Chs 10, 11, 12

Interception Attacks, Pillars of NIST CSF1.1, SNMP operation between NMS and SNMP agent

Ch 10 Describe four general types of interception attacks in WLANS

1. ARP Spoofing

2. Monitoring

3. Sniffer (Wi-Fi Analyzer)

4. Session Hijacking

WLAN is

wifi network, allows wireless connection to internet or other devices

ARP Spoofing is

Tricks network into thinking device has real address of another device

• Sends fake ARP msgs on their own MAC address the traffic meant for the real device is sent to them

• Vulnerable to stolen or changed data

Monitoring is

Listens on data being sent, often at wireless access point (hubs rather than switches) where all traffic goes through

• Vulnerable to stolen data, passwords, msgs

Sniffer / Wi-Fi Analyzer is

Software tools that capture network traffic (packets) when moved through air (RF)

IT teams use for troubleshooting but hackers use for information

• Vulnerable stolen data from network or info collected for future attacks

Session Hijacking is

Jumping in sessions between user and service (website)

• Take over user’s connection pretending to be real user

• Vulnerable to sensitive systems or accounts without logging in

802.1X is

a standard for authenticating devices on network (especially wifi) working with server using eAP types to handle log in process

Ch 10 Four 802.1X Authentication methods

1. MD5 Message Digest 5

2. PEAP protected extensible authentication protocol

3. EAP-TLS Transport Layer Security

4. EAP-TTLS Tunneled Transport Layer Security

1. MD5 Message Digest 5 is

Basic least secure with one-way authentication

(client → server)

not recommended for WLANS

2. PEAP protected extensible authentication protocol is

Encrypts authentication data with secure tunnel

supports server-side certificates

3. EAP-TLS Transport Layer Security is

Strong mutual authentication

Certificates on both client and server side

• Requires setup and management of digital certificates

ID Badge secure

4. EAP-TTLS Tunneled Transport Layer Security is

Secure tunnel lie EAP-TLS

only server needs certificate

Easier to deploy, still secure

secure login where only building (server) needs key, not every visitor (client)

Pillars of NIST Cybersecurity Framework CSF1.1 defined

core functions used to help orgs manage and reduce cybersecurity risks (big steps in protecting digital systems)

Ch 11 Pillars of NIST Cybersecurity Framework are

Identify

Protect

Detect

Respond

Recover

Identify Pillar Purpose and Scope

Know what you need to protect

- Asset management

- Business environment

- Governance

- Risk assessment

- Risk management strategy

Protect Pillar Purpose and Scope

Safeguard systems and data

- Access control

- Awareness and training

- Data security

- Info protection procedures

- Maintenance

- Protective technology

Detect Pillar Purpose and Scope

Find cybersecurity events quickly

- Anomalies and events

- Continuous monitoring

- Detection processes

Respond Pillar Purpose and Scope

Take action during a cybersecurity incident

- Response planning

- Communications

- Analysis

- Mitigation

- Improvements

Recover Pillar Purpose and Scope

Restore operations after an incident

- Recovery planning

- Improvements

- Communications

SNMP Simple Network Management Protocol is

tool that lets network device (routers, switches, printers, servers) send and receive info about their status

is everything working?

NMS Network Management System is

software tool / platform that helps IT admins monitor, manage, and control devices on a network

command center for network to check on things

Ch 12 Most common SNMP operations used for communication between the Network Management System and SNMP agent

Get

GetNext

GetBulk

Set

Trap

Get Operation is

Ask for specific value

NMS → Agent

GetNext operation is

Get next value in a list

NMS → Agent

GetBulk operation is

Get a large group of values at once

NMS → Agent

Set operation is

Change a value on device

NMS → Agent

Trap operation is

Send an unsolicited alert

Agent → NMS