Network Security 4.2

A _______ attack occurs when a single source overloads a system, making it unavailable to legitimate users. This can be caused by excessive traffic, exploiting vulnerabilities, or even accidental misconfigurations.

A: Imagine a single person blocking the entrance to a store—no one else can get in until that person moves.

Denial of Service (DoS)

A _______attack uses multiple sources, often a botnet of compromised devices, to flood a target system with traffic. This overwhelms the system and causes downtime, even if the attacker has few resources. Amplification techniques (e.g., DNS or NTP) can make small attacks much larger.

A: Imagine thousands of people blocking the entrance to a store at the same time—there’s no way anyone can get in, no matter how big the store is.

Distributed Denial of Service (DDoS)

It is an attack where a device on one VLAN gains access to another VLAN it should not be able to communicate with.
VLANs are meant to keep networks separated, but misconfigurations can allow attackers to “jump” between them without a router.

VLAN hopping

It is an attack where an attacker overwhelms a switch by sending a large number of fake Media Access Control addresses. This fills the switch’s MAC address table and causes the switch to send traffic to all ports instead of just the intended destination.

A: It’s like giving a mailroom thousands of fake addresses. When the mailroom runs out of space, it delivers every letter to everyone.

MAC Flooding

Is an attack where false Address Resolution Protocol (ARP) messages are sent to a network to associate the attacker’s Media Access Control (MAC) address with the Internet Protocol (IP) address of another device.
This allows the attacker to intercept, modify, or block network traffic.

A: Someone lies about their house address so all your mail gets delivered to them first.

ARP Poisoning

Is the act of pretending to be another device on the network by sending fake Address Resolution Protocol (ARP) replies.
The attacker impersonates a trusted device, often the default gateway, to receive network traffic meant for someone else.

A: Someone pretends to be the security guard so everyone hands them their keys.

ARP Spoofing

Occurs when false Domain Name System (DNS) records are inserted into a DNS cache.
This causes users to be redirected to malicious Internet Protocol addresses even when they enter a legitimate website name.

A: A phone book is secretly altered so a real business name points to a scammer’s phone number.

DNS Poisoning

Is when an attacker sends fake Domain Name System (DNS) responses to a client before the real DNS server replies.
The victim receives a false Internet Protocol address and is redirected to a malicious website.

A: Someone answers your question faster than the real expert — but gives you the wrong answer on purpose.

DNS Spoofing

A rogue _______ server is an unauthorized device that hands out Internet Protocol addresses and network settings.
Because DHCP has no built-in security, any device can respond to DHCP requests, even if it is malicious.

This can cause duplicate or invalid Internet Protocol addresses and break network connectivity.

DHCP

A rogue _______ is an unauthorized wireless device connected to a wired network.
It may be installed accidentally by employees or intentionally by attackers.

Rogue _______ bypass security controls and allow unauthorized access to the network.

Access Point (AP)

An _______ is a malicious wireless access point designed to look identical to a legitimate one.
It copies the Service Set Identifier (wireless network name) and security settings to trick users into connecting.

Once connected, the attacker can monitor or manipulate traffic.

Evil Twin

An _______ occurs when an attacker secretly positions themselves between two communicating devices.
They can view, intercept, or modify data without either side knowing.

This attack is commonly enabled by evil twins, Address Resolution Protocol poisoning, or unsecured networks.

On-Path Attack

Is when an attacker pretends to be a trusted sender to trick you into giving personal information like passwords or emails. Often includes fake emails, messages or suspicious links

Phishing

Happens when someone watches your screen or keyboard to steal sensitive information.

A: Someone peeks over your shoulder while you enter your PIN at an ATM.

Shoulder Surfing

Is when an unauthorized person follows an authorized person into a secure building without permission.

Tailgating

When attackers search trash for sensitive or useful information.

Dumpster Diving

Is any software designed to harm a computer, steal data, spy on users, or disrupt systems.

Malware

_______ is malware that needs human action (like clicking a file) to spread to other systems.

A: You hand someone a cold by shaking hands.

Virus

_______ malware encrypts your data and demands payment to unlock it. Often uses crypto.

A: Someone locks your house and sells you the key.

Ransomware

A _______ malware disguises itself as legitimate software while secretly installing malware. It is a disguised threat.

A: A gift box hiding something dangerous inside.

Trojan Horse

_______ hides deep inside the operating system to avoid detection. Very hard to detect, difficult to remove, and has deep system access

A: A spy living inside the walls of your house.

Rootkit

_______ malware records every keystroke to steal credentials and data.

A: Someone writing down everything you type.

Keylogger

_______ malware shows unwanted ads like pop-ups and banners, while _______ secretly tracks your activity to steal persomal data.

Adware / Spyware

_______ malware is unnecessary preinstalled software that slows down your system. It is not directly malicious.

A: Extra apps you never asked for taking up space.

Bloatware

_______ malware is hidden malicious code that stays inactive until a specific condition is met (like a date or event), then activates to cause damage such as deleting data or crashing systems.

A: A timer set to explode later.

Logic Bomb

_______ malware is a group of infected computers controlled remotely by an attacker.

Botnet

_______ malware spreads automatically from one computer to another without user interaction. It is also self-replicating.

A: A disease spreading through the air without contact.

Worm