vulnerabilities of data transmission

Question 1

Sniffing attack

Answer 1

• a sniffing attack refers to tapping network traffic or routing the traffic to a target where it can be captured, analysed, and monitored.

Question 2

Sniffing attack defences

Answer 2

• Connect to trusted networks
• Encrypt data
• Network scanning and monitoring

Question 3

Connect to trusted networks

Answer 3

• Connecting to any public network will have a risk that the traffic might be sniffed.
• Attackers choose these public places exploiting the user’s lack of knowledge.
• Public networks are setup and then may or may not be monitored for any malicious activity.

Question 4

Encrypt Data

Answer 4

• Encrypt all data that leaves a system to ensure that even if the traffic is being sniffed, an attacker will not be able to read it.
• Encrypting the data does not mean that now everything is safe.
• An attacker might be able to capture a lot of data and run cryptographic attacks to get something out of it.

Question 5

Network scanning and monitoring

Answer 5

• Networks should be scanned for any kind of intrusion attempt or rogue devices that may be set up in to capture traffic.
• Network administrators should monitor network devices as well to ensure they are authorised and have not been infected.

Question 6

Man in the middle attack - Involves

Answer 6

1. The victim.
2. The entity with which the victim is trying to communicate.
3. The man in the middle (MITM) who’s intercepting the victim’s communications.

Question 7

what you think happened

Answer 7

1. You receive an email from your bank, asking you to log in to your account to confirm your contact information.
2. You click on a link in the email and are taken to your bank’s website, where you log in and perform the requested task.

Question 8

what actually happened

Answer 8

1. The MITM sent you the email, making it appear to be legitimate.
2. The MITM also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login
   credentials after clicking the link in the email.
3. But when you did that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.

Question 9

Man in the middle phases

Answer 9

• Interception
• Decryption

Question 10

Interception

Answer 10

• With a traditional MITM attack, attackers will look to gain access to an unsecured or poorly secured Wi-Fi router.
• Attackers can scan the router looking for specific vulnerabilities such as a weak password.
• Once attackers find a vulnerability, they can exploit it by deploying tools to intercept and read the victim’s transmitted data.

Question 11

Decryption

Answer 11

• The victim’s intercepted data must then be unencrypted, so that the attacker can read and act upon it.
• BUT, most of the data we have been dealing with is sent unencrypted to and from the server and client!

Question 12

Man in the middle defences

Answer 12

• Make sure HTTPS is always in the URL bar of websites being visited, e.g., https://www.google.com/
• Be wary of potential phishing emails from attackers asking to update passwords or any other login credentials.
• Direct connections to public Wi-Fi routers should be avoided if possible.

Question 13

Spoofing attack types

Answer 13

• IP address spoofing
• ARP spoofing
• DNS server spoofing
• HTTPS spoofing

Question 14

IP address spoofing

Answer 14

• Every device capable of connecting to the internet has an internet protocol (IP) address similar to your home address.
• An attacker can trick you into thinking you’re interacting with a website or someone you know, perhaps giving the attacker access to information you would otherwise not share.

Question 15

Address resolution protocol (ARP) spoofing

Answer 15

In an ARP spoofing attack, an attacker sends spoofed ARP messages across a local area network in order to link their MAC address with the IP address of a legitimate member of the network.

Question 16

DNS (Domain name system) spoofing

Answer 16

In a DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific domain name to a different IP address.

Question 17

HTTPS Spoofing

Answer 17

• Seeing HTTPS at the start of a URL, rather than HTTP is a sign that a website is secure and can be trusted.
• By redirecting the user’s browser to an unsecure website, the attacker can monitor the user’s interactions with that website and possibly steal personal information that they are sharing.

Question 18

Spoofing attack defenses

Answer 18

• Packet Filtering
• Avoid trust relationships
• Using spoofing detection software
• use cryptographic network protocols

Question 19

packet filtering

Answer 19

• Packet filters inspect packets as they are transmitted across a network.
• Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information

Question 20

Avoid trust relationships

Answer 20

• Trust relationships allow users in one domain to access resources in another domain.
• Trust relationships should be relied on as little as possible

Question 21

Using spoof detection software

Answer 21

• These programs work by inspecting and certifying data before it is transmitted and blocking data that appears to be spoofed.

Question 22

Use cryptographic network protocols

Answer 22

• Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS)
• prevention efforts by encrypting data before it is sent and authenticating data as it is received.

Question 23

Replay Attacks

Answer 23

*A replay attack occurs when an attacker intercepts and then delays or resends a secure data communication
to misdirect the receiver into doing what the attacker wants.

Question 24

Replay attack defences

Answer 24

*Both sender and receiver should establish random session keys that is are valid for one transaction only and
cannot be used again.
*Use a One Time Password (OTP) for each transaction that’s only used once and discarded.