Network Attacks and Defense Strategies Flashcards
What is an Asset
Anything that can be of interest to an attacker. It can be a tangible or intangible resource in an organization, often with a monetary value, which an attacker targets, to gain control of, compromise its security, etc.
WHAT ARE TANGIBLE ASSETS
DATABASES, THE SERVER THAT HOSTS THE DATABASES, AND THE NETWORK THAT PROVIDES CONNECTIONS TO THE SERVER
WHAT ARE INTANGIBLE ASSETS
AN ORGANIZATIONS SECRETS, CRITICAL BUSINESS PROCESSES, AND ITS REPUTATION
WHAT IS A THREAT
A POTENTIAL OCCURRENCE OF AN UNDESIRABLE EVENT THAT CAN EVENTUALLY DAMAGE AND DISRUPT THE OPERATIONAL FUNCTIONAL ACTIVITIES OF AN ORGANIZATION
EXAMPLES OF THREATS
CAN STEAL SENSITIVE DATA OF ORGANIZATION, CAN CAUSE SERVER TO SHUT DOWN, CAN TRICK EMPLOYEE TO REVEAL SENSITIVE INFORMATION, CAN INFECT SYSTEM WITH MALWARE
WHAT IS A NATRUAL THREAT
FIRES, FLOODS, POWER FAILURES, LIGHTNING, METEORS AND EARTHQUAKES.
UNINTENTIONAL THREATS
THREATS THAT EXISIT DUE TO THE POTENTIAL FOR UNINTENTIONAL ERROS OCCURING WITHIN THE ORGINAZITION.
EXAMPLES OF UNINTENTIONAL THREATS
INSIDER-ORIGINATING SECURITY BREACHES, NEGLIGENCE, OPERATOR ERRORS, UNSKILLED ADMINISTRATORS, UNTRAINED EMPLOYEES, AND ACCIDENTS.
INTERNAL THREATS
PERFORMED BY INSIDERS WITHIN THE ORGANIZATION SUCH AS DISGRUNTLED OR NEGLIGENT EMPLOYEES, AND HARM THE ORGANIZATION INTENTIONALLY OR UNINTENTIONALLY. MOSTLY PERFORMED BY PRIVILEGED USERS OF THE NETWORK.
EXTERNAL THREATS
PERFORMED BY EXPLOITING VULNERABILITIES THAT ALREADY EXIST IN THE NETWORK, WITHOUT THE ASSISTANCE OF INSIDER EMPLOYEES. CAN INCLUDE APPLICATION AND VIRUS-BASED ATTACKS, PASSWORD-BASED ATTACKS, INSTANT MESSAGING-BASED ATTACKS, NETWORK TRAFFIC-BASED ATTACKS, AND OPERATING SYSTEM-BASED ATTACKS.
STRUCTURED EXTERNAL THREATS
IMPLEMENTED BY TECHNICALLY SKILLED ATTACKERS, USING VARIOUS TOOLS TO GAIN ACCESS TO A NETWORK, TO DISRUPT SERVICES. EXAMPLES INCLUDE DISTRIBUTED ICMP FLOODS, SPOOFING, AND SIMULTANEOUSLY EXECUTING ATTACKS FROM MULTIPE SOURCES. TRACKING AND IDENTIFYING AN ATTACKER EXECUTING SUCH AN ATTACK CAN BE CHALLENGING.
UNSTRUCTERED EXTERNAL THREATS
IMPLEMENTED BY UNKILLED ATTACKERS, WHO MAY BE ASPIRING HACKERS, TO ACCESS NETWORKS. MOST OF THESE THREATS ARE PERFORMED PRIMARILY OUT OF CURIOSITY, AND NOT TO ATTACK. FOR EXAMPLE, INTERNAL USERS MAY SEARCH THROUGH EXISTING DEVICES IN THEIR NETWORK OUT OF CURIOSITY. THESE CAN BE EASILY PREVENTED BY ADOPTING SECURITY SOLUTIONS SUCH AS PORT SCANNING AND ADDRESS-SWEEPING TOOLS.
THREAT ACTORS/AGENTS
AN INDIVIDUAL OR ENTITY THAT BREAKS INTO A SYSTEM TO ACHIEVE A SPECIFIC GOAL SUCH AS IMPACTING THE SECURITY OF AN INDIVIDUAL OR ORGANIZATION, WHETHER INTENTIONALLY OR UNINTENTIONALLY. THIS MAY REFER TO AN ATTACKER BUT IT IS A MORE GENERIC TERM THAT MAY ALSO REFER TO AN INDIVIDUAL WHO CAUSES A SECURITY INCIDENT DUE TO NEGLIGENCE, ERROR, OR AS A RESULT OF SOCIAL ESPIONAGE. CAN BE INTERNAL OR EXTERNAL, SKILLED OR UNSKILLED.
HACKTIVISTS
INDIVIDUALS WHO USE HACKING AS A MEANS TO PROMOTE A POLITICAL OR SOCIAL AGENDA, RATHER THAN FOR MONETARY GAINS. THEY TYPICALLY TEND TO DEFACE OR DISABLE WEBSITES AND BRING NETWORKS DOWN VIA DISTRIBUED DENIAL OF SERVICE ATTACKS. (DDoS)
CYBER TERRORISTS/CRIMINALS
INDIVIDUALS WITH A WIDE RANGE OF SKILLS, LIKE PHISHING AND RANSOMWARE, MOTIVATED BY RELIGIOUS BELIEFS, POLITICAL BELIEFS, OR MONETARY GAINS, TO CREATE THREATS OF LARGE-SCALE DISRUPTION OF COMPUTER NETWORKS.
SUICIDE HACKERS
INDIVIDUALS WHO AIM TO BRING DOWN THE CRITICAL INFRASTRUCTURE FOR A “CAUSE”, AND ARE NOT DETERRED BY POTENTIAL JAIL TERMS OR OTHER FORMS OF PUNISHMENT. THEY MAY SACRIFICE THEIR LIVES FOR AN ATTACK.
STATE-SPONSORED HACKERS
INDIVUDALS EMPLOYED BY THE GOVERNMENT TO PENETRATE AND OBTAIN TOP-SECRET INFORMATION, AND TO DAMAGE THE INFORMATION SYSTEMS OF OTHER GOVERNMENTS. THESE HACKERS INFILTRATE LARGE ORGANIZATIONS TO STEAL MISSION-CRITICAL INFORMATION.
ORGANIZED HACKERS
PROFESSIONAL HACKERS ATTACK A SYSTEM FOR PROFIT. THEY HACK TO OBTAIN SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, CREDIT CARD INFORMATION, AND MONETARY INFORMATION.
SCRIPT KIDDIES
UNSKILLED INDIVIDUALS COMPROMISE A SYSTEM BY RUNNING SCRIPTS, TOOLS, AND SOFTWARE DEVELOPED BY PROFESSIONAL HACKERS. THEY ATTEMPT TO EMULATE THE ATTACKS OF SKILLED HACKERS.
INDUSTRIAL SPIES
INDIVIDUALS WHO ATTEMPT TO ATTACK COMPANIES FOR COMMERCIAL PURPOSES. THESE ATTACKERS ARE HIRED BY BUSINESS COMPETITORS OR AGENCIES TO STEAL AN ORGANIZATIONS STRATEGY, MONEY RECORDS, AND OTHER SENSITIVE DATA.
INSIDER THREAT ACTORS
INDIVIDUALS SUCH AS DISGRUNTLED EMPLOYEES AND TERMINATED EMPLOYEES, WHO INTENTIONALLY PROVIDE AN ORGANIZATION’S DATA TO OTHERS FOR MONEY OR REVENGE.
VULNERABILITY
REFERS TO THE EXISTENCE OF A WEAKNESS IN THE DESIGN IMPLEMENTATION OF A SYSTEM THAT CAN BE EXPLOITED TO COMPROMISE THE SECURITY OF THE SYSTEM. A SECURITY LOOPHOLE THAT ENABLES AN ATTACKER TO ENTER THE SYSTEM BY BYPASSING USER AUTHENTICATIONS.
COMMON CAUSES FOR VULNERABILITIES
HARDWARE OR SOFTWARE MISCONFIGURATION, INSECURE OR POOR DESIGN OF NETWORK, INHERENT TECHNOLOGY WEAKNESSES, END USER CARELESSNESS, INTENTIONAL END-USER ACTS.
TECHNOLOGICAL VULNERABILITIES
THESE EXIST DUE TO INHERENT WEAKENESSES IN OPERATING SYSTEMS, PRINTERS, SCANNERS, OR OTHER NETWORKING EQUIPMENT. ATTACKERS CAN DETECT LOOPHOLES IN PROTOCOLS SUCH AS SMTP, FTP, AND ICMP. ATTACKERS CAN ALSO DETECT THE ABSENCE OF AUTHENTICATION IN NETWORKING EQUIPMENT LIKE SWITCHES AND ROUTERS TO EFFECT AN INTRUSION. SECURITY AUDITS BY THE NETWORK DEFENDER OR INFORMATION SECURITY OFFICER CAN HELP MONITOR SUCH IRREGULAR ACTIVITIES ON THE NETWORK.
TCP/IP PROTOCOL VULNERABILITIES
HTTP, FTP, ICMP, SNMP, SMTP ARE INHERENTLY INSECURE
OPERATING SYSTEM VULNERABILITIES
INHERENTLY INSECURE, NOT PATCHED WITH THE LATEST UPDATES.
NETWORK DEVICE VULNERABILITES
ROUTERS, SWITCHES, AND FIREWALLS. LACK OF PASSWORD PROTECTION, LACK OF AUTHENTICATION, INSECURE ROUTING PROTOCOLS, AND FIREWALL VULNERABILITIES.
CONFIGURATION VULNERABILITIES
THESE EXIST DUE TO THE MISCONFIGURATION OF COMPUTING AND NETWORK DEVICES. FOR EXAMPLE, VULNERABILITIES ARE CREATED WHEN A NETWORK DEFENDER CONFIGURES A USER ACCOUNT OR SYSTEM SERVICE INSECURELY SUCH AS BY LEAVING THE DEFAULT SETTINGS UNCHANGED OR BY IMPROPER PASSWORD MANAGEMENT.
USER ACCOUNT VULNERABILITIES
ORIGINATING FROM THE INSECURE TRANSMISSION OF USER ACCOUNT DETAILS SUCH AS USERNAMES AND PASSWORDS, OVER THE NETWORK.
SYSTEM ACCOUNT VULNERABILITES
ORIGINATING FROM SETTING OF WEAK PASSWORDS FOR SYSTEM ACCOUNTS.
INTERNET SERVICE MISCONFIGURATION VULNERABILITIES
THESE CAN POSE SERIOUS SECURITY RISKS. FOR EXAMPLE, ENABLING JAVASCRIPT AND MISCONFIGURING IIS, APACHE, FTP, AND TERMINAL SERVICES, CAN CREATE SECURITY VULNERABILITIES IN THE NETWORK.
DEFAULT PASSWORD AND SETTINGS VULNERABILITIES
LEAVING THE NETWORK DEVICES/PRODUCTS WITH THEIR DEFAULT PASSWORDS AND SETTINGS
NETWORK DEVICE CONFIGURATION VULNERABILITIES
MISCONFIGURE THE NETWORK DEVICE
SECURITY POLICY VULNERABILITIES
THESE EXIST WHEN THERE ARE AN IMPROPER DRAFTING AND ENFORCEMENT OF SECURITY POLICIES IN THE ORGANIZATION. LACK OF APPROPRIATE POLICY ENFORCEMENT MAY LEAD TO UNAUTHORIZED ACCESS TO NETWORK RESOURCES. FOR EXAMPLE, FAILURE TO REGULARLY MONITOR AND AUDIT THE ACTIVITIES IN A SYSTEM BY NETWORK DEFENDERS CAN ENABLE ATTACKERS TO EXPLOIT THE SYSTEM.
UNWRITTEN POLICY VULNERABILITIES
POLICIES ARE DIFFICULT TO IMPLEMENT AND ENFORCE WHEN THEY HAVE BEEN UNWRITTEN.
LACK OF CONTINUITY VULNERABILITIES
LACK OF CONTINUITY IN IMPLEMENTING AND ENFORCING THE SECURITY POLICY