Network Security Study Guide for the CompTIA Network+

Types of Attacks

An attack is any attempt by a threat to disrupt, disable, or destroy an enterprise’s cyber connection or to attack the integrity of an enterprise’s data. Attacks can be either based on technology or the manipulation of human nature. You should be able to compare and contrast both types of attacks as well as identify common techniques used in each.

Technological Attacks

A technology-based attack is one that attempts to take advantage of vulnerabilities in the software, hardware, protocols, or transmission methods of a network. Technology-based attacks are logical in nature.

Denial-of-Service (DoS)/Distributed Denial-of-Service (DDoS)

A DoS attack is one that is designed to disrupt access to a network, its intranet, or its resources by flooding the target with traffic or by triggering a crash in the network or resource. A DDoS attack employs the use of multiple compromised devices, also known as bots or zombies, to execute the attack and cripple a system.

Botnet/Command-and-Control (C&C) Server

A botnet is a group of internet-connected programs, systems, or devices that are linked through a centralized management interface, referred to as C&C server, to work in coordination with one another. A DDoS attack commonly creates a botnet and deploys the attack via the C&C server to amplify the attack on the target.

Retrieved from: https://da.m.wikipedia.org/wiki/Fil:Ddos-attack-ex.png License: http://creativecommons.org/licenses/by-sa/3.0/

On-Path Attack

An on-path attack, also known as a man-in-the-middle (MITM) attack, attempts to intercept packets during transmission between the sender and receiver. Some on-path attacks are designed to only read the data packets, while others may attempt to alter the data before forwarding it on to its intended destination.

Retrieved from: https://fi.m.wikipedia.org/wiki/Tiedosto:MITM_Diagramm.png License: http://creativecommons.org/licenses/by-sa/3.0/

Domain Name System (DNS) Poisoning

When a domain name is entered into an address bar, an Internet Protocol (IP) address resolution query is sent to a DNS server, which finds the domain and sends the query through to its corresponding IP address. DNS poisoning (also known as DNS cache poisoning) is the practice of replacing DNS records with faulty IP addresses and redirecting the querying client to the wrong IP address.

Retrieved from: https://commons.wikimedia.org/wiki/File:Dns-cache-poisoning.png License: http://creativecommons.org/licenses/by-sa/3.0/

Virtual Local Area Network (VLAN) Hopping

VLANs are Layer 2 subdivisions that separate a single switch port into multiple logical ports. They can span multiple switches via a trunk link. VLAN hopping occurs when traffic directed toward one VLAN is sent to the wrong VLAN. A threat actor places two tags on a packet, a real tag and a fake tag. As the packet transmits between multiple switches, the real tag is removed, leaving the fake tag, which is where the packet is actually sent.

Address Resolution Protocol (ARP) Spoofing

The ARP cache stores IP addresses and their corresponding devices’ media access control (MAC) addresses. ARP spoofing occurs when the MAC addresses associated with an IP address are remapped to another device, resulting in the querying client connecting with the wrong MAC-associated device.

Retrieved from: https://commons.wikimedia.org/w/index.php title=File:ARP_Cache_Poisoning.jpg&oldid=840034616 License: http://creativecommons.org/licenses/by-sa/3.0/

Rogue Dynamic Host Configuration Protocol (DHCP)

DHCP automatically assigns IP addresses to hosts in a network. A rogue DHCP attack occurs when a DHCP intercepts the IP assignment request and assigns the requesting device a faulty IP address, subnet mask, or default gateway.

Rogue Access Point (AP)

A rogue AP is an access point that is connected to the wired network to provide an illegitimate AP on the network. Rogue APs are placed outside of the legitimate network to create an alternate path or bypass into the network.

Evil Twin

An evil twin is an advanced version of a rogue AP. An evil twin not only creates a rogue AP but attempts to copy a legitimate AP and insert itself into the network by jamming the legitimate AP and intercepting the connections destined for that legitimate AP. The evil twin can request an IP address from the DHCP server and become fully integrated into the target network.

Ransomware

A ransomware attack is one in which a threat actor prevents or denies access to data and affected resources, typically through the use of encryption. With ransomware attacks, the threat actor usually demands some form of payment, often monetary, in return for decryption or the decryption key.

Password Attacks

A password attack is one that attempts to decipher or crack a password. For the purposes of the CompTIA Network+ exam, there are two primary password attack techniques: brute force and dictionary.

Brute Force

A brute force attack attempts to crack a password by trying every possible password combination until the correct combination is found.

Dictionary

A dictionary attack is similar to a brute force attack, except instead of trying every combination, it tries entries in an applied list or dictionary. A dictionary can be an actual dictionary or another provided list. For example, if a user is known to have an interest in a specific subject, a list of words or phrases relating to that subject can be used as the dictionary.

MAC Spoofing

MAC spoofing occurs when an illegitimate device assumes the MAC address of a legitimate device. Transmissions intended for the legitimate device will then be sent to the spoofed MAC device instead.

IP Spoofing

IP spoofing is the process of changing the source IP address to another IP address. IP spoofing is commonly used to bypass firewalls, which are configured to deny access to specific IP addresses.

Deauthentication Attack

Deauthentication is a type of DoS attack that sends numerous deauthentication frames to wireless APs to disconnect the AP from the primary network. A deauthentication attack can be used in conjunction with an evil twin, which will insert itself when the legitimate AP goes offline.

Malware

Malware is a broad term used for any type of malicious software whose goal is to harm a device, system, or network. Malware includes viruses, worms, trojans, ransomware, and spyware, among others.

Human and Environmental Attacks

Human and environmental attacks are attacks that attempt to exploit human nature or the environment around the network or users.

Social Engineering

Social engineering is the process of exploiting human weakness through manipulation to gain access to information, such as a user’s credentials or password, or to gain access to a system, such as by inserting malware into an email attachment. Social engineering techniques can be very simplistic, such as asking a person to hold a door, or highly sophisticated, such as researching and targeting a specific person.

Phishing

Phishing is one of the most common social engineering techniques. It relies on misrepresentation to gain access to a device or sensitive data. For example, a phishing email may claim to be from a government agency or known associate. Phishing attacks are designed to elicit a desired response from the target, such as clicking on a malicious link in an email or providing sensitive information to the attacker.

Tailgating

Tailgating is a social engineering attack in which a threat actor attempts to access a physical area by following someone through a barrier without their knowledge. For example, an employee may enter a locked area through a door, and before the door can completely close, the threat actor catches the door and enters behind the employee.

Piggybacking

Piggybacking is similar to tailgating except that, with piggybacking, the person allowing entry to another person is aware of the entry, they are just unaware that the person gaining entry is a threat. For example, a threat actor may stand at the entrance to a building while holding multiple packages and tell a target to hold the door. The target, being polite, holds the door, allowing entry to the threat actor.

Shoulder Surfing

Shoulder surfing is a social engineering technique in which a threat actor attempts to physically view sensitive information without the target being aware. For example, a target may be using a laptop at a coffee shop with the threat actor seated behind the target. When the target enters their password, the threat actor behind them views the entry.