tools
Directory and file integrity checker to detect root kits.
AIDE, Netfilter, PF: Open BSD Packet Filter
Describe the Penetration Testing Tool
Fuzzers
List some tools
Used by threat actors to discover a computer’s security vulnerabilities.
Skipfish, Wapiti, W3af
Describe the Penetration Testing Tool
Forensic Tools
List some tools
Used to discover evidence existing on a computer.
Sleuth Kit, Helix, Maltego, Encase
Describe the Penetration Testing Tool
Debuggers
List some tools
Used to reverse engineer binary files when writing exploits.
GBD, WinDbg, IDA Pro, Immunity Debugger
Describe the Penetration Testing Tool
Hacking Operating Systems
List some tools
Specially designed operating systems preloaded with tools optimised for hacking.
Kali Linux, Knoppix, BackBox Linux
Describe the Penetration Testing Tool
Encryption Tools
List some tools
Used to encode data to prevent unauthorised access, whether for legitimate or malicious means.
VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel
Describe the Penetration Testing Tool
Vulnerability Exploitation Tools
List some tools
Used to identify whether a remote host is vulnerable to a security attack.
Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, Netsparker
Describe the Penetration Testing Tool
Vulnerability Scanners
List some tools
Used to scan a network or system to identify open ports or other weaknesses.
Nipper, Secunia PSI, Core Impact, Nessus, SAINT, Open VAS
Question
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data.
Name the tool, not the attack type!
List some tools
Encryption Tools
VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel
Question
Which penetration testing tools is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analysing malware.
List some tools
Debuggers
GBD, WinDbg, IDA Pro, Immunity Debugger
Question
Which penetration testing tool is used to probe and test a firewall’s robustness?
List some tools
Packet Crafting Tools
Hping, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis
Question
Which penetration testing tool is used by white hats to sniff out any trace of evidence existing on a computer?
List some tools
Forensic Tools
Sleuth Kit, Helix, Maltego, Encase
Question
Which penetration testing tool exploits a remote host susceptible to a security attack?
List some tools
Vulnerability Exploitation Tools
Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, Netsparker
Question
What are the three most common types of malware
- Virus
- Worm
- Trojan Horse
Question
Describe a virus:
How does it infect a device?
What does it do?
A virus is a type of malware attached to a file, such as a piece of software. When opened it executes and infects the device.
A virus can:
* Alter, corrupt, or delete files, applications or drives.
* Cause boot issues.
* Capture and send sensitive information to threat actors.
* Access and use email or communication accounts to spread.
* Lay dormant until summoned by the threat actor.
Question
Describe a Trojan horse:
How does it infect a device?
What does it do?
A Trojan is a program that looks useful but carries malicious code, such as free software or games. Unsuspecting users download and install the program and are infected by the Trojan horse.
A Trojan can:
* Provide remote-access to threat actors.
* Send sensitive data to threat actors, like passwords or credit card information.
* Destroy files or drives.
* Act as a proxy to launch attacks or illegal activities.
* Enable unauthorised file transfers via FTP.
* Disable security software or firewalls.
* Denial of Service attack the device, network or a remote network.
* Keylog to steal confidential information.
Remote-access, Data-sending, Destructive, Proxy, FTP, Security Disabler, DoS, Key Logger
Question
Describe a worm:
How does it infect a device?
What does it do?
A worm is a self-replicating program that propagates automatically. It does so without user action, typically by exploiting vulnerabiltiies in legitimate software.
A worm can:
* Use networks to find other victims and propagate.
* Slow or disrupt networks.
Question
Which malware executes arbitrary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network.
Worm
Question
Which malware is non-self-replicating type of malware? It often contains malicious code that is designed to look like something else, such as a legitimate application or file. It attacks the device from within.
Trojan Horse
Question
Which malware is used to gather information about a user and then, without the user’s consent, sends the information to another entity?
Spyware
Question
Which malware typically displays annoying pop-ups to generate revenue for its author?
Adware
Question
Which malware is installed on a compromised system and provides privileged access to the threat actor?
Rootkit
Question
Which malware denies access to the infected computer system and demands payment before the restriction is removed?
Ransomware
Question
What three types of attacks are networks susceptible to?
- Reconnaissance Attacks
- Access Attacks
- Denial of Service (DoS) Attacks
Question
What is a Reconnaissance Attack?
What may be gained by carrying it out?
An attack designed to gather information.
Carried out to gain:
* Details on an organisation and its employees.
* Discover active IP addresses.
* Discover available ports.
* Discover vulnerable services.
* Discover vulnerabilities in the applications and operating systems in use.
Question
What is an Access Attack?
What may be gained by carrying it out?
An attack designed to gain entry to accounts, databases and sensitive information.
Carried out to gain:
* Data that can be exfiltrated.
* Gain further access to ensure a foothold.
* Escalate access privileges to adminstrator accounts.
Describe the Access Attack
Password Attack
Attempting to discover passwords using methods like Brute Force Attack (BFA) or Dictionary Attack.
Describe the Access Attack
Spoofing Attack
Attempting to pose as another device by falsifying data, such as MAC spoofing or DHCP spoofing.
Describe the Access Attack
Trust Exploitation
Using unauthorised privileges on one system to gain access to a different system:
* System A trusts System B.
* Attack System B to gain access to it.
* Use System B to gain access to System A.
Exploits permissions, not by bypassing firewalls like Port Redirection
Describe the Access Attack
Port Redirection
Using a compromised system’s ports to redirect data, often to bypass firewall restrictions.
* Attackers sets up SSH (port 22) to Server A that directs traffic from an external web traffic port (port 8080) to a sensitive internal Server B port (port 80).
* Normally any traffic sent from an external source to Server B on port 80 would be blocked by the firewall, but because it uses port 8080 on a trusted server, it is permitted.
Bypasses firewall, rather than exploits permissions like Trust Exploits
Describe the Access Attack
Man-in-the-Middle Attack
(MitM)
Positioning yourself between two legitimate entities to read or modify data that passes between them.
Describe the Access Attack
Buffer Overflow Attack
Exploiting buffer memory and overwhelming it with unexpected values or quantities of data. Usually renders it inoperable (DoS)
Question
What is an Social Engineering Attack?
What may be gained by carrying it out?
A type of access attack, designed to manipulate individuals into performing actions or divulging confidential information.
May gain:
* Personal data on an individual
* Account information
* Security system information
* A foothold for further attacks
Describe the Social Engineering Attack
Pretexting
Pretending to need personal or financial information to confirm the identity of a target.
Describe the Social Engineering Attack
Phishing
Sending fraudulent emails designed to appear legitimate from a trusted source. Designed to trick recipients into clicking links, opening attachments, or replying with confidential information.
Describe the Social Engineering Attack
Spear Phishing
Phishing that targets specific individuals or organisations.
Describe the Social Engineering Attack
Spam
Junk mail that is unsolicited, either to advertise, or contain harmful links or malware.
Describe the Social Engineering Attack
Something for Something
“Quid pro quo”
Requesting confidential information in exchange for a gift.
Describe the Social Engineering Attack
Baiting
Leaving a malware infected device, such as a USB drive, in a public location. Victims who find the drive may then insert it into their device and infect their computer.
Describe the Social Engineering Attack
Impersonation
Pretending to be someone they are not to gain the trust of a victim.
Describe the Social Engineering Attack
Tailgating
Following an authorised person into a secure location, to avoid authorisation checks.
Describe the Social Engineering Attack
Shoulder surfing
Looking over someone’s shoulder to steal their password or confidential information as it is entered or displayed.
Describe the Social Engineering Attack
Dumpster diving
Rummaging through bins or waste to discover confidential information, often to carry out identity theft or to steal financial information.
Question
Name some Social Engineering Protection Practices
8 listed
- Never give your login details to anyone.
- Never leave your login details where they can easily be found.
- Never open email links or attachments from untrusted sources.
- Never release confidential work related information on social media sites.
- Never re-use work related passwords.
- Always lock or sign out of your unattended computer.
- Always report suspicious individuals and activity.
- Always destroy confidential information, according to your organisations policies.