Network Security Threats & Attacks PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Summary
This document provides an overview of various network security threats and attacks, including denial-of-service (DoS), VLAN hopping, MAC flooding, ARP poisoning, DNS poisoning, rogue DHCP, evil twin attacks, on-path attacks, and phishing. It explains the nature of each attack and how it impacts network security.
Full Transcript
4.2 Summarize various types of attacks and their impact to the network Cybersecurity is a critical concern in today's digital world. This section provides an overview of common network security threats, including denial-of-service (DoS) attacks, VLAN hopping, MAC flooding, and more. Understanding th...
4.2 Summarize various types of attacks and their impact to the network Cybersecurity is a critical concern in today's digital world. This section provides an overview of common network security threats, including denial-of-service (DoS) attacks, VLAN hopping, MAC flooding, and more. Understanding these threats is the first step to protecting your network and data. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks 1. DoS attacks target a specific system or network, overwhelming it with traffic or requests to disrupt its normal operation. 2. DDoS attacks involve multiple compromised systems attacking a target, making it much more difficult to defend against. 3. These attacks can cause network congestion, server crashes, and denial of access to legitimate users, leading to significant business disruption. VLAN Hopping VLAN hopping is a network attack where a malicious actor gains unauthorized access to a separate VLAN by exploiting design flaws or misconfigurations in the network switch. This can allow them to access restricted resources or launch further attacks. The attacker may use techniques like double- tagging or switch spoofing to bypass VLAN isolation and traverse network segments they should not have access to. MAC Flooding MAC flooding is a type of network security attack that aims to overwhelm a switch's MAC address table. By flooding the switch with a large number of spoofed MAC addresses, the attacker can cause the switch to enter a fail-open state, effectively turning it into a hub and exposing all connected devices to eavesdropping and man-in-the-middle attacks. This vulnerability arises from the limited size of the MAC address table in most switches, which can be exhausted by a determined attacker. Once the table is full, the switch will start broadcasting all traffic, compromising the confidentiality and integrity of the network. ARP Poisoning/Spoofing ARP poisoning, also known as ARP spoofing, is a network attack where an attacker sends fake ARP messages to redirect traffic through their device. This allows them to intercept, modify, or even block network communications. The attacker exploits the trust inherent in the ARP protocol to impersonate network devices and position themselves as a "man-in-the-middle" on the network. DNS Poisoning and Spoofing DNS poisoning and spoofing are insidious network attacks that manipulate the Domain Name System (DNS) to redirect users to malicious websites. Attackers can hijack DNS servers or ARP spoof to intercept and alter DNS responses, leading unsuspecting users to phishing sites or malware-infested domains. These attacks undermine the foundation of the internet by breaking the trusted relationship between domain names and their corresponding IP addresses. Protecting against DNS poisoning and spoofing requires robust DNS security practices, including DNSSEC, DNS response validation, and strict access controls on DNS servers. Rogue DHCP Server and Access Point Rogue DHCP servers and access points are unauthorized network devices set up by attackers to intercept and manipulate network traffic. They can assign incorrect IP addresses, gateway, and DNS settings, enabling further attacks like man-in-the-middle and data theft. Rogue APs can also be used to create "evil twin" networks, which appear to be legitimate but are controlled by the attacker, allowing them to monitor and hijack user sessions. Evil Twin Attack An evil twin attack involves creating a rogue wireless access point (AP) that mimics a legitimate one, tricking users into connecting to the malicious network. Attackers can then intercept traffic, steal credentials, and launch further attacks on the network. Evil twin attacks rely on the user's inability to distinguish the fake AP from the real one, often exploiting weak security practices or user carelessness. Securing wireless networks and educating users are key to preventing these insidious attacks. On-path Attack An on-path attack, also known as a man-in- the-middle (MITM) attack, occurs when an attacker intercepts and potentially modifies communication between two parties without their knowledge. The attacker positions themselves strategically between the victim and the intended communication target. This allows the attacker to eavesdrop, tamper with, or even impersonate the parties involved. On-path attacks can target a wide range of protocols, including HTTP, HTTPS, SSH, and more, compromising the confidentiality, integrity, and authenticity of the communication. Phishing Phishing is a social engineering attack where malicious actors use deceptive emails, websites, or messages to trick victims into revealing sensitive information or performing harmful actions. Phishing attacks often mimic legitimate sources like banks, companies, or government agencies to lure victims into providing login credentials, financial information, or installing malware. Dumpster Diving Dumpster diving, the practice of rummaging through discarded materials, can pose a serious security risk. Sensitive documents, login credentials, and other valuable information may be found in the trash, exposing organizations to potential data breaches and identity theft. Attackers often target dumpsters near office buildings, hospitals, and other institutions to gather intelligence that can be used in more sophisticated cyberattacks. Proper disposal of sensitive documents and devices is crucial to mitigate this threat. Shoulder Surfing Shoulder surfing is a method of obtaining sensitive information, such as passwords or financial data, by discreetly observing a person's actions. This type of attack often involves watching over someone's shoulder as they enter information on a device or computer. Shoulder surfing can be especially dangerous in public places, where attackers can easily blend in and observe unsuspecting victims. This threat highlights the importance of being aware of your surroundings and protecting your sensitive information from prying eyes. Tailgating Tailgating, also known as piggybacking, is a physical security threat where an unauthorized person follows an authorized person through a secured door or entrance. This allows the tailgater to gain access to restricted areas without proper credentials. Tailgating exploits the natural tendency of people to hold the door open for others, or to allow someone to "tailgate" them through a secure access point. This can occur in office buildings, data centers, and other secure facilities. Malware Overview Malware, short for malicious software, is any program or code designed to cause harm to a computer system or network. This can include viruses, worms, Trojans, spyware, and ransomware, among other types of malicious software. Malware can be used to steal sensitive data, disrupt system operations, hijack computing resources, and gain unauthorized access to restricted networks. Understanding the different forms of malware and their potential impacts is crucial for effective cybersecurity measures. Impact of Network Security Threats Financial Losses Reputational Damage Successful cyber attacks can lead to significant Network security breaches can severely harm financial losses through data breaches, stolen an organization's reputation and erode funds, and productivity downtime. customer trust, making it difficult to recover. Regulatory Penalties Operational Disruptions Failing to comply with data protection Successful attacks like DDoS can cripple an regulations can result in hefty fines and legal organization's ability to function, leading to consequences for the affected organization. service outages and lost productivity. Preventive Measures Against DoS/DDoS 1 Bandwidth 2 Traffic Monitoring 3 Firewalls and IPS Provisioning Continuously monitor Deploy robust firewalls Ensure sufficient network network traffic patterns to and intrusion prevention bandwidth to handle detect anomalies and systems to filter and legitimate traffic and potential DoS/DDoS mitigate malicious traffic. withstand potential activities. attacks. Securing VLANs and preventing MAC flooding Implement VLAN security Mitigate MAC flooding Properly configure VLAN IDs and access control lists Enable port security to limit the number of MAC (ACLs) to restrict unauthorized access between addresses allowed on a port. Use DHCP snooping VLANs. Use private VLANs to isolate traffic within a and dynamic ARP inspection to monitor and VLAN. prevent ARP spoofing. Prevent VLAN hopping Monitor and audit Disable DTP (Dynamic Trunking Protocol) on access Regularly monitor switch port activities, MAC ports and enable trunk port security. Ensure VLAN address tables, and VLAN configurations. Audit the IDs are unique across the network. network for any unauthorized changes or suspicious activities. Protecting against ARP and DNS Poisoning/Spoofing ARP Poisoning Protective Measures ARP poisoning is a network attack where an 1. Implement static ARP/DNS entries attacker sends fake ARP messages to redirect 2. Use DHCP snooping and IP source guard network traffic through their device. This allows 3. Enable ARP inspection and IPSG on switches them to intercept, modify, or even block communication. 4. Deploy DNSSEC to cryptographically sign DNS responses DNS Poisoning Network Monitoring DNS poisoning tricks clients into resolving domain names to incorrect IP addresses, often to attacker- Continuously monitor network traffic and behavior controlled servers. This can enable man-in-the- to detect anomalies that could indicate an ARP or middle attacks or direct users to malicious DNS poisoning attack in progress. websites. Mitigating Rogue DHCP/AP and Evil Twin Attacks Rogue DHCP Servers Evil Twin Attacks Rogue DHCP servers can maliciously assign Evil twin attacks spoof a legitimate wireless network to incorrect network configurations, like a trick users into connecting to a malicious network under malicious DNS server, enabling further attacks. the attacker's control. Educate users on verifying SSID Implement DHCP snooping to identify and and certificate names, and implement wireless block unapproved DHCP servers on the authentication and encryption to prevent unauthorized network. access. Rogue Access Points Network Monitoring Attackers can set up unauthorized wireless Continuous monitoring of the network for suspicious access points, known as "rogue APs", to activities is crucial to detect and mitigate rogue DHCP/AP eavesdrop on network traffic. Regularly scan and evil twin attacks. Use network access control, for and disable unknown APs, and enable intrusion detection, and traffic analysis tools to identify wireless intrusion detection to monitor for and respond to threats. rogue devices. Conclusion and Key Takeaways In summary, network security threats come in many forms, from denial of service attacks to social engineering tactics. Understanding these threats and implementing proactive measures is crucial to protect the integrity and reliability of your network. Practice Exam Questions 1. What is a common network attack 2. Which attack tricks clients to resolve that redirects traffic through a domain names to incorrect IP fraudulent device? addresses? A) Denial of Service (DoS) A) On-path Attack B) VLAN Hopping B) Phishing C) MAC Flooding C) DNS Poisoning D) ARP Poisoning D) Evil Twin Attack Correct answer: D) ARP Poisoning. This attack Correct answer: C) DNS Poisoning. This attack redirects traffic through a fraudulent device. tricks clients to resolve domain names to incorrect IP addresses. Practice Exam Questions 3. What is the purpose 4. What can be deployed 5. How can evil twin of a rogue DHCP to cryptographically attacks be prevented? server? sign DNS responses? A) Implementing static ARP/DNS A) To block network traffic A) IP source guard entries B) To eavesdrop on network B) DHCP snooping B) Regularly scanning for and traffic C) ARP inspection disable unknown APs C) To assign incorrect network D) DNSSEC C) Enabling wireless intrusion configurations detection Correct answer: D) DNSSEC. D) To encrypt data D) Deploying DNSSEC DNSSEC can be deployed to transmissions cryptographically sign DNS Correct answer: B) Regularly Correct answer: C) To assign responses. scanning for and disable incorrect network unknown APs is a preventive configurations. Rogue DHCP measure against evil twin servers can maliciously assign attacks. incorrect network configurations. Further resources https://examsdigest.com/ https://guidesdigest.com/ https://labsdigest.com/ https://openpassai.com/
