Network Attacks

Question 1

What is 802.1X?

Answer 1

A network protocol for network access control.

Forces users connecting to the network to authenticate regardless of the connection type.

Question 2

When you authenticate to a network using 802.1X network access control where is your authentication request sent to and validated?

Answer 2

RADIUS server.

Question 3

Which type of network attack, while not always being inherently malicious, happens when an unauthorized wireless access point is added inside of your network?

Answer 3

Rogue access point.

Question 4

Which type of network attack sets up an access point to look like an existing network, tricking people into connecting to a network that they did not intend to?

Answer 4

Evil twin attack

Question 5

Which network attack uses bluetooth connectivity to send unsolicited messages to other devices without giving additional access to the device or posing any security risk other than the unsolicited messages?

Answer 5

Bluejacking

Question 6

Which type of network attack happens over a bluetooth connection and is used to transfer data from a bluetooth enabled device without authentication?

Answer 6

Bluesnarfing

Question 7

Which type of network attack takes advantage of unencrypted 802.11 communications and is able to kick an end user off a network causing a significant DoS attack?

Answer 7

Wireless deauthentication

Wireless disassociation attacks

Question 8

Which type of network attack decreases the signal-to-noise ratio at a network device using a physical device, in order to deny service to people trying to use it?

Answer 8

Wireless jamming.
Radio frequency (RF) jamming.

Question 9

Which types of attack are common with RFID technology?

Answer 9

RFID attacks:
Viewing communications (especially in the data is being transmitted unencrypted)
Spoofing the RFID reader, and writing your own data to the RFID tag
Signal jamming for the purpose of DoS
Decrypting communications, as many of the default decrpytion keys are on google.

Question 10

What is NFC?

Answer 10

Near field communication. It is a two way wireless communication.
Builds on RFID which is mostly one way.
Short range with encryption support.
Helps with bluetooth pairing and payment systems (like apple pay, holding your phone up to the card machine to pay) by putting a device or tag in close proximity to a reader.
Can also be used to build an NFC access token or identity “card”
Suffers from mostly all of the same attacks as RFID.

Question 11

What is a cryptographic nonce?

Answer 11

An arbitrary number that is used once, for the time being.
A random or pseduo-random number, something that can’t be reasonably guessed.
Can also be a counter, as long as both sides can keep track of the count.

Question 12

How would a nonce be used during the login process?

Answer 12

The server would first give you a nonce.
And then calculate your password hash using the nonce.
The end result is that each password hash sent to the host will be different, so a replay attack will not work, if the has is captured in transit.

Question 13

Since a nonce is most commonly associated with password randomization, how would a nonce be typically used to store a random password hash on a database permanently even if multiple users had the same password?

Answer 13

Salting

Question 14

MAN IN THE MIDDLE NOW IS CALLED WHAT?

Answer 14

On-path attacks.

PLEASE REMEMBER THIS

Question 15

Which type of attack creates an environment where all network traffic to the router from a victim’s computer on a local network is relayed through an attackers computer using mac address spoofing and a cache of which IP addresses belong to which mac address?

Answer 15

ARP poisoning

Question 16

This type of attack takes place when an attacker’s trojan/malware will latch onto a victim’s browser and proxy all browser traffic of the victim through the attacker’s malware.

Answer 16

On-path browser attack

Question 17

How would one usually maintain a loop-free environment when dealing with network switches?

Answer 17

By using “Spanning Tree Protocol” (STP)

Question 18

When a switch is adding entries to its mac address table, what does it store other than just the mac addresses?

Answer 18

Output interfaces.
The switch stores the information about which output interface the traffic should be sent out on with each mac address in the table.

Question 19

Which network attack takes place when an attacker forces legitimate MAC addresses out of a MAC table by sending traffic with different source MAC addresses until the table is completely filled?

Answer 19

MAC flooding

Question 20

How does a switches’ behavior change once its MAC table is completely full?

Answer 20

It starts sending traffic to all interfaces, basically becoming a hub, and this makes a great opportunity for an attacker who has done some MAC flooding to start capturing all network traffic from all devices.

Question 21

Which attack is taking place when an attacker changes their MAC address in their network drivers to match the MAC address of a legitimate device that is on the network or has recently left the network?

Answer 21

MAC spoofing/MAC cloning

Question 22

What would be a way of effectively doing a dns poisoning attack on one victim without needing to take control over an entire dns server?

Answer 22

By modifying the client host file in a victim’s computer. The client host file takes precedent over DNS queries.

Question 23

Which attack would be taking place if an attacker were able to change the IP address that is sent out to those making queries to a DNS server to the IP of their own malicious website rather than the real IP address?

Answer 23

DNS poisoning/DNS spoofing

Question 24

Which attack would be taking place if an attacker gained access to the account that controls a domain at whichever registrar a site uses, through whatever means (maybe brute force, phishing, etc) , and made changes to the DNS names and DNS IP addresses associated with that particular website?

Answer 24

Domain hijacking

Question 25

What is the general wide-reading term for an attack where an attacker will obtain a domain name with a very similar name to a well known and trusted domain already in existence?

Answer 25

Domain hijacking

Question 26

Which specific type of attack would be taking place when an attacker obtained a URL very similar to a known and trusted domain/brand but with a small misspelling, typo, or using a different TLD?

Answer 26

Typosquatting/brandjacking

Question 27

What would be a direct future consequence to a business if their email services were infected/controlled for a period of time, causing malware or suspicious emails to be sent out on their behalf, OR, if their website were hijacked for a period of time and was serving malware or suspicious content?

Answer 27

The DOMAIN REPUTATION associated with the site(s) or email addresses would take a big hit. Sometimes causing their emails to end up in the spam folder or dropped, or causing search engines to give warnings while loading their website about the potential security risks associated with it or completely remove them from the search results, thus causing the company/brand to lose out on sales and customers.

Question 28

Which type of attack would be taking place if an attacker were to launch an army of computers in their botnet to use all the bandwidth or resources of a service, in order to bring it down?

Answer 28

DDoS

Distributed denial of service

Question 29

Which type of attack is taking place when an attacker is able to turn a very small message into a much larger message using another device or service (such as a dns server) to bring down a service or network.

Answer 29

DDoS amplification

Question 30

Which specific type of attack would be taking place if an attacker were to get the victim machines of his botnet to send a spoofed dns query to open dns resolvers which will turn into a very large response, with the goal of overwhelming a web server who has been spoofed in the original query?

Answer 30

DNS amplification DDoS

Question 31

What would be the typical machines controlled by hardware and software in an OT environment?

Answer 31

An operational technology environment (OT) would be one with industrial equipment, like electric power grids, traffic control, manufacturing plants, etc.

Question 32

Which program would be used to run a program with the extension .ps1?

Answer 32

Windows Powershell