Menu
Welcome to Exam Notes by CertBlaster! This is our free study guide for Network Plus 4.4. In this edition, we will cover the topics outlined in Network+ Objective 4.4 – “Summarize common networking attacks.”
A DoS (Denial-of-Service) attack prevents legitimate users from accessing normal content such as from a web server. This attack sends a flood of illegitimate SYN requests to a server, exhausting its resources. This attack comes from sources owned by the attacker. Please review the following types of DoS attacks.
A DDoS (Distributed DoS) attack is much more sophisticated than a simple DoS attack. This attack infects hosts with malware and turns them into an army of bots or zombies. The infected machines are controlled by the attacker, unknowing to the user. The users unwittingly become a part of this coordinated attack.
A DRDoS (Distributed Reflective DoS) attack is a DDoS attack that uses uninfected computers to bounce the attack to the target. The packets in this attack are spoofed echo requests that appear to be sent from the target. When the echo requests are sent to the target, the target becomes flooded.
Amplified DRDoS attacks optimize the attack by sending simple requests that require larger responses from the target. This floods the targets with requests that require more resources to respond, amplifying the effectiveness of the DRDoS attack.
Employees present a security risk since human nature can cause employees to divulge information to the attacker. This is referred to as social engineering and uses a perceived sense of trust in order to trick users into revealing confidential information. The attacker may be posing as an authorized employee asking to gain information about the network. For example, a “help desk” intruder may be able to get a password from a user with little to no effort. There are many types of social engineering and we will cover those described in the objectives.
Phishing is a highly effective attack type. During this attack, the attacker sends a seemingly legitimate email to the victim asking them to log on to a retailer’s URL and submit their username and password for verification.
A user may become dissatisfied with their job and may decide to act maliciously. This is an extremely serious threat. They have extensive knowledge about the organization’s infrastructure. A user with high-level rights and permissions can do serious damage.
There are many types of malware constantly attempting attacks by viruses, worms, and trojan horses. We will cover those types listed in the objectives.
A logic bomb is malware that has infected a PC but will not execute until a specific date or under certain conditions. Logic bombs are harmless and lie dormant until it has been triggered.
Ransomware is malware that locks the user’s computer and encrypts the data on all connected drives, including online storage. The user receives a locked screen with instructions detailing the ransom demand and payment information. There may be a deadline for payment or a threat to delete data if the ransom is not paid. Computers infected with ransomware are not generally recoverable until the ransom is paid. Even then, you may not regain access. Ransomware is a multimillion-dollar operation.
Rogue access points are set up using the same SSID as valid access points. A rogue access point is also known as an evil twin. Once a user accesses the rogue access point, their data in transit can be hijacked or even access to the user data is possible.
An amazingly effective security threat is called war driving. In this case, the hacker simply drives around looking for unprotected wireless networks. There is an astonishing number of access points broadcasting their SSID that is setup using the default password. Once an open access point is discovered, the hacker can attempt to penetrate the network or just scan the traffic to attempt an exploit.
DNS poisoning, or DNS spoofing, attacks DNS servers by changing a webserver’s DNS record, redirecting legitimate traffic to a spoofed or compromised server. This enables the hacker to gather all the data intended for the legitimate server. The DNS system constantly updates other servers with its records so the poisoned address can spread quickly. ARP poisoning works in much the same way, however the ARP tables are attacked, changing the IP address and MAC address information stored on them.
Man-in-the-middle
This attack type redirects secure transmissions and captures them in order to obtain information such as passwords. Users may also be redirected to a fraudulent website that looks legitimate but contains links to other malicious sites.
Deauthentication
Wireless clients must authenticate with a wireless access point. There are times when this authentication can be revoked. For example, if the AP is overloaded, some users may be deauthenticated (knocked off). This requires them to log back onto the network. The deauthorization process can be broadcasted, prompting the user to resend their login credentials and other information in order to log back in. This data can be collected and used to cause damage.
Passwords are the bane of computing today. Users and hackers prefer short and simple passwords. Administrators prefer long and complex passwords in order to avoid security issues. Please follow the advice of administrators. Use a mix of numbers, upper and lower case letters, and symbols. Ensure the password is at least eight characters long. Having said that, a complex password is not immune to brute force hacking. A complex password is just harder to crack.
VLAN hopping is an attack that exploits the way VLANs are tagged. In this attack, the hacker sends transmissions to the switch that appear to be a part of the protected VLAN. Hackers are then free to travel across VLANs in order to gain sensitive information. Attackers can modify the VLAN tag by double tagging it or by spoofing the switch into thinking this is a trunk.
The terminology we use is important to understand. Here any weakness in a system that could be compromised is called a vulnerability. Not all vulnerabilities are attacked. When vulnerabilities are used to gain access or information, this is called an exploit.
That’s it for objective 4.4. See you in 4.5!
We hope you liked our free study guide for Network Plus 4.4. If you did, please let us know (you can use “contacts”. If you found any typos or the like, then please let us know about that too! This is a communal effort to bring studying costs down and we need all the help we can get to keep improving it.
By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.