Information Security Attacks PDF

Summary

This document provides an overview of information security attacks, specifically focusing on wireless network-specific attacks. It details various types of attacks like Rogue AP attacks, AP MAC spoofing, and WarDriving, outlining the methodologies used in these attacks.

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Information Security Attacks Module Flow Understand Information Understand Social Engineering Security Attacks Attacks Describe Hacking Methodologies and Frameworks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understand IoT, OT, and Cloud Attacks Understand Applicationlevel and OS-level Attacks Attacks Understand Cryptographic Copyright © by EC L Al Rights Reserved. Reproduction is Strictly Prohibited. | | Understand Wireless Network-specific Attacks To secure wireless networks, a security professional needs to understand the various possible weaknesses of encryption algorithms, which may lure attackers. The wireless network can be at risk to various types of attacks. This section discusses different types of wireless networkspecific attacks. Module 02 Page 319 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Rogue AP Attack A rogue wireless AP placed into an 802.11 network can be used to hijack the connections of legitimate network users When the user turns on All the traffic the user wireless AP will offer to connect with the rogue AP, thus enabling a form of wi the computer, the rogue enters will pass through the i [] " otl User Connecting to Rogue Access Point I My SSID is certifiedhacker, Connect to me o) [~ Attacker Legit Company Wi-Fi Network SSID: certifiedhacker Wi-Fi Channel: 6 Rogue AP Attack APs connect to client NICs by authenticating with the help of SSIDs. Unauthorized (or rogue) APs can allow anyone with an 802.11-equipped device to connect to a corporate network. An unauthorized AP can give an attacker access to the network. With the help of wireless sniffing tools, the following can be determined from APs: authorized MAC addresses, the vendor name, and security configurations. An attacker can then create a list of MAC addresses of authorized APs on the target LAN and crosscheck this list with the list of MAC addresses found by sniffing. Subsequently, an attacker can create a rogue AP and place it near the target corporate network. Attackers use rogue APs placed in an 802.11 network to hijack the connections of legitimate network users. When a user turns on a computer, the rogue AP will offer to connect with the network user’s NIC. The attacker lures the user to connect to the rogue AP by sending the SSID. If the user connects to the rogue AP under the impression that it is a legitimate AP, all the traffic from the user passes through the rogue AP, enabling a form of wireless packet sniffing. The sniffed packets may even contain usernames and passwords. Module 02 Page 320 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. fiormation Se curity Attac - T T wieey Exam 212.g8> User Connecting Ogue Access Point —~ - My SSID is certifiedhacker, Connect to me g \/ 2 (] n / e,.) Company wi.fj Network SSID: certifiedhacier WiFi Channel: 6 Figure 2.55. Ro gue AP attack Module 02 Page 321 Certified Cvbersecurlt y Technician Copyright © by Eppe.... S meR nnsIan Information Securi ty Attacks Exam © V o Device with MAC addr ess: OO-DC-FI-SG-BE-AD CLSE W) Hacker spoofs the MAC address of WL AN client equipment to mas k as an authorize d client © Attacker connec ts to AP as an aut horized client and eavesdrops on sensitive informati on Feee i,. b.4 DProductlor: Partmen \L& Only computers from the production department can Acr.ountlng Department =" Y s A : v - : [ LT. : connect to me lam MAaC 00-0C-F156-98-AD Hadzerspooflng(heMA Caddress......-......................................................................................... Copyright © by EC- © ® V Production Department End [ Device with MACaddros s: 00-0C-F1-56-98.Ap.............. Rese ryes y | - Acmunling Department - -Recept L] ion k).............: CiL Al Rights Reserved. Reproduction is Strictly Prohibit ed Hacker spoofs the MAC address of WLA N client equipment to mas k as an authorize d client Attacker connects to AP as an author ized client and €avesdrops on sensitive inform ation v Only computers from the production Seesrtnnntnneernenns. department can ! connect to me...................................... @! W — lam MAc 00-0C-F1- 56-98-AD. :— Wil \/ L ]1 / LN ") S — P —~—— g Hacker spoofing the MAC s Module 02 Page 322 Figure 2.56: Ap MA C spoofing s Certified Cybersecu rlty Technician Copyright ® by ECAll Rights Re Coun 212-82 Certified Cybersecurity Technician Exam 212-82 Information Security Attacks WarDriving Register with WiGLE (https://wigle.net) and download the map packs of your area to view the plotted APs on a geographical map Connect the antenna or GPS device to the laptop via a USB serial adapter and board a car Install and launch NetStumbler and WIGLE client software, and turn on the GPS device Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not be able to detect Wi-Fi spots) Capture and save the NetStumbler log files, which contain the GPS coordinates of the APs Upload this log file to WiGLE, which will then automatically plot the points onto a map Copyright © by EC-Council. All Rights Reserved. Reproduction Is Strictly Prohibited WarDriving In a wardriving attack, WLANSs are detected either by sending probe requests over a connection or by listening to web beacons. An attacker who discovers a penetration point can launch further attacks on the LAN. Some of the tools that the attacker may use to perform wardriving attacks are KisMAC and NetStumbler. WarDriving can be used to discover Wi-Fi networks with the following procedure. = Register with WIGLE (https://wigle.net) and download map packs of the target area to view the plotted APs on a map. = Connect the laptop to an antenna and a GPS device via a USB serial adapter and board a car. = |nstall and launch NetStumbler and WIGLE client software and turn on the GPS device. = Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not be able to detect Wi-Fi networks). = Capture and save the NetStumbler log files that contain the GPS coordinates of the APs. = Upload this log file to WiGLE, which automatically plots the points on a map. Module 02 Page 323 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.