Network Attacks and Hackers

Questions and Answers

Which of the following is NOT a type of attack that systems and networks are vulnerable to?

• Infrastructure attacks
• Informational attacks
• Economic attacks (correct)
• Denial of Service attacks

Network security is less of a challenge as more important information is stored in multiple places within systems and networks.

False (B)

Which of the following best describes the primary goal of reconnaissance in a hacking methodology?

• Removing or modifying critical system files
• Actively scanning for open ports and services
• Exploiting system vulnerabilities
• Passively gathering information about the target system/network (correct)

Which type of hacker engages in activities only with the permission of the asset owner?

White-hat hackers (D)

Which of the following is the opposite of ensuring data confidentiality?

Disclosure (C)

Firewalls can stop all external attacks.

False (B)

What is the primary purpose of an Intrusion Detection System (IDS)?

To detect malicious activity and policy violations (C)

Approximately what percentage of network attacks are estimated to originate from internal sources?

50% (A)

What does DDoS stand for?

Distributed Denial of Service

Taking down the Internet by attacking (root) _____ servers is a high impact attack.

DNS

Which of the following is NOT typically considered a layer of security control?

Financial (D)

Match the security layer with its corresponding example:

Layer 1 = Firewalls Layer 2 = Database Access Control Layer 3 = Data Encryption

The Swiss Cheese Model implies that a single layer of robust security is sufficient to protect against all attacks.

False (B)

Convert the binary number 101 to decimal.

5

The IP address 63.171.234.171 is an example of a _____ Decimal Notation.

Dotted

Linux is a different and quite powerful OS that evolved from which operating system?

UNIX (D)

Kali Linux is a general-purpose operating system suitable for everyday tasks.

False (B)

Which of the following interface types are offered by Kali LInux?

Both Graphical User Interface and Command Line Interface (C)

The open-source version of Linux is generally ______.

free

Which of the following directories in Linux contains configuration files?

/etc (B)

The /root directory is where user files are stored in Linux.

False (B)

Which Linux command is used to list the contents of a directory?

ls (C)

What is the pwd command used for in Linux?

print working directory

The ______ command is used to change the current directory in Linux.

cd

Which of the following is NOT a use case for running Kali Linux from a Live CD/DVD?

Developing software (C)

Using Kali Linux in a Virtual Machine (VM) requires paying a licensing fee.

False (B)

Match the Linux directory with its function

/: = root /bin: = binary (executable files) /boot: = files to boot up Kali /dev: = devices /etc: = configuration files /home: = user files /lib: = library files (shared code) /usr: = useful folders /var: = system variables (print, mail, process)

In the context of ethical hacking, what is penetration testing primarily used for?

To identify, attack, and report a systems strengths and vulnerabilities (C)

In black-box testing for ethical hacking, complete knowledge about the system under test is provided to ethical hackers.

False (B)

What is the primary purpose of using multi-layer security?

To make it difficult for hackers to succeed

In the common hacking methodology, covering tracks to avoid alerting anyone to activities is called ______.

Obfuscation

What was hacking primarily focused on during the 1960s-1970s?

Mainframe computers (D)

Investing in ethical hacking to test weaknesses in a network or system is not worthwhile.

False (B)

Name the common Hacking Methodology steps in order.

Reconnaissance, Scanning, Infiltration and Escalation, Exfiltration, Access Extension, Assault, Obfuscation

Flashcards

Network Vulnerabilities

Systems and networks are susceptible to external and internal attacks, informational attacks, DoS/DDoS attacks, and infrastructure attacks.

Network Security Challenge

As more information is stored in multiple systems and networks, the convenience and accessibility also increase the risk of access by unauthorized users.

Reconnaissance

Passively acquiring information about the intended system or network before an attack.

Scanning

Actively gathering information about the intended system/network using various tools and techniques.

Infiltration and Escalation

Exploiting vulnerabilities to gain access to a system and escalating privileges.

Exfiltration

Accessing protected resources and data after gaining unauthorized entry.

Access Extension

Creating backdoors or methods to maintain persistent access to the compromised system.

Assault

Removing or modifying critical files on the compromised system to cause damage or disruption.

Obfuscation

Covering tracks to avoid detection, making it difficult to trace the hacker's activities.

Ethical Hackers

Information security professionals who use hacking skills to uncover vulnerabilities with permission.

Amateur Hackers

Entry-level hackers who may use simple tools and techniques, often without a deep understanding.

Criminal Hackers

Hackers who use malicious software and devices for financial gain or other criminal activities.

Ideologue Hackers

Hackers motivated by ideological or political goals, carrying out activities to promote their beliefs.

Penetration Testing

A structured and methodical process of investigating, identifying, attacking, and reporting on a system's strengths and vulnerabilities.

Black-Box Testing

Testing a system without any prior knowledge of its internal workings or architecture.

White-Box Testing

Testing a system with advance knowledge of its internal workings, code, and architecture.

Confidentiality

Ensuring that information is accessible only to authorized subjects and protected from unauthorized disclosure.

Integrity

Protecting information from unauthorized modification and ensuring its accuracy and completeness.

Availability

Ensuring that information and resources are available to authorized subjects when needed.

Denial of Service (DoS)

An attack that overwhelms a system with traffic, making it unavailable to legitimate users.

Distributed Denial of Service (DDoS)

A DoS attack launched from multiple sources, amplifying the impact and making it harder to defend against.

Technical Controls

Tools like firewalls, proxies, and intrusion detection systems used to protect organizations.

Administrative Controls

Policies and procedures, such as password requirements, that organizations implement to enhance security.

Physical Controls

Measures to protect against theft and vandalism, such as locks, gates, cameras, and guards.

Multi-Layer Security

Layering security measures to make it more difficult for hackers to succeed in a cyber-breach.

Data Protection Layers

Firewalls to filter external attacks, access controls for databases, and encryption of data.

Dotted Decimal Notation

The representation of a 32-bit IP address using decimal numbers separated by dots.

Linux

An operating system evolved from Unix, known for its power and flexibility in security applications.

Kali Linux

A specialized Linux distribution designed for hacking and penetration testing.

Linux Interface

Offerings both Graphical User Interface (GUI) and Command Line Interface (CLI).

Linux Root Directory

The root directory is the top-level directory in the filesystem hierarchy.

Linux /bin Directory

Directory contains binary or executable files.

Linux /boot Directory

This directory contain files needed to boot up Kali.

Common Linux Command

Commands for Linux such as list, print working directory, change directory, make a directory, remove directory, remove or copy.

Linux Live Environment

A way to run Kali without installing it via CD or DVD.

Study Notes

• This lecture introduces hackers, network attacks, and the basics of Linux

Systems and Network Security

• Systems and networks are vulnerable to a variety of attacks
• External vs Internal attacks
• Informational attacks involve stealing, modifying, and/or deleting data or holding it for ransom
• Denial of Service and Distributed Denial of Service attacks
• Infrastructure attacks

Network Security Challenge

• Network security is challenged because more important information is stored in multiple places in systems and networks on the Internet
• Convenience increases access to information for unauthorized users

Who are the hackers, why they do it and how?

• The lecture explains the different types of hackers, their motivations, and methods

Common Hacking Methodology

• Reconnaissance: Passively acquiring information about the intended system/network
• Scanning: Actively gathering information about the intended system/network
• Infiltration and escalation: Exploiting vulnerabilities
• Exfiltration: Accessing protected resources and data
• Access extension: Creating ways to support "future access"
• Assault: Removing/modifying critical files
• Obfuscation: Covering tracks to avoid detection

Hackers: Different Types

• "Good people": Information security professionals use hacking to uncover vulnerabilities
• Amateurs: Entry-level hackers using simple tools
• Criminals: Use malicious software and devices in criminal activities for financial gain
• Ideologues: Hack to achieve ideological or political goals
• Justifications include victimless crime, the Robin Hood ideal, national pride, educational value, or curiosity

Ethical Hacking

• Ethical hackers (white-hat hackers) engage in activities only with permission of the asset owner
• Penetration testing: structured, methodical means of investigating, identifying, attacking, and reporting on a system's strengths and vulnerabilities
• Black-box testing provides no knowledge of the system to ethical hackers

Why Ethical Hacking?

• To ensure confidentiality, integrity, and availability
• Confidentiality: only authorized subjects can access data (opposite of Disclosure)
• Integrity: only authorized subjects can modify data (opposite of Alteration)
• Availability: Info and resources available on demand to authorized subjects (opposite to Disruption)

Network Attacks

• The lecture explains the different types of Network Attacks

History of Systems/Networks Hacking

• 1960s-1970s: Hacking targeted mainframe computers that were not remotely accessible
• 1980s: PCs became widespread and worms and viruses became more common
• 1990s: Web attacks increased
• 2000s: Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
• 2010s-2020s: Highly sophisticated tools used by groups of hackers, criminals, organizations, and foreign governments

Fundamental Question: Sources of Network Attacks?

• Network attacks can come from various points of entry, including servers, databases, routers, websites

Get a Firewall?

• Firewalls alone cannot stop all external attacks

Intrusion Detection System and Intrusion Prevention System

• Getting an Intrusion Detection System, or better, an Intrusion Prevention System, helps protect against network attacks

Problem With Network Attacks

• About 50% of attacks are internal
• Keep the firewall and find ways to stop internal attacks

Operation of a DDoS Attack

• A DDoS attack involves malicious traffic from attacker computers overwhelming a target server, causing a service offline outage

Future High Impact Attacks

• Taking down the entire Internet by targeting root DNS servers
• Interrupting the multi-country power grid by attacking computer-based control systems
• Controlling nuclear weapons of multiple countries
• Stealing financial information of 8 billion people
• Blocking global telephone/cellphone/satellite networks

Solutions Against Attacks

• Analyze the potential impact of major attacks
• Prioritize the systems and networks to protect
• Identify the vulnerabilities of systems and networks that can be used by attackers in the future
• Devise a plan to address these vulnerabilities
• Fix these vulnerabilities
• Monitor infrastructure and intervene as necessary

Possible Controls or Layers

• Organizations to protect themselves can use:
• Technical: Firewalls, proxies, intrusion detection and prevention systems, biometric authentication
• Administrative: Policies and procedures (like password)
• Physical Security: Locks, gates, cameras, guards, fences

Multi-Layer Security

• Makes it difficult for hackers to succeed (cyber-breach)
• Examples:
  • Layer 1: Firewalls to filter external attacks
  • Layer 2: Access Control for databases
  • Layer 3: Encryption of data

Swiss Cheese Model

• Illustrates multiple layers of defense where attacks can be blocked by different security layers

Binary to Decimal

• Details how to convert the binary number 10110011 to the decimal number 179

32 bits IP address to Dotted Decimal Notation

• Example: The 1st Octet 00111111, 2nd Octet 10101011, 3rd Octet 11101010, 4th Octet 10101011 converts to 63.171.234.171 in Dotted Decimal Notation

Linux Operating System

• The lecture introduces the basics of Linux Operating System

Linux

• Many tools available for IS security professionals
• Some for Windows Operating Systems but more for Linux
• Linux, evolved from Unix, is a different and quite powerful OS
• Kali is a specialized Linux distribution
• Portfolio of tools
• A complete operating system offering both Graphical User Interface (GUI) and Command Line Interface (CLI)
• Open source (generally free, but corporate versions that require support are not free)

Kali Linux

• Built on Debian distribution
• Designed for hacking or penetrating target networks and systems
• Used for testing and assessments
• Needs to know:
  • Interface (GUI, but lot with Command Line Interface)
  • Directory and files (e.g. /dev/hda1/file)
  • Commands (e.g. $ls -a)

Vital Directories

• /: root
• /bin: means binary (executable files)
• /boot: files to boot up Kali
• /dev: devices
• /etc: configuration files
• /home: user files
• /lib: library files (shared code)
• /usr: useful folders
• /var: system variables (print, mail, process)

Common Linux Commands

• ls (list)
• pwd (print working directory)
• cd (change directory)
• mkdir (make a directory)
• rmdir (remove directory)
• rm (remove or delete all)
• cp (copy)
• mv (move)

Live CDs/DVDs

• Kali Linux can be saved on a CD or DVD and run the system from there
• No need to install it on a computer
• Fully functional Operating System like if it were on the hard drive
• Used for:
  • Testing
  • Guest account
  • Repairing
  • Resetting passwords
  • Penetration testing

Virtual Machines

• Linux provides IS security professionals with a valuable set of tools as a Virtual Machine (VM)
• Kali is primarily used as a VM
• Linux can be run without installing it on a computer or boot from a CD/DVD
• No fee to pay
• Multiple VMs possible for different things

Things to think about

• If all network attacks are internal, what should be done?
• If all network attacks are external, what should be done?
• If the sources of attack aren't known, what should be done?
• Is it worth investing in Ethical Hacking to test weaknesses in a network/system?
• What role does education play in making a network secure?
• What are the advantages of learning Linux?

Reading Assignment

• O'Reilly Books: Fundamentals of Linux (Oliver Pelz)
  • Chapter 3: The Linux File System
  • Chapter 4: Working with Command Line

Lab 1: Creating and Securing User Accounts

• Register & pay at infoseclearning.com
• Complete Lab 1 before the next lecture
• You have 1 whole week to finish it!