N10-009 Network Security Study Guide for the CompTIA Network+

Page 2

Attacks

An attack is any attempt by a threat to disrupt, disable, or destroy an enterprise’s cyber connection or to attack the integrity of an enterprise’s data. Attacks can be either based on technology or the manipulation of human nature. You should be able to compare and contrast both types of attacks as well as identify common techniques used in each.

Denial-of-Service (DoS)/Distributed Denial-of-Service (DDoS)

A DoS attack is one that is designed to disrupt access to a network, its intranet, or its resources by flooding the target with traffic or by triggering a crash in the network or resource. A DDoS attack employs the use of multiple compromised devices, known as bots or zombies, to execute the DoS attack and cripple a system. A botnet is a group of internet-connected programs, systems, or devices that are linked through a centralized management interface, referred to as command-and-control (C&C) server, to work in coordination with one another. A DDoS attack commonly creates a botnet and deploys the attack via the C&C server to amplify the attack on the target.

2 DDoS Attack.png

Retrieved from: https://commons.wikimedia.org/wiki/File:Ddos-attack-ex.png

VLAN Hopping

VLANs are Layer 2 subdivisions that separate a single switch port into multiple logical ports. They can span multiple switches via a trunk link. VLAN hopping occurs when traffic directed toward one VLAN is sent to the wrong VLAN. A threat actor places two tags on a packet, a real tag and a fake tag. As the packet transmits between multiple switches, the real tag is removed, leaving the fake tag, which redirects the packet.

3 VLAN Hopping.png

Retrieved from: https://commons.wikimedia.org/wiki/File:VLAN_hopping.png

Media Access Control (MAC) Flooding

MAC flooding is an attack directed at the MAC address tables of switches on a LAN that attempts to overwhelm and overflow the MAC address table, effectively blocking legitimate traffic from being processed.

Address Resolution Protocol (ARP) Poisoning

The ARP cache stores IP addresses and their corresponding devices’ MAC addresses. ARP poisoning occurs when false ARP messages are sent to a victim, actively corrupting the ARP cache and redirecting network traffic.

4 Spoofing (FIXED)4 Spoofing (FIXED).jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:ARP_Spoofing.svg

ARP Spoofing

ARP spoofing occurs when the MAC addresses associated with an IP address are remapped to another device, resulting in the querying client connecting with the wrong MAC-associated device.

Note: While the terms spoofing and poisoning are commonly used interchangeably, generally speaking, spoofing refers to impersonating or disguising as another entity, while poisoning refers to the deliberate insertion of false or malicious data to contaminate the target.

Domain Name System (DNS) Poisoning

When a domain name is entered into an address bar, an IP address resolution query is sent to a DNS server, which finds the domain and sends the query through to its corresponding IP address. DNS poisoning (also known as DNS cache poisoning) is the practice of replacing DNS records with faulty IP addresses and redirecting the querying client to the wrong IP address.

Note: The HTTP GET command is used by the client to request DNS information from the DNS server when a domain name is entered into an address bar. With DNS poisoning, the HTTP GET command results in a resolution to the alternate IP address.

5 DNA Cache Poisoning.png

Retrieved from: https://commons.wikimedia.org/wiki/File:Dns-cache-poisoning.png

DNS Spoofing

DNS spoofing occurs when a DNS record is changed to direct queried traffic to a malicious IP address.

Rogue Devices and Services

A rogue device or rogue service is any software or hardware that is connected to a network without permission, authorization, or the knowledge of the network administrator or manager.

Dynamic Host Configuration Protocol (DHCP)

DHCP automatically assigns IP addresses to hosts in a network. A rogue DHCP attack occurs when a DHCP intercepts the IP assignment request and assigns the requesting device a faulty IP address, subnet mask, or default gateway.

Access Point (AP)

A rogue AP is an access point that is connected to the wired network to provide an illegitimate AP on the network. Rogue APs are placed outside of the legitimate network to create an alternate path or bypass into the network.

Evil Twin

An evil twin is an advanced version of a rogue AP. An evil twin not only creates a rogue AP but attempts to copy a legitimate AP and insert itself into the network by jamming the legitimate AP and intercepting the connections destined for that legitimate AP. The evil twin can request an IP address from the DHCP server and become fully integrated into the target network.

On-Path Attack

An on-path attack, also known as a man-in-the-middle (MITM) attack, attempts to intercept packets between the sender and receiver during transmission. Some on-path attacks are designed to only read the data packets, while others may attempt to alter the data before forwarding it to its intended destination.

6 On-Path Attack.png

Retrieved from: https://commons.wikimedia.org/wiki/File:MITM_Diagramm.png

Social Engineering

Social engineering is the process of exploiting human weakness through manipulation to gain access to information, such as a user’s credentials or password, or to gain access to a system.. Social engineering techniques can be very simplistic, such as an unauthorized person asking an authorized employee to hold a door for them, or highly sophisticated, such as a threat actor researching and targeting a specific person.

Phishing

Phishing is one of the most common social engineering techniques. It relies on misrepresentation to gain access to a device or sensitive data. For example, a phishing email may claim to be from a government agency or known associate. Phishing attacks are designed to elicit a desired response from the target, such as clicking on a malicious link in an email or providing sensitive information to the attacker.

Dumpster Diving

Dumpster diving is a social engineering technique in which a threat actor attempts to garner information about a target by accessing discarded waste such as sensitive papers or computing devices. Once refuse or trash has been placed for collection in a publicly accessible location, such as a dumpster, it is considered public property and not legally protected.

Shoulder Surfing

Shoulder surfing is a social engineering technique in which a threat actor attempts to physically view sensitive information without the target being aware. For example, a target may be using a laptop at a coffee shop with the threat actor seated behind the target. When the target enters their password, the threat actor behind them can view the entry.

Tailgating

Tailgating is a social engineering attack in which a threat actor attempts to access a physical area by following someone through a barrier without their knowledge. For example, an employee may enter a locked area through a door, and before the door can completely close, the threat actor catches the door and enters behind the employee.

Malware

One of the more common methods of cyber social engineering involves the insertion of malware into an email attachment. Malware is a broad term used for any type of malicious software whose goal is to harm a device, system, or network. Malware includes viruses, worms, Trojans, ransomware, and spyware, among others.

Previous
Next

All Study Guides for the CompTIA Network+ are now available as downloadable PDFs

Upgrade to Premium