024 Network and Service Security - 024.2 Network and Internet Security (weight: 3)

Questions and Answers

What is the primary function of a botnet?

• To execute DDoS attacks and other malicious activities (correct)
• To establish secure connections between devices
• To enhance packet filtering capabilities
• To protect networks from intrusion attempts

How do attackers typically gain control over computers to form a botnet?

• By employing robust firewalls
• By exploiting software vulnerabilities or using malware (correct)
• Through user consent in software installations
• Through direct physical access

What role does a 'Command-Server' play in a botnet?

• It prevents unauthorized access to the botnet.
• It secures the communication of the botnet.
• It monitors the performance of all devices in the network.
• It allows the attacker to send instructions to the compromised systems. (correct)

What is a function of packet filtering?

To define which packets can pass through a router based on IP addresses and ports (D)

Which statement accurately describes the nature of the IPv4 Internet regarding system vulnerabilities?

It is regularly scanned for computers with specific services and vulnerabilities. (A)

What is a primary target of attacks on local networks?

To access and view transmitted data (C)

What does 'Link Layer Access' refer to?

Access to the physical transmission medium of a network (B)

What is required to access a wired network?

Physical access to a network port (B)

Why should only active network ports be enabled in a wired network?

To reduce potential security vulnerabilities (D)

What makes WLAN networks distinct from wired networks?

Data is transmitted via radio signals (B)

What is a necessary precaution when connecting devices to unknown networks?

Avoid connecting indiscriminately (A)

What should be done to protect data transmission in WLANs?

Encrypt data during transmission (B)

How does access to the link layer benefit an attacker?

Enables them to communicate and intercept data (C)

What is the primary vulnerability of WEP encryption in wireless networks?

It is outdated and easily compromised. (A)

Which of the following encryption standards is currently the most secure for WLAN networks?

WPA2 (B)

What significant risk is associated with public WLANs?

They use unencrypted data transmission. (C)

In a captive portal setup, what typically occurs after a device connects to the network?

A redirection to a user agreement page. (D)

How can an attacker perform a Man in the Middle (MitM) attack?

By impersonating a legitimate network. (C)

How do Denial of Service (DoS) attacks primarily affect a target?

By overloading it with requests. (D)

What distinguishes a Distributed Denial of Service (DDoS) attack from a regular DoS attack?

DDoS uses multiple compromised systems to launch the attack. (C)

What happens to data when it is transmitted over an unencrypted WLAN?

It can be easily intercepted. (B)

Why should users be cautious about connecting to unknown networks?

They can attempt to access user data. (D)

What can an attacker do if they gain access to a network's infrastructure?

They can redirect data traffic. (C)

What should users check before connecting to a public Wi-Fi network?

The network's encryption standards. (D)

What is a common method for executing a Man in the Middle attack in a Wi-Fi context?

Creating a rogue Wi-Fi network with a familiar SSID. (B)

In a Denial of Service attack, what is one potential outcome for the targeted service?

The service may crash and become unavailable. (D)

Where can data interception occur when transmitting information?

Anywhere along the transmission path. (D)

Study Notes

Local Network Attacks

• Networks are central to data transmission and are vulnerable to various attacks aimed primarily at data interception.
• Other goals include influencing communication and exploiting network access for unauthorized activities against third parties.
• Access to network transmission media is essential for data snooping, known as Link Layer Access; accessibility varies by medium and network configuration.

Wired Network Security

• Physical access to network ports is required to connect to wired networks, often widely distributed in buildings.
• Only necessary network ports should be activated, and configurations may require authentication for usage.
• Once a device connects to a network, it can be addressed by other devices; caution is advised when connecting to unknown networks.

WLAN Security

• WLANs transmit data wirelessly, making signals susceptible to interception by anyone within range.
• Cleartext transmissions should be treated as public, emphasizing the need for encryption of WLAN data.

WLAN Encryption Standards

• WEP (Wired Equivalent Privacy): An outdated, insecure standard that is easily attacked.
• WPA (Wi-Fi Protected Access): A successor to WEP that is currently considered secure.
• WPA2: The modern standard utilizing advanced cryptographic measures, supporting both shared and individual access modes.

Public WLAN Risks

• Public WLANs, often found in cafes and public transport, may lack encryption, leaving data exposed during transmission.
• Access typically redirects users to a "Captive Portal," where agreement to terms is required for access.
• Common passwords for such networks can facilitate attacks, as multiple users share the same access credentials.

Risks of Connecting to Unknown Networks

• Connecting to an unknown network may enable other participants to establish connections with the device and access hosted services.
• Attackers can mimic existing networks (ex: restaurants) to trick users into connecting, utilizing common passwords to gain access.

Internet Attacks

• Data interception can happen at various points in the transmission process, including routers, switches, and access points.
• Attacks like Man in the Middle (MitM) can occur when an attacker captures and possibly alters traffic between two parties.

Man in the Middle Attacks (MitM)

• In MitM scenarios, attackers can intercept unencrypted communications, capturing sensitive information like login credentials.
• Multiple methods exist for MitM attacks, including physical network access, eavesdropping on wireless traffic, or controlling network infrastructure.

Denial of Service Attacks (DoS)

• DoS attacks aim to disrupt the service of the targeted system, potentially through causing crashes or manipulating data.
• Disruption methods include severing access to networks or databases, leading to usability issues.

Distributed Denial of Service Attacks (DDoS)

• DDoS attacks utilize multiple systems to overwhelm a target with a flood of requests, seeking to exhaust network capacity.
• Such attacks typically involve thousands of compromised machines working collectively.

Botnets

• Botnets consist of numerous compromised computers under a single control entity, often used for executing DDoS attacks.
• Computers are infected via malware or by exploiting vulnerabilities, connecting to a command server for instructions.
• Besides DDoS attacks, botnets can facilitate spam distribution, data exchange, and as intermediaries for further attacks.

Packet Filtering

• Internet-connected systems are continuously targeted for vulnerabilities, with automated scans for weaknesses in services advertised via DNS.
• Packet filters use IP addresses and ports to manage the flow of data packets, allowing or rejecting traffic on routers, helping to block illegitimate access before it reaches the network.