Network Security Threats And Attacks 13 Flashcards
Physical security threats and vulnerabilities can come from many different areas
Internal. Like a disgruntled employee
External
Natural
Man-made. Can be internal or external
Physical security refers to
The implementation and practice of various control mechanisms that are intended to restrict physical access to facilities
Environmental threats and vulnerabilities
Fire. Can destroy hardware and the data contained in it
Hurricanes and tornados. Magnitude of the damage
Flood
Extreme temperature
Extreme humidity
What is a social engineering attack
Uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines
Types of social engineering attacks
Spoofing. Pretend to be someone else to conceal identity. Occurs using IP addresses, MAC addresses, and email
Impersonation. Attacker pretends to be someone he is not.
Phishing. Email based attack. Gain account info
Vishing. Use voip to gain confidential info
Whaling. Form of phishing targeting the wealthy
Spam and spim. Email based. Flooded with emails. Spim im based attack
Hoax. Incorrect info sent to multiple users
What is a malicious code attack
Type of software attack where an attacker inserts undesired software or malware into a target system
Uses include DoS attacks on other systems, hosting illicit or illegal data, skimming personal or business information for identity theft, profit, or extortion.
Types of malicious code attacks
Virus. Code that spreads by attaching itself to other files.
Worm. Code that spreads on its own. Doesn’t stitch to another file.
Trojan horse. Is itself a software attack. User fooled into executing it.
Logic bomb. Piece of code that sits dormant on a target computer until triggered by a specific event
Spyware. Malicious software intended to track and report the usage of a system
Adware. Software that automatically displays or downloads ads when it is used.
Rootkit. Code intended to take control of a system at the lowest levels.
Botnet. Set of computers that have been infected by a control program called a bot that enables attackers to exploit them and mount attacks.
What is software attack
Any attack against software resources including os, applications, protocols, and files.
Name the types of viruses
Boot sector. Infects any disk based media, writes itself in the boot sector
Macro. A group of application specific instructions that execute within a specific application
Mailer and mass mailer. Sends itself to other users through the email system
Polymorphic. Can change as it moves around acting differently in different systems
Script. Runs code using the windows scripting host
Stealth. Moves and attempts to conceal itself until it can propagate then drops its payload
What is buffer overflow
An attack that targets system vulnerabilities to cause the device os to crash or reboot, and may result in loss of data or execute rogue code on devices.
What is a password attack
Any type of attack where the attacker attempts to obtain and make use of passwords illegitimately. Can show up in audit logs as repeatedly failed logons and then a successful on.
Types of password attacks
Guessing. Repeated attempts by entering different common password values.
Stealing. Sniffing network communications, reading handwritten password notes, observing user as they enter password
Dictionary attack. Automates password guessing
Brute force attack. Use of password cracking software to attempt every possible alphanumeric password combination
Hybrid password attack. Utilizes multiple attack vectors to crack a password.
What is an IP spoofing attack
Software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system.
Takes advantage of applications and services that authenticate based on IP address, devices that run Sun RPC or Windows, the GUI system in Unix systems. Services that have been secured using TCP wrappers. Legacy technologies. Routers not configured to drop incoming external packets with internal IO addresses
What is session hijacking attacks
Exploiting a session to obtain unauthorized access to an organizations network or services.
Involves stealing an active session that is used to authenticate a user and to a server and controlling the session.
What is a DoS attack
A denial of service attack is a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services.
Accomplished by flooding a network link with data to so sure all available bandwidth
Sending data designed to exploit known flaws in an application
Sending multiple service requests to consume a systems resources
Flooding a users email inbox with spam messages
Or by disconnecting a network cable
What is a smurf attack
A type of DoS attack that exploits vulnerabilities in ICMP by overloading a host with ping requests and clogging a network with traffic.
Creates a false ICMP Echo request packet that’s uses the address of the targeted host as the source and a network broadcast address as the destination.
What is a DDoS attack
A distributed denial of service
A type of DoS attack that uses multiple computers on disparate networks to launch the attack from many Simultaneous sources.
Attacker introduces unauthorized software called a zombie or drone that directs the computer to laugh the attack
What is a man in the middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and relays information between the two Victims as if they are directly talking to each other. In reality the attacker is controlling the information that travels between the two victims
What are eavesdropping attacks
Also called sniffing attack, uses a special monitoring software to intercept private network communications, either to steal the content of the communication itself or to obtain user names and passwords for future network attacks.
What is a port scanning attack
A network attack where an attacker scans the computers and devices that are connected to the Internet to see which TCP and UDP ports are listening and which services on the system are active.
What is a Xmas attack
Type of port scan used to check which machines are open or responding so that those ports can be used for a follow up attack. A packet with all flags turned on in the TCP header of the packet. (Packet lit up like a Christmas tree)
Known as a stealth scan due to its ability to hide the scan in progress and to pass undected through some popular firewalls, IDS and other systems.
What is a replay attack
A network attack where an attacker captures network traffic and stores it for retransmitting at a later time to gain unauthorized access to a specific host or network.
Captures packets that contain user names, passwords, or other authentication data.
Usually never discovered.
What is an FTP bounce attacks
Targets the FTP vulnerability which permits connected clients to open other connections on any port of the FTP a server.
A user with an anonymous FTP connection can attack other systems by opening a service port on the third system and sending commands to that service.
What is ARP poisoning attack
Occurs when an attacker redirects an IP address to the MAC address of a computer that is not the intended recipient.
The attacker can then capture or alter network traffic before forwarding it to the correct destination or create a DoS condition by pointing the selected IP address at a nonexistent MAC address
Describe wireless security
Any method of securing your WLAN network to prevent unauthorized network access and network data theft.
Attacks can be avoided by using relevant security protocols
What is a site survey
An analysis technique that determines the coverage area of a wireless network, identifies any source of interference and establishes other characteristics of the coverage area.
used to help you install and secure a WLAN
Name some wireless vulnerabilities
Rogue access point Evil twins Interference Bluejacking Bluesnarfing War driving War chalking WEP and WPA cracking IV attack Packet sniffing
Describe rogue access point
An unauthorized wireless access point on a corporate or private network. Not easily detected. Can allow man in the middle attacks and access to private information.
To protect against this attack by implementing techniques to constantly monitor the system such as installing IDS
Describe evil twin wireless threat
Are rogue access points on a network that appears to be legitimate. Typically found in public wifi hotspots. Users think the wireless signal is genuine.
What is interference wireless vulnerability
Radio waves interfere with the 802.11 wireless signals. Usually occurs at homes because of various electronic devices operating in a bandwidth close to that of the wireless network.
What is bluejacking wireless threat
Used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth enabled devices. Close range attack ~30 ft
To prevent users should reject anonymous contacts and configure there devices to the non discoverable mode.
What is bluesnarfing wireless attack
Act of searching for instances of wireless networks using wireless tracking devices.
Locates wireless access points while traveling.
What is WEP and WPAN cracking wireless threat
Method of cracking the encryption keys used in WEP and WPA installations to gain access to private wireless networks.
What is War driving threat
Act of searching for instances of wireless networks using wireless tracking devices.
Wireless access receiving
What is war chalking wireless threat
The act of using symbols to mark off a sidewalk or wall to indicate open wireless network offering Internet access
Wireless Access Receiver
What is an IV attack
The attacker is able to predict or control the Initialization Vector of an encryption process.
Gives the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for an authentic user of the network.
Initialization vector is a technique used in cryptography to generate random numbers to be used Along with a secret key to provide data encryption
What is packet sniffing wireless attack
An attack on wireless networks where an attacker capture data and registers data flows which allow the attacker to analyze the data contained in a packet.
Can be used to help organizations monitor their own networks against attackers.
Name the four types of system updates
Patch. Supplemental code meant to address a security problem or a functionality flaw in a software package or OS
Hotfix. Emergency patch to address a specific security flaw
Roll up. Collection of previously issued patches and hotfixes applied to one component of a system
Service pack. Compilation of system updates and includes new features
What is patch management
Practice of monitoring for obtaining, evaluating, testing, and deploying software patches and updates.
Evaluated for applicability and tested on non production systems. Then an organized plan for rolling out the valid patches is executed.
What is antivirus software
Protective software that scans computers for known viruses, Trojans, worms, and other malicious programs.
Companies can implement Internet email virus protection by
Screening the Internet gateway computers for viruses
Employing reliable desktop antivirus software
Scanning incoming email between the Internet and the email server
Scanning email again at The system level
If a virus is detected, disabling all Internet communications and isolating affected systems.
Name some different anti spam solutions to implement to prevent the flood of spam in you email
End users can us address munging. Using a fake name and address to post on consumer websites or newsgroups
Disabling HTML in email programs
Using disposable email addresse
Administrators can block messages from own spam sources. Use filtering system that will read messages and scan for target words and phrases used In known spam email. Use a blacklist to block documented spamming sources
Email senders can use automated methods to ensure they do not send spam out
Research and law enforcement work together to. Investigate spam, track activities and gather evidence.
Whats DNS Blacklists
Published lists that contain email addresses that are confirmed as spam sources.
What are security policies
A formalized statement that defines how Security will be implemented within a particular organization.
What are the components of a security policy
Policy statement. outlines the plan for the individual security component
Standards. Defines how to measure the level of adherence to the policy
Guidelines. Best practices for how to meet the policy standard
Procedures. Step by step instructions that detail how to implement components of the policy
What are common security policy types
Acceptable user policy. Defines the acceptable use of an organizations physical and intellectual resources
Audit policy. Details the requirements for risk assessment and audits of resources
Extranet policy. Sets the requirements for third party entities that desire access to an organizations networks
Password policy. Defines the standards for creating password complexity
Wireless standards. Defines what wireless devices can connect to an organizations network and how to use them in a safe manner
What is security incident management
The set of practices and procedures that govern how an organization will respond to an incident in progress.
Goal is to contain the incident appropriately and minimize any damage that may occur.
Includes procedures to log, and report on all identifies incidents and the actions taken in response.
What is an IRP
Incident Response Policy
The security policy that determines the actions that an organization will take following a confirmed or potential security breach
Specifies who determines and declares if a security breached has occurred
What individuals or departments will be notified
How and when they are notified
Who will respond to the incident
Guidelines for the appropriate response.
What is a first responder
The first experienced person or a team of trained professionals that arrive in the scene of an incident.
The three components of employee security education
Awareness. Being aware of the importance of information security and be alert to its potential threats. Create awareness through seminars, email, or information in a company intranet
Communication. Lines of communication between employees and the security team must remain open. Security teams are responsible for keeping the workforce informed of updated practices and standards
Education. Employees must be trained in security procedures, practices and expectations.
What are the users security responsibilities
Physical security. Employees should not allow anyone in the building without proper Id. No piggybacking on a badge. Employees should challenge persons without an ID. Confidential files must be stored securely
System security. Use user ids and passwords properly. Never written down or shared. Confidential files saved to an appropriate location and secured.
Device security. Use correct procedures to log off all systems and shut down computers when not in use. Wireless communication devices must be approved by the IT dept and installed and secured.