Unit 2 Flashcards
How do you gather data fora wireless attack?
Social engineering, phishing, pharming, search engine, dumpster diving
What is social engineering?
Trick people into gaining information/access by relying on their friendliness
How do you protect against social engineering?
Written policy
What is phishing?
Electronic social engineering - sending an e-mail that tricks people into revealing information by masquerading as a legitimate website
What is spear phishing?
Targeted phishing attack
What is google phishing?
Fake search engines
How do you recognize phishing?
Deceptive URLs, fake sender addresses, e-mails designed like websites - most importantly, no website should be asking you for a password
What is pharming?
Masquerading as legitimate website to get users to reveal passwords
What is one overlooked way attackers can do recon?
Improperly recycled equipment - data can be retrieved forensically form hard drives
What is WarWalking (or WarX)
Walking around neighbourhood scanning wif networks to build a vulnerability map and share with people.
What is the danger of unapproved wireless devices in an organization?
Can be used by attackers unknowingly to victim (Man in the Middle AttacK)
What are Rogue Access Points?
WiFi access point that is not under the management of network administrator
Evil Twin Access Points
Copies legit SSID and BSSID to trick someone into connecting (can be away from original location [auto-connect])
What is a WiFi honeypot?
Resembles legitimate AP, poorly secured, to trick attackers into connecting
What is a MITM attack?
Man in the Middle - can be done inside or outside the network to capture traffic (encrypted or unencrypted)
