Network Security Threats And Attacks 13

Question 0

Physical security threats and vulnerabilities can come from many different areas

Answer 0

Internal. Like a disgruntled employee
External
Natural
Man-made. Can be internal or external

Question 1

Physical security refers to

Answer 1

The implementation and practice of various control mechanisms that are intended to restrict physical access to facilities

Question 2

Environmental threats and vulnerabilities

Answer 2

Fire. Can destroy hardware and the data contained in it
Hurricanes and tornados. Magnitude of the damage
Flood
Extreme temperature
Extreme humidity

Question 3

What is a social engineering attack

Answer 3

Uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines

Question 4

Types of social engineering attacks

Answer 4

Spoofing. Pretend to be someone else to conceal identity. Occurs using IP addresses, MAC addresses, and email
Impersonation. Attacker pretends to be someone he is not.
Phishing. Email based attack. Gain account info
Vishing. Use voip to gain confidential info
Whaling. Form of phishing targeting the wealthy
Spam and spim. Email based. Flooded with emails. Spim im based attack
Hoax. Incorrect info sent to multiple users

Question 5

What is a malicious code attack

Answer 5

Type of software attack where an attacker inserts undesired software or malware into a target system
Uses include DoS attacks on other systems, hosting illicit or illegal data, skimming personal or business information for identity theft, profit, or extortion.

Question 6

Types of malicious code attacks

Answer 6

Virus. Code that spreads by attaching itself to other files.
Worm. Code that spreads on its own. Doesn’t stitch to another file.
Trojan horse. Is itself a software attack. User fooled into executing it.
Logic bomb. Piece of code that sits dormant on a target computer until triggered by a specific event
Spyware. Malicious software intended to track and report the usage of a system
Adware. Software that automatically displays or downloads ads when it is used.
Rootkit. Code intended to take control of a system at the lowest levels.
Botnet. Set of computers that have been infected by a control program called a bot that enables attackers to exploit them and mount attacks.

Question 7

What is software attack

Answer 7

Any attack against software resources including os, applications, protocols, and files.

Question 8

Name the types of viruses

Answer 8

Boot sector. Infects any disk based media, writes itself in the boot sector
Macro. A group of application specific instructions that execute within a specific application
Mailer and mass mailer. Sends itself to other users through the email system
Polymorphic. Can change as it moves around acting differently in different systems
Script. Runs code using the windows scripting host
Stealth. Moves and attempts to conceal itself until it can propagate then drops its payload

Question 9

What is buffer overflow

Answer 9

An attack that targets system vulnerabilities to cause the device os to crash or reboot, and may result in loss of data or execute rogue code on devices.

Question 10

What is a password attack

Answer 10

Any type of attack where the attacker attempts to obtain and make use of passwords illegitimately. Can show up in audit logs as repeatedly failed logons and then a successful on.

Question 11

Types of password attacks

Answer 11

Guessing. Repeated attempts by entering different common password values.
Stealing. Sniffing network communications, reading handwritten password notes, observing user as they enter password
Dictionary attack. Automates password guessing
Brute force attack. Use of password cracking software to attempt every possible alphanumeric password combination
Hybrid password attack. Utilizes multiple attack vectors to crack a password.

Question 12

What is an IP spoofing attack

Answer 12

Software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system.
Takes advantage of applications and services that authenticate based on IP address, devices that run Sun RPC or Windows, the GUI system in Unix systems. Services that have been secured using TCP wrappers. Legacy technologies. Routers not configured to drop incoming external packets with internal IO addresses

Question 13

What is session hijacking attacks

Answer 13

Exploiting a session to obtain unauthorized access to an organizations network or services.
Involves stealing an active session that is used to authenticate a user and to a server and controlling the session.

Question 14

What is a DoS attack

Answer 14

A denial of service attack is a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services.
Accomplished by flooding a network link with data to so sure all available bandwidth
Sending data designed to exploit known flaws in an application
Sending multiple service requests to consume a systems resources
Flooding a users email inbox with spam messages
Or by disconnecting a network cable

Question 15

What is a smurf attack

Answer 15

A type of DoS attack that exploits vulnerabilities in ICMP by overloading a host with ping requests and clogging a network with traffic.
Creates a false ICMP Echo request packet that’s uses the address of the targeted host as the source and a network broadcast address as the destination.

Question 16

What is a DDoS attack

Answer 16

A distributed denial of service
A type of DoS attack that uses multiple computers on disparate networks to launch the attack from many Simultaneous sources.
Attacker introduces unauthorized software called a zombie or drone that directs the computer to laugh the attack

Question 17

What is a man in the middle attack

Answer 17

A form of eavesdropping where the attacker makes an independent connection between two victims and relays information between the two Victims as if they are directly talking to each other. In reality the attacker is controlling the information that travels between the two victims

Question 18

What are eavesdropping attacks

Answer 18

Also called sniffing attack, uses a special monitoring software to intercept private network communications, either to steal the content of the communication itself or to obtain user names and passwords for future network attacks.

Question 19

What is a port scanning attack

Answer 19

A network attack where an attacker scans the computers and devices that are connected to the Internet to see which TCP and UDP ports are listening and which services on the system are active.

Question 20

What is a Xmas attack

Answer 20

Type of port scan used to check which machines are open or responding so that those ports can be used for a follow up attack. A packet with all flags turned on in the TCP header of the packet. (Packet lit up like a Christmas tree)
Known as a stealth scan due to its ability to hide the scan in progress and to pass undected through some popular firewalls, IDS and other systems.

Question 21

What is a replay attack

Answer 21

A network attack where an attacker captures network traffic and stores it for retransmitting at a later time to gain unauthorized access to a specific host or network.
Captures packets that contain user names, passwords, or other authentication data.
Usually never discovered.

Question 22

What is an FTP bounce attacks

Answer 22

Targets the FTP vulnerability which permits connected clients to open other connections on any port of the FTP a server.
A user with an anonymous FTP connection can attack other systems by opening a service port on the third system and sending commands to that service.

Question 23

What is ARP poisoning attack

Answer 23

Occurs when an attacker redirects an IP address to the MAC address of a computer that is not the intended recipient.
The attacker can then capture or alter network traffic before forwarding it to the correct destination or create a DoS condition by pointing the selected IP address at a nonexistent MAC address

Question 24

Describe wireless security

Answer 24

Any method of securing your WLAN network to prevent unauthorized network access and network data theft.
Attacks can be avoided by using relevant security protocols

Question 25

What is a site survey

Answer 25

An analysis technique that determines the coverage area of a wireless network, identifies any source of interference and establishes other characteristics of the coverage area.
used to help you install and secure a WLAN

Question 26

Name some wireless vulnerabilities

Answer 26

Rogue access point
Evil twins
Interference 
Bluejacking
Bluesnarfing 
War driving 
War chalking
WEP and WPA cracking
IV attack
Packet sniffing

Question 27

Describe rogue access point

Answer 27

An unauthorized wireless access point on a corporate or private network. Not easily detected. Can allow man in the middle attacks and access to private information.
To protect against this attack by implementing techniques to constantly monitor the system such as installing IDS

Question 28

Describe evil twin wireless threat

Answer 28

Are rogue access points on a network that appears to be legitimate. Typically found in public wifi hotspots. Users think the wireless signal is genuine.

Question 29

What is interference wireless vulnerability

Answer 29

Radio waves interfere with the 802.11 wireless signals. Usually occurs at homes because of various electronic devices operating in a bandwidth close to that of the wireless network.

Question 30

What is bluejacking wireless threat

Answer 30

Used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth enabled devices. Close range attack ~30 ft
To prevent users should reject anonymous contacts and configure there devices to the non discoverable mode.

Question 31

What is bluesnarfing wireless attack

Answer 31

Act of searching for instances of wireless networks using wireless tracking devices.
Locates wireless access points while traveling.

Question 32

What is WEP and WPAN cracking wireless threat

Answer 32

Method of cracking the encryption keys used in WEP and WPA installations to gain access to private wireless networks.

Question 33

What is War driving threat

Answer 33

Act of searching for instances of wireless networks using wireless tracking devices.
Wireless access receiving

Question 34

What is war chalking wireless threat

Answer 34

The act of using symbols to mark off a sidewalk or wall to indicate open wireless network offering Internet access
Wireless Access Receiver

Question 35

What is an IV attack

Answer 35

The attacker is able to predict or control the Initialization Vector of an encryption process.
Gives the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for an authentic user of the network.

Initialization vector is a technique used in cryptography to generate random numbers to be used Along with a secret key to provide data encryption

Question 36

What is packet sniffing wireless attack

Answer 36

An attack on wireless networks where an attacker capture data and registers data flows which allow the attacker to analyze the data contained in a packet.
Can be used to help organizations monitor their own networks against attackers.

Question 37

Name the four types of system updates

Answer 37

Patch. Supplemental code meant to address a security problem or a functionality flaw in a software package or OS

Hotfix. Emergency patch to address a specific security flaw

Roll up. Collection of previously issued patches and hotfixes applied to one component of a system

Service pack. Compilation of system updates and includes new features

Question 38

What is patch management

Answer 38

Practice of monitoring for obtaining, evaluating, testing, and deploying software patches and updates.
Evaluated for applicability and tested on non production systems. Then an organized plan for rolling out the valid patches is executed.

Question 39

What is antivirus software

Answer 39

Protective software that scans computers for known viruses, Trojans, worms, and other malicious programs.

Question 40

Companies can implement Internet email virus protection by

Answer 40

Screening the Internet gateway computers for viruses
Employing reliable desktop antivirus software
Scanning incoming email between the Internet and the email server
Scanning email again at The system level
If a virus is detected, disabling all Internet communications and isolating affected systems.

Question 41

Name some different anti spam solutions to implement to prevent the flood of spam in you email

Answer 41

End users can us address munging. Using a fake name and address to post on consumer websites or newsgroups
Disabling HTML in email programs
Using disposable email addresse

Administrators can block messages from own spam sources. Use filtering system that will read messages and scan for target words and phrases used In known spam email. Use a blacklist to block documented spamming sources

Email senders can use automated methods to ensure they do not send spam out

Research and law enforcement work together to. Investigate spam, track activities and gather evidence.

Question 42

Whats DNS Blacklists

Answer 42

Published lists that contain email addresses that are confirmed as spam sources.

Question 43

What are security policies

Answer 43

A formalized statement that defines how Security will be implemented within a particular organization.

Question 44

What are the components of a security policy

Answer 44

Policy statement. outlines the plan for the individual security component
Standards. Defines how to measure the level of adherence to the policy
Guidelines. Best practices for how to meet the policy standard
Procedures. Step by step instructions that detail how to implement components of the policy

Question 45

What are common security policy types

Answer 45

Acceptable user policy. Defines the acceptable use of an organizations physical and intellectual resources
Audit policy. Details the requirements for risk assessment and audits of resources
Extranet policy. Sets the requirements for third party entities that desire access to an organizations networks
Password policy. Defines the standards for creating password complexity
Wireless standards. Defines what wireless devices can connect to an organizations network and how to use them in a safe manner

Question 46

What is security incident management

Answer 46

The set of practices and procedures that govern how an organization will respond to an incident in progress.
Goal is to contain the incident appropriately and minimize any damage that may occur.
Includes procedures to log, and report on all identifies incidents and the actions taken in response.

Question 47

What is an IRP

Answer 47

Incident Response Policy
The security policy that determines the actions that an organization will take following a confirmed or potential security breach
Specifies who determines and declares if a security breached has occurred
What individuals or departments will be notified
How and when they are notified
Who will respond to the incident
Guidelines for the appropriate response.

Question 48

What is a first responder

Answer 48

The first experienced person or a team of trained professionals that arrive in the scene of an incident.

Question 49

The three components of employee security education

Answer 49

Awareness. Being aware of the importance of information security and be alert to its potential threats. Create awareness through seminars, email, or information in a company intranet

Communication. Lines of communication between employees and the security team must remain open. Security teams are responsible for keeping the workforce informed of updated practices and standards

Education. Employees must be trained in security procedures, practices and expectations.

Question 50

What are the users security responsibilities

Answer 50

Physical security. Employees should not allow anyone in the building without proper Id. No piggybacking on a badge. Employees should challenge persons without an ID. Confidential files must be stored securely

System security. Use user ids and passwords properly. Never written down or shared. Confidential files saved to an appropriate location and secured.

Device security. Use correct procedures to log off all systems and shut down computers when not in use. Wireless communication devices must be approved by the IT dept and installed and secured.