Module 8 Flashcards
Name 3 of the most common interception attacks:
- Man-in-the-Middle (MITM)
- Session Replay
- Man-in-the-Browser (MITB)
What is a Man-in-the-middle (MITM) attack?
- An attack that intercepts legitimate communication to eavesdrop on the conversation or impersonate one of the parties.
- goal of an MITM attack is to eavesdrop on the conversation or impersonate one of the parties.
What is session replay?
- An attack in which an attacker attempts to impersonate the user by using the user’s session token.
- session ID is a unique number that a web server assigns a specific user for the duration of the user’s visit (session)
What is Man-in-the-Browser (MITB)?
- An attack that intercepts communication between a browser and the underlying computer.
- occurs between a browser and the underlying computer.
What is the Open Systems Interconnection (OSI) reference model?
- Separates networking steps into a series of seven layers. Within each layer, different networking tasks are performed that cooperate with the tasks in the layers immediately above and below it. Each layer in the sending device corresponds to the same layer in the receiving device.
- Note: OSI model was designed so that each layer is compartmentalized: different layers work without the knowledge and approval of the other layers. This means that if one layer is compromised, the other layers are unaware of any problem, which results in the entire communication being compromised.
Describe the following OSI Layer 2 attack: address solution protocol poisoning.
Describe ARP Poisoning:
- Address Solution Protocol (ARP): A device using TCP/IP on an Ethernet network can find the MAC address of another endpoint based on the IP address
- ARP Poisoning: An attack that corrupts the ARP cache (impersonates another person’s identity (spoofing))
Describe the following OSI Layer 2 attack: Media access control attacks
- Manipulates MAC addresses through spoofing. The target for these attacks is a network switch.
- Network Switch: Device that connects network devices and has a degree of “intelligence”
What are two common attacks involving spoofing MAC addresses on a switch?
- Mac Cloning:An attack that spoofs a MAC address on a device so that the switch changes its MAC address table to reflect the new association of that MAC address with the port to which the attacker’s device is connected.
- Mac Flooding: An attack in which the memory of a switch is flooded with spoofed packets to force it to function like a network hub and broadcast frames to all ports.
What is a DNS attack and what are the two main consequences of this type of attack?
- DNS-based attack substitutes a DNS address so that the computer is silently redirected to a different device.
- URL Redirection: An attack in which a user is redirected to another site.
- Domain Reputation: An attack in which the status of a site is manipulated to earn a low domain reputation score.
What is DNS Poisoning?
An attack that substitutes DNS addresses in a local lookup table so that the computer is automatically redirected to an attacker’s device.
What is DNS Hijacking?
An attack that infects an external DNS server with IP addresses pointing to malicious sites.
What is a distributed denial of service (DDoS)
Attack that uses many computers to bombard a system with “bogus” requests, overwhelming the system so that it cannot respond to legitimate requests.
What is PowerShell?
A task automation and configuration management framework from Microsoft.
What is Visual Basic for Applications (VBA)?
- An eventdriven Microsoft programming language.
- Used to create Macros: A series of instructions that can be grouped together as a single command.
What sort of protections has Microsoft implemented for macro attacks? (List 3)
- Protected View (read only mode for Office files)
- Trusted Documents
- Trusted Location
