1. Network Security - CIA Triad & Attack Vectors | Questions Set

This set is to help reinforce a deeper understanding of this topic. Go study the terminology set first : https://knowt.com/flashcards/a64fbb30-2bb2-4c10-97d8-d6d523a37ef0

Confidentiality, Integrity, and Availability (the CIA triad).

What three principles form the foundation of information security?

Remote attacks can be executed from anywhere on the internet and target public-facing services, while Adjacent attacks require the attacker to be on the same local network as the target.

How do Remote attacks differ from Adjacent attacks?

Adjacent attacks have already bypassed perimeter defenses and have access to internal network traffic, allowing for direct interception of data and potential access to resources not exposed to the internet.

Why are Adjacent attacks considered more dangerous than Remote attacks in some cases?

When the attack requires some level of prior access to the system (either through credentials or user interaction) rather than exploiting a vulnerability in a public-facing service.

When would an attack be classified as a Local attack rather than a Remote attack?

Attacks requiring user interaction (like clicking a malicious link) are classified as Local attacks even if the attacker is remote, because the malicious code executes locally on the user's system.

How does user interaction affect the classification of an attack vector?

With physical access to hardware, attackers can bypass most software-based security controls, install hardware keyloggers, perform cold boot attacks, or even steal the device.

Why is the Physical attack vector considered the most powerful?

It uses a combination of Remote (delivery) and Local (execution) attack vectors, as the initial contact is remote but requires local execution on the user's system.

What attack vector would a phishing email that delivers malware use?

This is an Adjacent attack because the attacker must be physically near the victims and on the same network to intercept their traffic.

How would you classify an attacker using a fake WiFi hotspot to capture data?