Menu
Welcome to ExamNotes for CertBlaster! This edition will examine the topics covered in A plus 1002 sub-objective 2.5 which discusses social engineering. Have fun!
Social engineering can be best described as influencing the actions of others by gaining their confidence and trust. Once trust has been gained, the attacker (or your new friend) gets the target to disclose information or provide access to a network or a computer. It is widely known that in the security world, a human can always be considered the weakest link in any defense.
Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002
Whether it is an email or a phone call, it is imperative that any user reconsider any invitations by thinking, taking their time, and by trusting no one. The user may have a friend whose email has been hijacked. An email from anyone, known or unknown, needs to be examined with the same level of care.
Phishing is an overt attempt to trick a user into doing something stupid that will compromise their personal information. A form of social engineering, phishing works by sending an email containing a malicious attachment or hyperlink.
A typical phishing email will contain malicious content. However, a phishing email can be easily recognizable if the end user notices typographical errors and bad grammar in the message. Furthermore if an email is received that contains a hyperlink, hover over the link with the mouse cursor in order to confirm the URL instead of blindly trusting the benign text label of the link.
Always report phishing attacks to the appropriate party. For example, if a phishing (spoof) email is received from a seemingly known entity, look carefully at the email and examine the grammar and spelling. Also check the general appearance of the email. A phishing email will look less than perfect in several ways, especially the graphics/logos which will look fuzzy and less crisp. Stop and Think before You Click. If you suspect an email as a phishing attempt, send it to the party being spoofed. Phishing and Spear phishing are prime vehicles for assorted malware.
Spear phishing targets specific groups for attack based on things they have in common, e.g. where specific people work in addition to where they shop or where they do their banking. This specific piece of information adds trust to the phishing communication if the user is not careful. In the example shown below, Charles Schwab is the entity that “legitimizes” the message. If you look at the message carefully, scan the header information for irregularities which are definitely present. The sender’s return address has very little to do with the reported company. Always look past the name and check the actual sender’s address. The recipient is incorrect since you (probably) don’t work for Charles Schwab. Also, the message body begins with an image. Images in the message body can be hyperlinks to malicious sites.
This particular email client is set to block imbedded images and to display them on demand, giving the user a chance to analyze the message. The email asks to the user to log in through a link in order to verify recent activity information. Finally, the hyperlink address is anything but legitimate. The link will go to or through a middle-man (see below) that will capture all the data that is being entered. This holds true for both phishing attack types, however, the spear phishing attack targets a more specific group of users.
Schwab Phish
Impersonation is the practice of misrepresenting oneself by using a false IP address or more commonly, a false email address. The person being spoofed does not realize immediately that the email address is fake. For any impersonation email, always read the email carefully and think about what you are being asked to do. Is the request legitimate? Would your employer really need your social security number or is it more likely to be on your job application? Microsoft does not email or call you. The FBI does not call you. They will knock if you are lucky. Consider the source and think before you click.
Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002
Shoulder surfing is the time-honored method of capturing usernames and/or passwords by simply looking over a person’s shoulder. This is a surprisingly effective technique and can also be used at ATM’s.
Tailgating occurs when an unauthorized party closely follows the secure access of an authorized party enough in order to appear as a single entity to security systems. This attack is seemingly innocent, even courteous to a point since the authorized party holds the door open. This term also covers when an unauthorized party commandeers an authorized party’s workstation while they are away from it.
Dumpster Diving
This is the process of examining a company’s bulk trash for confidential data. Interestingly, this is legal for the most part. A carelessly discarded hard disk may contain financial data or business plans, yet is treated the same as a discarded table lamp! Shred documents and destroy physical storage before discarding.
DoS
Denial of Service (DoS) is an attack on a server, disrupting normal traffic by flooding the server with more TCP/UDP requests than it can process. There are several DoS attack types:
Buffer overflow
In this case, the attacker overwhelms a network address with traffic until it fails.
ICMP flood
In this case, network devices are compromised and are used to send ICMP ping packets throughout the network, flooding it with traffic. This is also called The Ping of Death.
SYN flood
In this attack, multiple connection requests are sent to a server. However, the attacker does not complete the handshake and eventually overloads the server, preventing legitimate connections from happening.
DDoS
Distributed Denial of Service (DDoS) attacks use the same methods as DoS. Multiple locations are used to attack, making it difficult to pinpoint the attacker due to the large number of systems at their disposal. Often, these attacks use computers that have been compromised with malware and are controlled by the attacker without the user’s knowledge. These compromised systems are called Zombies.
A Zero day attack is an exploit of an operating system or software vulnerability that is unknown to and unpatched by the author of the product. The name of this attack comes from the fact that there is no warning of the attack. This is compounded by the fact that the attack will be successful until it is discovered and patched by the vendor. It does not take long for a zero day attack to be effective considering the time it takes to program a patch and get it distributed to the public. These attacks can take place between the time they are discovered and when the patch is issued.
A Man-in-the-middle (MitM) attack uses a webserver that is in the path between the client and its destination. All client Internet activity is processed through the malicious server while it quickly skims the personal data for anything of value. Man-in-the-middle attacks are generally transparent to the client and the server. If you feel like you are a victim of MitM, look at the lag time between a page request and its delivery. Also, compare the displayed content on a frequently used site with another PC running the same software. Any loss of image quality or access speed are signs of possible MitM. When removing, treat this as any other malware. Many AV packages offer a “Real Site” or similar mode where links can be checked for their validity.
Brute forcing (Brute Force Cracking) can be best described as cracking a username, password, or even a Wi-Fi encryption protocol or decryption key by trial and error. This results in repeated evaluation through the use of a pre-defined set of values. Use long and complex passwords to defend against this attack.
Dictionary attacks are a form of brute force attack that uses words found in the dictionary in order to discover passwords and decryption keys. In this case, avoid using words found in the dictionary for security. It is helpful to use a mix of upper and lower case letters along with numbers and special characters (!@#$%).
This attack uses a list of plaintext passwords along with the encrypted hash list. Most organizations store only the hashed passwords while the attacker needs a stolen hashed password list. When the attacker has a hash to plaintext match, the attacker is free to attack.
In order to protect their assets, businesses set system compliance standards and monitor host configurations. This assures that all attached systems meet a certain pre-defined level of antivirus updates, system and application security patches, along with up-to-date drivers for the hardware. Monitoring is performed by a configuration reporting tool installed on the host. The configuration report is sent to the configuration monitor and scanned for compliance. Any system reporting missing or out of date software, antivirus, or old drivers is considered to be a non-compliant system and is therefore determined to be in violation of best security practices.
Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002
And with this, we will wrap up 220-1002 sub-objective 2.5 “Compare and contrast social engineering, threats, and vulnerabilities.” Hopefully, this post will add to your A+ skills and will provide you with additional insights you can use to protect yourself and your clients against omnipresent threats. Good luck on the test!
By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.