Chapter 4 - section 4.2 - Summarize various types of attacks

section 4.2

Objective – Network Attacks and Threats

• Denial-of-service (DoS) / distributed denial-of-service (DDoS)
• VLAN hopping
• Media Access Control (MAC) flooding
• Address Resolution Protocol (ARP) poisoning
• ARP spoofing
• DNS poisoning
• DNS spoofing
• Rogue devices and services
▸ DHCP
▸ AP
• Evil twin
• On-path attack
• Social engineering
▸ Phishing
▸ Dumpster diving
▸ Shoulder surfing
▸ Tailgating
• Malware

Denial-of-Service (DoS)

• Attack that overwhelms a system
• Makes service unavailable to users
• Uses traffic floods or resource exhaustion
• Single attacker source

Distributed Denial-of-Service (DDoS)

• DoS attack from multiple systems
• Uses botnets
• Harder to block than DoS
• Exam critical distinction

VLAN Hopping

• Attacker accesses traffic from another VLAN
• Exploits misconfigured switches
• Breaks network segmentation
• Mitigated with proper VLAN configuration

MAC Flooding

• Attacker floods switch with fake MAC addresses
• Overflows CAM table
• Switch acts like a hub
• Enables packet sniffing

ARP Poisoning

• Corrupts ARP table with false mappings
• Redirects traffic to attacker
• Enables MITM attacks
• Layer 2 attack

ARP Spoofing

• Attacker pretends to be another device
• Sends fake ARP replies
• Often used with ARP poisoning
• Exam focus: same concept, different wording

DNS Poisoning

• Inserts false DNS records
• Redirects users to malicious sites
• Compromises name resolution
• High impact attack

DNS Spoofing

• Attacker responds with fake DNS answers
• Tricks clients into using wrong IP
• Often combined with poisoning
• Exam synonym awareness

Rogue Devices and Services

• Unauthorized systems on network
• Bypass security controls
• Common internal threat

Rogue DHCP Server

• Issues incorrect IP configurations
• Redirects traffic to attacker
• Causes network outages
• Prevented with DHCP snooping

Rogue Access Point (AP)

• Unauthorized wireless AP
• Allows attacker network access
• Common in public areas
• Security risk

Evil Twin

• Fake wireless AP impersonating real one
• Tricks users into connecting
• Used for credential theft
• Wireless attack

On-Path Attack

• Attacker intercepts communication
• Previously called MITM
• Can modify or capture data
• Enabled by ARP/DNS attacks

Social Engineering

• Manipulates people, not systems
• Exploits trust and behavior
• Very effective attack method
• Exam critical concept

Phishing

• Fraudulent messages impersonating trusted source
• Steals credentials or data
• Common via email and SMS
• High exam relevance

Dumpster Diving

• Searching trash for sensitive info
• Physical social engineering
• Prevented by proper disposal

Shoulder Surfing

• Observing user input directly
• Targets passwords or PINs
• Physical proximity required

Tailgating

• Following authorized person into secure area
• Physical security breach
• Prevented by access controls

Malware

• Malicious software
• Includes viruses, worms, trojans, ransomware
• Used to damage or steal data
• Core security exam topic

N10-009 Exam Check

• DDoS uses multiple attackers
• VLAN hopping breaks segmentation
• ARP and DNS attacks enable on-path attacks
• Social engineering targets humans