Network Attacks Overview

Questions and Answers

Which of the following is a type of DoS (Denial of Service) attack where the attacker aims to overwhelm a system with excessive traffic or requests, causing it to become slow, unresponsive, or completely unavailable?

• Man-in-the-Middle (MITM)
• Denial of Service (DoS) (correct)
• Distributed Denial of Service (DDoS)
• Phishing

What type of attack involves intercepting and potentially altering the communication between two parties without their knowledge?

• Man-in-the-Middle (MITM) (correct)
• Distributed Denial of Service (DDoS)
• Denial of Service (DoS)
• Phishing

Which of the following is a deceptive attempt to obtain sensitive information by pretending to be a trustworthy entity in electronic communications, typically through email?

• Phishing (correct)
• Denial of Service (DoS)
• Man-in-the-Middle (MITM)
• Distributed Denial of Service (DDoS)

Which attack involves injecting malicious SQL code into a vulnerable web application's database query, allowing the attacker to manipulate the database and potentially expose sensitive data?

SQL Injection (B)

What type of attack involves injecting malicious scripts (usually JavaScript) into web pages, which are executed in the context of the user's browser, often leading to data theft or website defacement?

Cross-Site Scripting (XSS) (C)

Which of the following attacks involves an attacker stealing a session token (often from cookies or HTTP headers) and impersonating a user?

Session Hijacking (A)

Which attack involves an attacker sending false DNS records to a DNS resolver, causing it to return incorrect IP addresses for domain names, possibly redirecting users to malicious websites?

DNS Spoofing (B)

What type of attack involves gaining higher privileges within the same system or gaining access to the same level of privileges, but on a different account?

Horizontal Privilege Escalation (A), Vertical Privilege Escalation (D)

Which attack occurs when an attacker connects an unauthorized device (such as a rogue access point or USB device) to a network, potentially bypassing security controls like firewalls?

Rogue Device Attacks (A)

Which attack involves an attacker sending fake Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device on the network, allowing them to intercept traffic intended for another device?

ARP Spoofing (B)

Which attack uses the victim's computing resources to mine cryptocurrency without their consent, often facilitated by malicious scripts embedded in websites or malware installed on devices?

Cryptojacking (C)

Which attack relies on manipulating human behavior to gain access to systems, data, or physical locations?

Both A and B (C)

Which social engineering attack involves an attacker creating a false sense of trust by impersonating someone who is authorized to access information?

Pretexting (A)

Which social engineering attack involves an attacker offering something enticing, such as free software or a prize, to get the victim to download malicious software or give away sensitive information?

Baiting (B)

A firewall is an example of a proactive defense against network attacks.

True (A)

Educating users about potential cybersecurity threats, such as phishing and social engineering, is not a crucial part of network security.

False (B)

Intrusion detection systems (IDS) are proactive defenses that solely prevent attacks.

False (B)

Rate limiting is a technique used to limit the amount of traffic a user can send to a server within a certain time frame.

True (A)

Anycast routing is a method used to distribute network traffic to multiple data centers, helping to disperse the attack load.

True (A)

Using SSL/TLS (HTTPS) to encrypt data in transit can help prevent interception or tampering by attackers.

True (A)

Virtual Private Networks (VPNs) can be used to secure communication between endpoints, especially on public or unsecured networks.

True (A)

Public Key Infrastructure (PKI) involves using digital certificates to authenticate users and systems, ensuring that communication occurs with legitimate parties.

True (A)

HTTP Strict Transport Security (HSTS) prevents attackers from downgrading secure HTTPS connections to insecure HTTP connections.

True (A)

Email filtering is a passive countermeasure used to identify and block suspicious emails, effectively reducing the risk of phishing attacks.

True (A)

Multi-factor authentication (MFA) is an effective security measure that requires multiple credentials for access, enhancing security even if one credential is compromised.

True (A)

User education programs that teach users to recognize and avoid phishing attacks are unnecessary and do not contribute to network security.

False (B)

Anti-phishing software can only identify and block malicious websites, not email attachments.

False (B)

Strong password policies that enforce the use of complex passwords, including a mix of characters and a combination of upper and lowercase letters, numbers, and symbols, can help mitigate password attacks.

True (A)

Rate limiting and account lockout mechanisms are essential to prevent brute force attacks by limiting the number of login attempts within a specified time frame.

True (A)

Password hashing, using secure algorithms like bcrypt, PBKDF2, or Argon2, ensures that even if the database containing passwords is compromised, the passwords are not easily recovered.

True (A)

Password managers are not recommended as they can store multiple passwords in a single, easily accessible location.

False (B)

IP Spoofing involves attackers pretending to be someone else by falsifying information like their IP address, MAC address, or email header.

True (A)

Implementing Ingress and Egress filtering at the network perimeter can help mitigate IP Spoofing by blocking packets with invalid or spoofed IP addresses.

True (A)

MAC Address Filtering can ensure that only trusted devices are allowed to connect to a wireless network, reducing the risk of rogue device attacks.

True (A)

Email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) are primarily used to prevent email spoofing attacks.

True (A)

Secure email gateways typically use anti-spoofing and anti-spam filters to detect and block spoofed emails.

True (A)

SQL Injection attacks can be mitigated by implementing input validation and sanitization, always sanitizing user inputs to ensure they contain no executable SQL code.

True (A)

Parameterized queries are an effective countermeasure that helps prevent SQL Injection attacks by separating user input from the SQL code.

True (A)

Web application firewalls (WAFs) can be used to monitor network traffic for malicious SQL injection attempts and block them.

True (A)

The principle of least privilege (PoLP) ensures that the database account used by an application has only the minimum required permissions, reducing the potential damage caused by a successful SQL injection attack.

True (A)

Cross-site scripting (XSS) attacks can be mitigated by implementing input sanitization and output encoding, encoding potentially harmful scripts into harmless data before they are displayed to the user.

True (A)

Content Security Policy (CSP) helps mitigate XSS attacks by restricting the types of content, such as scripts, that can be executed on a webpage.

True (A)

HttpOnly cookies restrict browser JavaScript from accessing session cookies, making it harder for attackers to exploit them in XSS attacks.

True (A)

The X-XSS-Protection header is a browser-based security feature that can help block reflected XSS attacks.

True (A)

Session hijacking attacks can be mitigated by implementing secure session management techniques, such as regenerating session IDs after login and using secure session tokens.

True (A)

Using SSL/TLS encryption to protect sensitive data, including session tokens, while in transit can help prevent session hijacking attacks.

True (A)

Implementing session timeouts can automatically log users out after a certain period of inactivity, reducing the risk of session hijacking if session tokens are compromised.

True (A)

Using Multi-factor Authentication (MFA) can help protect against session hijacking even if session tokens are compromised.

True (A)

DNS Spoofing (Cache Poisoning) is primarily used to redirect users to malicious websites.

True (A)

DNSSEC (DNS Security Extensions) and DNS Filtering are both effective countermeasures that can help mitigate DNS Spoofing attacks.

True (A)

Regularly flushing DNS server caches can remove potentially poisoned DNS records, helping prevent future DNS Spoofing attacks.

True (A)

Using trusted and secure DNS providers or configuring DNS resolvers to only accept queries from trusted sources can help mitigate DNS Spoofing attacks.

True (A)

Privilege escalation attacks can be mitigated by implementing strong password policies.

False (B)

Regularly applying patches and updates to all systems can help mitigate privilege escalation attacks by fixing known vulnerabilities.

True (A)

The principle of least privilege (PoLP) helps prevent privilege escalation attacks by granting users only the minimum privileges required to perform their job functions.

True (A)

Role-based access control (RBAC) is a security measure that helps prevent privilege escalation attacks by managing access based on user roles, ensuring that users have only the required permissions.

True (A)

Performing regular audits of user accounts, permissions, and access logs can help detect abnormal privilege escalation attempts.

True (A)

Network Access Control (NAC) solutions can be used to enforce security policies and ensure only authorized devices are allowed to connect to the network, helping to mitigate rogue device attacks.

True (A)

802.1X authentication for network access control requires devices to authenticate before connecting to the network, preventing unauthorized devices from accessing the network.

True (A)

Wireless Intrusion Prevention Systems (WIPS) can detect and block rogue wireless access points and unauthorized devices, mitigating rogue device attacks on wireless networks.

True (A)

Endpoint Detection and Response (EDR) solutions can be used to monitor endpoint devices for signs of rogue activity or unauthorized device connections, mitigating the risk of rogue device attacks.

True (A)

Cryptojacking occurs when an attacker uses a victim's system resources to mine cryptocurrency without their consent, potentially impacting system performance and security.

True (A)

Using ad blockers and anti-malware tools can help mitigate Cryptojacking by detecting and blocking malicious scripts.

True (A)

Browser extensions can be used to help mitigate Cryptojacking by blocking cryptojacking scripts.

True (A)

Keeping all software, browsers, and plugins up-to-date can help mitigate Cryptojacking by reducing the risk of exploiting vulnerabilities for cryptojacking.

True (A)

Regularly monitoring CPU/GPU usage and network activity can help detect unusual mining activities, potentially identifying and mitigating instances of Cryptojacking.

True (A)

Effective network security relies solely on implementing proactive defenses, such as monitoring and detection, as opposed to preventive measures.

False (B)

Implementing a multi-layered approach, incorporating both preventive measures and proactive defenses, can significantly reduce the risk of network attacks.

True (A)

Flashcards

Denial-of-Service (DoS) attack

An attack that overwhelms a system with excessive traffic or requests, making it slow, unresponsive, or unavailable.

Distributed Denial-of-Service (DDoS) attack

A more sophisticated DoS attack from multiple sources, making it harder to block.

Man-in-the-Middle (MITM) attack

An attack where an attacker intercepts and potentially alters communication between two parties.

Eavesdropping (MITM)

Monitoring transmitted data between two parties in a MITM attack.

Session Hijacking (MITM)

Stealing a session token to impersonate a user in a MITM attack.

SSL Stripping (MITM)

Downgrading a secure HTTPS connection to an unencrypted HTTP connection in a MITM attack.

Phishing

A deceptive attempt to obtain sensitive information by pretending to be a trustworthy entity.

Spear Phishing

A targeted phishing attack customized for a specific individual or organization.

Brute-Force Attack

Trying every possible combination of characters to guess a password.

Dictionary Attack

Using a pre-compiled list of likely passwords (like common words) to guess the correct one.

Credential Stuffing

Using stolen usernames and passwords from previous breaches to attempt login on other websites.

Keylogging

Malicious software recording keystrokes to capture sensitive information.

IP Spoofing

Sending packets from a fake IP address, making it appear legitimate.

MAC Spoofing

Changing a MAC address to appear as a different device.

Study Notes

Network Attacks

• Attackers use various methods to gain unauthorized access, disrupt operations, or steal data in networks
• These methods range from simple reconnaissance to sophisticated exploits
• Attacks target network integrity, confidentiality, and availability, including devices, communication protocols, servers, and data

Methods of Attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

• DoS: Overwhelms a system, server, or network with traffic
• Example: Flooding a website with HTTP requests or ping packets (ICMP flood)
• DDoS: More advanced DoS, attacks come from multiple sources, making it harder to block
• Example: Botnets launching simultaneous attacks from thousands of compromised machines

Man-in-the-Middle (MITM) Attacks

• Attacker intercepts and potentially alters communication between two parties without their knowledge
• Example: Intercepting messages between user and website to read or modify transmitted data
• Common MITM attacks:
  • Eavesdropping: Monitoring data between parties
  • Session hijacking: Stealing session token
  • SSL stripping: Downgrading secure HTTPS to unencrypted HTTP

Phishing and Spear Phishing

• Phishing: Deceptive attempts to obtain sensitive information (username, password, credit card) by pretending to be trustworthy (usually email)
• Spear phishing: More targeted phishing, customized for specific individuals or organizations, often uses personal information
• Example: Email posing as bank asking recipient to click link and provide details

Password Attacks

• Attackers attempt to crack or bypass passwords
• Brute-force attack: Trying every possible combination of characters until correct
• Dictionary attack: Using precompiled list of likely passwords
• Credential stuffing: Using stolen usernames/passwords from previous breaches

Spoofing Attacks

• IP spoofing: Attacker sends packets from fake IP address
• MAC spoofing: Attacker changes MAC address to impersonate device
• Email spoofing: Attacker sends emails appearing from trusted source

SQL Injection

• Attacker injects malicious SQL code to manipulate database (view, modify, or delete data)
• Example: Submitting malicious SQL statement through input field

Cross-Site Scripting (XSS) Attacks

• Attacker injects malicious scripts into webpages viewed by users
• Stored XSS: Script stored on server, executed when webpage loads
• Reflected XSS: Script reflected off server in response to request

Session Fixation

• Attacker forces a user's session ID to a known value to hijack session
• Example: Attacker sends link with session ID in URL

DNS Spoofing (Cache Poisoning)

• Attacker sends false DNS records to return incorrect IP addresses for domain names
• Example: User types in legitimate website address, but redirected to malicious site

Privilege Escalation

• Attacker gains higher-level access to system than authorized

Evil Twin Attacks

• Attacker sets up fake wireless access point with same SSID as legitimate network
• Attacker intercepts data, injects malware, or steals credentials

Rogue Device Attacks

• Attacker connects unauthorized device to network

ARP Spoofing (ARP Poisoning)

• Attacker sends fake ARP messages to associate MAC address with target IP address
• Allows attacker to intercept traffic

Cryptojacking

• Attackers use victim's computing resources to mine cryptocurrency

Social Engineering Attacks

• Exploits human behavior to gain access to systems, data, or physical locations
• Pretexting: Creating false sense of trust by impersonating authorized personnel
• Baiting: Offering enticing item to get victim to download malicious software or disclose information

Countermeasures

• Countermeasures address the methods to protect confidentiality, integrity, and availability
• DoS/DDoS: Firewalls, Intrusion Prevention systems, DDoS mitigation services, rate limiting, traffic scrubbing, and Anycast Routing
• MITM: Encryption (SSL/TLS), VPNs, PKI, HTTP Strict Transport Security (HSTS)
• Phishing: Email filtering, Multi-factor authentication, user education, anti-phishing software
• Password attacks: Strong password policies, rate limiting, account lockout mechanisms, secure hashing algorithms, password managers
• Spoofing attacks: IP spoofing mitigation, MAC filtering, email authentication
• SQL injection: Input validation/sanitization, prepared statements, Web application firewalls (WAF)
• XSS: Input sanitization, Content Security Policy (CSP), HttpOnly cookies, X-XSS-Protection
• Session hijacking: Secure session management, session timeouts, SSL/TLS encryption
• DNS spoofing: DNSSEC, DNS filtering, frequent DNS cache flushing, trusted DNS servers
• Privilege escalation: Patch Management, Least Privilege Principle, role-based access control (RBAC), regular audits
• Rogue device attacks: Network Access Control (NAC), 802.1X authentication, Wireless Intrusion Prevention System (WIPS)
• Cryptojacking: Ad blockers/anti-malware, browser extensions, software updates, monitor system resources