DACS 2201 - Networking Threats and Defenses

These flashcards cover networking concepts, OSI model layers, various network-based attacks (Layer 2, Interception, DNS, DDoS), and physical security defenses based on the networking threats and defenses lecture.

Open Systems Interconnection (OSI) model

A model that describes how dissimilar computers could be connected on a network by separating networking steps into a series of seven layers.

Header

An area at the beginning of the payload where a protocol adds its own control information.

Transport Layer

The layer that addresses the message using port numbers which reference the sending or receiving application.

Network Layer

The layer that addresses the message using IP addresses.

Data Link Layer

The layer that addresses the message using MAC addresses.

Media Access Control (MAC) address

Also called a physical address, it is used for message addressing at the Data link layer.

Switch

A typical layer 2 device that decapsulates messages to look at MAC addresses and forwards them to the recipient.

Router

A typical layer 3 device that decapsulates messages to look at IP addresses and forwards them to the recipient.

Man-in-the-Middle (MITM) attack

An attack where a threat actor is positioned between two communicating parties to eavesdrop or impersonate, involving phases of interception and decryption.

Session Replay attack

An attack where a threat actor makes a copy of a transmission before sending it to the recipient, later replaying the copy (such as logon credentials) to impersonate a user.

Session ID

A unique number that a web server assigns a specific user for the duration of the user's visit (session).

Man-in-the-Browser (MITB) attack

An attack that uses a Trojan browser extension to capture or modify data from form fields; it resides exclusively within the browser and is hard to detect.

Address Resolution Protocol (ARP) Poisoning

An attack where the attacker's computer impersonates a receiver by sending its own MAC address, tricking the sender into sending all future messages to the attacker.

MAC Cloning

An attack where a threat actor spoofs a valid MAC address on their device to trick a switch into associating that address with their switch port.

MAC Flooding

An attack that overflows a switch's MAC address table with different spoofed MAC addresses, forcing the switch into a fail-open mode where it broadcasts frames to all ports.

DNS Poisoning

An attack that modifies the lookup table in the hosts file on a device to point to a different domain or a fraudulent IP address.

DNS Hijacking

An attack that infects an external DNS server with IP addresses pointing to malicious sites by exploiting protocol flaws.

Distributed Denial of Service (DDoS) Attack

A deliberate attempt to prevent authorized users from accessing a system by overwhelming it with bogus requests using hundreds or thousands of devices, often via botnets.

Industrial Camouflage

A physical security defense where organizations attempt to make the physical presence of their buildings as nondescript as possible.

Mantrap

An internal physical security control designed as an air gap to separate a nonsecure area from a secured area.

Protected Cable Distribution

A system of cable conduits used to protect classified information; these may be sealed/welded or equipped with optical fibers to trigger an alarm upon vibration.

Clean Agent Systems

Fire suppression systems that extinguish fires by reducing heat, removing oxygen, or inhibiting chemical reactions without contaminating equipment with water or chemicals.