Threat, Vulnerabilities and Mitigations: Network Based Threats Flashcards
What are the common Network Based Threats?
Wired, wireless and Bluetooth
What threats are involved in Wired Networks?
A big threat facing wired networks is when a threat actor gains physical access to them. This typically unauthorized access can result in network tampering and tapping, which is where a threat attacker actually connects into a network. Other threats include:
VLAN hopping: Accesses network resources by first breaching a network VLAN and then hopping to others to perpetuate an attack.
- Double tagging – misconfigured VLAN
- Double encapsulation
ARP spoofing: Refers to sending fake address resolution protocol (ARP) packets that will then connect a threat actor’s Media Access Control (MAC) address with a device’s Internet Protocol (IP) address on the target network.
ARP poisoning: Occurs after a threat actor successfully spoofs a network. They then modify the target’s ARP table to include falsified MAC maps.
- Ettercap
- Bettercap
Rogue devices: Are typically wireless access points (WAPs), switches, or users’ computers that can steal sensitive information, harm or even permanently damage your network, and hurt your company’s reputation.
It’s important to ensure you’re employing segmentation, encryption, and authentication at all times to help protect your network from these types of attacks.
No Flat networks
What threats are involved Wireless networks?
Wireless networks
Wireless networks can become targets of threat actors due to the use of default credentials and lack of, or weak, encryption. Types of encryption include:
Wired Equivalent Privacy (WEP): Was the first attempt (in 1997) at wireless protection. A single key encrypts all network traffic. Replaced by Wi-Fi Protected Access (WPA) encryption in 2003.
WPA: Introduced in 2003 by the Wi-Fi Alliance, offered increased data encryption and user authentication than WEP, using dynamically changing keys to help prevent threat actors from creating their own encryption key.
WPA2: Introduced in 2004, it’s an upgraded version of WPA, based on the robust security network (RSN) mechanism and works in personal or Pre-shared Key (WPA2-PSK) mode, relying on a shared passcode, or Enterprise mode (WPA2-EAP). WPA2 is vulnerable to key reinstallation attacks (KRACK), but is considered more secure than its predecessors.
What are the other attacks are considered on a wireless network?
Other types of attacks include:
Disassociation: Disconnects a WAP or client device from the network access point.
Jamming: Impacts broadcast communications.
Rogue access point (AP): Installs a WAP on a secured network without consent.
Evil twins*: Tricks users into connecting to a fake Wi-Fi access point.
What threats are involved bluetooth networks?
Bluetooth
It’s important that users have the most current version of Bluetooth and also regularly install security patches. Bluetooth cyberthreats include:
Bluejacking: Threat actor sends unsolicited messages to a victim’s Bluetooth-enabled device. Can occur from up to 30 feet away with phones and 300 feet away with laptops.
Bluesnarfing: Threat actor pairs with a Bluetooth device that’s set to discoverable, and can then gain access to, and steal data from, a device.
Bluebugging: Threat actor uses special tools to scan for, and take control of, Bluetooth devices. Like bluejacking, but more scary because the threat actor can install a backdoor on the target device for future access.
Bluebourne: Attacker takes over Bluetooth devices fully, even if they’re not set to discoverable or paired.
Car whispering: Threat actor gains access to Bluetooth-enabled car-stereo systems, and can eavesdrop on phone conversations and inject audio.
