CompTIA® Network : Threats, Vulnerabilities, & Mitigation Techniques & Others
5.4 Explain common threats, vulnerabilities, and mitigation techniques.
-
The evil twin is another access point or base station that uses the same SSID as an existing access point. It attempts to fool users into connecting to the wrong AP, compromising their wireless session.
-
Wardriving is the act of using a vehicle and laptop to find open unsecured wireless networks
-
Rogue access points can be described as unauthorized wireless access points/routers that allow access to secure networks
-
war chalking: On finding an open WLAN user writes a symbol on the structure nearby for others to know the credentials of the network.
-
WEP cracking: Many utilites are available on internet to find preshared key (PSK) by using mathematical algorithms. These collect packets transmitted by secure access point and use algorithm on them to get information.
-
Distributed Denial of Service (DdoS): It is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to send requests to a single system causing target machine to become unstable or serve its legitimate users. A hacker begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DdoS "master", also called as "zombie". It is from the zombie that the intruder identifies and communicates with other systems that can be compromised. The intruder loads hacking tools on the compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. This causes Distributed Denial of Service (DDoS) attack on the target computer.
-
Denial-of-service (DoS): These attacks, are explicit attempts to block legitimate users system access by reducing system availability. Any physical or host-based intrusions are generally addressed through hardened security policies and authentication mechanisms. Although software patching defends against some attacks, it fails to safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet packets. Hackers use zombies to launch DoS or DDoS attacks. The hacker infects several other computers through the zombie computer. Then the hacker sends commands to the zombie, which in turn sends the commands to slave computers. The zombie, along with slave computers start pushing enormous amount of useless data to target computer, making it unable to serve it legitimate purpose.
-
Smurf attack : It is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system
-
Man-In-The-Middle: These attacks intercept all data between a client and a server. It is a type of active interception. If successful, all communications now go through the MITM attacking computer. The attacking computer can at this point modify the data, insert code, and send it to the receiving computer. This type of eavesdropping is only successful when the attacker can properly impersonate each endpoint.
-
Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another.Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
-
Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
-
Buffer overflow occurs when the input is more than that allocated for that purpose. The system doesn't know what to do with the additional input, and it may result in freezing of the system, or sometimes to take control of the system by a hacker. By validating the inputs, it is possible to reduce this vulnerability to a great extent.
-
Packet sniffing is a form of wire-tap applied to computer networks instead of phone networks. It came into vogue with Ethernet, which is known as a "shared medium" network. This means that traffic on a segment passes by all hosts attached to that segment. Ethernet cards have a filter that prevents the host machine from seeing traffic addressed to other stations. Sniffing programs turn off the filter, and thus see everyone traffic.