1.4 Network Attacks

Question 1

Define Evil Twin attack (2 methods)

Answer 1

1. Wireless attack where a malicious access point placed near a valid WiFi network and disguised to trick users into connecting to it, instead of the valid WiFi network

OR

2. Malicious access point’s broadcast overpowers the valid access points so users connect to it instead

Question 2

How to protect against Evil Twin attacks

Answer 2

Encrypt communications, such as using a VPN connection when on WiFi networks

Question 3

Define Rouge Access Point attack

Answer 3

1. Installation of a wireless access point on the network that is not authorized
2. Can be done for malicious intent, or non-malicious intent, such as by an employee

Question 4

Define Bluesnarfing (2)

Answer 4

1. Connecting via Bluetooth to a device to access data on a mobile device, such as contact lists, emails, calendars, and other data on it
2. Vulnerability is patched in newer versions of Bluetooth

Question 5

Define Bluejacking

Answer 5

Sending unsolicited messages to a mobile device via Bluetooth

Question 6

Define Wireless Disassociation attack

Answer 6

Denial of Service attack capitalizing on older 802.11 versions taking advantage of unencrypted management frames to forcibly disconnect other clients from the access point

Question 7

Define Wireless Jamming attack

Answer 7

A Denial of Service attack where the attacker creates additional noise over a WiFi channel to interrupt connectivity

Question 8

How to detect a jamming attack

Answer 8

Fox-hunt, using a directional antenna to find the source of interference and eliminate it

Question 9

Define RFID (2 types)

Answer 9

1. Passive - RFID chip is not powered
2. Active - RFID chip is powered by a battery, some can be re-written

Question 10

RFID & NFC Vulnerabilities

Answer 10

1. Intercepting wireless data - data transmissions may or may not be encrypted
2. Jamming - Denial of Service

Question 11

Define Initialization Vector (IV)

Answer 11

A random value added to an encryption key when encrypting data to strengthen the encryption against being broken

Question 12

IV Vulnerability and WEP/WPA, aka IV Attack (2)

Answer 12

1. WEP & WPA use a 24-bit IV allowing the encryption to be easily broken due to the occurrence of repeated values
2. WPA2 & 3 use a 48-bit IV making it very difficult to crack due to it not being repeated

Question 13

Define On-Path-Attack (previously known as man-in-the-middle or man-in-the-browser)

Answer 13

Interception and relay of communications without being detected by end devices

Question 14

2 Examples of On-Path-Attacks

Answer 14

1. ARP Poisoning - requires on-network access by a device that intercepts communications during transmission over the network
2. On-Path browser attack uses malware to intercept communications sent from a web browser prior to encryption

Question 15

Define ARP Poisoning

Answer 15

1. A malicious on-network device redirects network communications through it by poisoning the ARP cache of 2 different devices, such as a router and workstation computer, to impersonate those devices
2. Takes advantage of ARP’s lack of security

Question 16

Define MAC Flooding

Answer 16

Flooding a switch with spoofed MAC addresses to fill up its MAC address table causing it to function as a hub and broadcast all traffic through every port

Question 17

How to prevent MAC Flooding attack

Answer 17

Most switches have configuration options to prevent MAC Flooding

Question 18

Define MAC Address Cloning/Spoofing

Answer 18

Device can impersonate another device by altering its MAC Address to intercept network communications

Question 19

Define 3 methods to execute a DNS Poisoning Attack

Answer 19

1. Modify “hosts” file on local computer to redirect traffic to a malicious site
2. On-path attack to intercept DNS queries and redirect traffic to a malicious site
3. Modify the DNS Server records to redirect traffic to a malicious site

Question 20

Define Domain Hijacking

Answer 20

Cracking password to gain access to modifying DNS records

Question 21

Define URL Hijacking

Answer 21

Creating a URL that closely resembles a valid URL to trick users into visiting a malicious site, often due to common typos

Question 22

Define Domain Reputation attack

Answer 22

If malware infects an email server or web server, the domain may get blacklisted as a source or spam or malicious web site

Question 23

Define Distributed Denial of Service (DDoS) attack

Answer 23

An attack where many devices (botnet) are used to simultaneously attack a system to affect its availability

Question 24

What are the 3 primary areas vulnerable to denial of service attacks?

Answer 24

1. Network
2. Applications
3. Operational Technology

Question 25

3 Examples of Operational Technology vulnerable to denial of service attacks

Answer 25

1. Traffic lights 2. Power grid 3. Manufacturing plants

Question 26

2 Examples of Applications vulnerable to denial of service attacks

Answer 26

1. Web-based applications 2. Cloud-based services

Question 27

2 Examples of Network vulnerabilities to denial of service attacks

Answer 27

1. Switches 2. DNS

Question 28

Define scripting attack and what it uses

Answer 28

Command-line utilities in OS provide an entry point for launching malicious attacks, i.e. PowerShell, Python, Linux shell scripts, macros, VBA