OSPF and ACLs

1.1.1 Introduction to OSPF

• OSPF is a link-state routing protocol, an alternative to RIP.

• OSPFv2 is used for IPv4 networks.

• OSPFv3 is used for IPv6 networks.

• This module focuses on single-area OSPFv2.

• RIP uses hop count as the only metric, which doesn't scale well in larger networks.

• OSPF offers faster convergence and better scalability.

• OSPF uses areas to control routing update traffic.

• A link is an interface on a router or a network segment connecting routers.

• Link-state includes network prefix, prefix length, and cost.

1.1.2 Components of OSPF

• Routing protocols use messages to exchange route information.

• Messages help build data structures processed by a routing algorithm.

• OSPF uses five types of packets:

  • Hello packet

  • Database description packet

  • Link-state request packet

  • Link-state update packet

  • Link-state acknowledgment

• OSPF messages create and maintain three databases:

  • Adjacency database (neighbor table)

  • Link-state database (LSDB, topology table)

  • Forwarding database (routing table)

• Tables are kept in RAM and list neighboring routers for information exchange.

• The router builds the topology table using Dijkstra's shortest-path first (SPF) algorithm.

• The SPF algorithm is based on the cumulative cost to reach a destination.

• SPF creates an SPF tree with each router as the root.

• OSPF places the best routes into the forwarding database for routing.

1.1.3 Link-State Operation

• OSPF routers follow a link-state routing process to reach convergence.

• Cost is used to determine the best path.

• The link-state routing steps are:

  1. Establish Neighbor Adjacencies

  2. Exchange Link-State Advertisements

  3. Build the Link State Database

  4. Execute the SPF Algorithm

  5. Choose the Best Route

• Routers exchange Hello packets to discover neighbors and establish adjacencies.

• After adjacencies, routers exchange Link-State Advertisements (LSAs) containing the state and cost of each link.

• LSAs are flooded to all routers in the area.

• Routers build the topology table (LSDB) based on received LSAs.

• The SPF algorithm is executed to create the SPF tree.

1.1.4 Single-Area and Multiarea OSPF

• OSPF supports hierarchical routing using areas for efficiency and scalability.

• An OSPF area is a group of routers sharing the same link-state information in their LSDBs.

• OSPF can be implemented in two ways:

  • Single-Area OSPF: All routers are in one area (best practice is area 0).

  • Multiarea OSPF: Implemented using multiple areas, all connected to the backbone area (area 0).

• Routers interconnecting areas are Area Border Routers (ABRs).

• The focus of this module is on single-area OSPFv2.

1.1.5 Multiarea OSPF

• Multiarea OSPF divides a large routing domain into smaller areas for hierarchical routing.

• Routing occurs between areas (interarea routing).

• Processor-intensive operations are kept within an area.

• Topology changes within an area trigger the SPF algorithm to rerun, creating a new SPF tree and updating the routing table.

• Routers in other areas update only the routing table, not rerun the SPF algorithm.

• Too many routers in one area can make LSDBs very large and increase CPU load.

• Arranging routers into areas partitions the database into more manageable databases.

• Advantages of hierarchical-topology design:

  • Smaller routing tables (due to summarization between areas, not enabled by default).

  • Reduced link-state update overhead, minimizing processing and memory.

  • Reduced frequency of SPF calculations, localizing topology change impacts.

• ABRs send LSAs to routers in area 0, which are then flooded throughout the OSPF routing domain, updating LSDBs and routing tables in other areas without rerunning the SPF algorithm.

1.1.6 OSPFv3

• OSPFv3 is the OSPFv2 equivalent for exchanging IPv6 prefixes.

• In IPv6, the network address is the prefix and subnet mask is the prefix-length.

• OSPFv3 populates the IPv6 routing table with remote prefixes.

• With the OSPFv3 Address Families feature, OSPFv3 supports both IPv4 and IPv6.

• OSPFv2 runs over the IPv4 network layer and advertises only IPv4 routes.

• OSPFv3 uses IPv6 as the network layer transport and advertises IPv6 routes.

• OSPFv3 uses the SPF algorithm.

• OSPFv3 processes run independently from OSPFv2.

• OSPFv2 and OSPFv3 have separate adjacency tables, topology tables, and IP routing tables.

• Configuration and verification commands are similar to OSPFv2.

1.2.2 Types of OSPF Packets

• Link-state packets (LSPs) determine the fastest route.

• OSPF uses LSPs to establish neighbor adjacencies and exchange routing updates.

• Packet types:

  • Type 1: Hello packet - Establishes and maintains adjacency.

  • Type 2: Database Description (DBD) packet - Contains an abbreviated LSDB list for checking against local LSDB.

  • Type 3: Link-State Request (LSR) packet - Requests more information about DBD entries.

  • Type 4: Link-State Update (LSU) packet - Replies to LSRs and announces new information; contains different types of LSAs.

  • Type 5: Link-State Acknowledgment (LSAck) packet - Confirms receipt of LSU; data field is empty.

• LSDB must be identical on all link-state routers within an area to construct an accurate SPF tree.

1.2.3 Link-State Updates

• Routers exchange Type 2 DBD packets (abbreviated LSDB list).

• Type 3 LSR packet requests more information about DBD entries.

• Type 4 LSU packet replies to an LSR packet.

• Type 5 packet acknowledges the receipt of a Type 4 LSU.

• LSUs forward OSPF routing updates, like link changes.

• An LSU packet contains one or more of different types of OSPFv2 LSAs; OSPFv3 has similar packet types but renames several LSAs and contains two additional LSAs.

1.2.4 Hello Packet

• OSPF Type 1 packet is the Hello packet.

• Hello packets:

  • Discover OSPF neighbors and establish neighbor adjacencies.

  • Advertise parameters for neighbor agreement.

  • Elect the Designated Router (DR) and Backup Designated Router (BDR) on multiaccess networks (Ethernet).

• Point-to-point links do not require DR or BDR.

1.3.2 OSPF Operational States

• When initially connected, an OSPF router:

  • Creates adjacencies with neighbors

  • Exchanges routing information

  • Calculates the best routes

  • Reaches convergence

• OSPF progresses through various states to reach convergence.

1.3.3 Establish Neighbor Adjacencies

• When OSPF is enabled, the router determines if there is another OSPF neighbor on the link.

• It sends a Hello packet containing its router ID out all OSPF-enabled interfaces.

• The Hello packet is sent to the reserved All OSPF Routers IPv4 multicast address 224.0.0.5.

• Only OSPFv2 routers will process these packets.

• The OSPF router ID uniquely identifies each router in the OSPF area.

• A router ID is a 32-bit number formatted like an IPv4 address.

• When a neighboring OSPF-enabled router receives a Hello packet with a router ID not in its neighbor list, it attempts to establish an adjacency with the initiating router.

• R2 receives Hello from R1 and adds R1's router ID to its neighbor list, then sends a Hello to R1 containing R2's router ID and R1's router ID in the neighbor list.

• When R1 receives the Hello and sees its own Router ID in the list of neighbors, it transitions from the Init state to the Two-Way state.

• Action in Two-Way state depends on the type of interconnection:

  • Point-to-point link: immediately transition to ExStart state.

  • Common Ethernet network: elect a DR and a BDR.

1.3.4 Synchronizing OSPF Databases

• After the Two-Way state, routers transition to database synchronization states.

• While Hello packets establish adjacencies, the other four OSPF packet types are used during the process of exchanging and synchronizing LSDBs. This is a three step process, as follows:

  1. Decide first router

  2. Exchange DBDs

  3. Send an LSR

• In the ExStart state, the two routers decide which router will send the DBD packets first.

• The router with the higher router ID sends DBD packets first during the Exchange state.

• In the Exchange state, the two routers exchange one or more DBD packets containing LSA entry headers.

• Entries can be about a link or a network.

• Each LSA entry header includes information about the link-state type, the address of the advertising router, the cost of the link, and the sequence number.

• The router uses the sequence number to determine the newness of the received link-state information.

• When R1 receives a DBD from R2:

  1. It acknowledges the receipt of the DBD using the LSAck packet.

  2. R1 then sends DBD packets to R2.

  3. R2 acknowledges R1.

• R1 compares the information received with the information it has in its own LSDB. If the DBD packet has a more current link-state entry, the router transitions to the Loading state.

• For example, R1 sends an LSR regarding network 172.16.6.0 to R2. R2 responds with the complete information about 172.16.6.0 in an LSU packet. Again, when R1 receives an LSU, it sends an LSAck.

• R1 then adds the new link-state entries into its LSDB.

• After all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a full state.

• Updates LSUs are sent only to neighbors in the following conditions:

  • When a change is perceived incremental updates

  • Every 30 minutes

1.3.5 The Need for a DR

• Multiaccess networks can create two challenges for OSPF regarding the flooding of LSAs:

  • Creation of multiple adjacencies

  • Extensive flooding of LSAs

• For any number of routers designated as n on a multiaccess network, there are $n (n - 1) / 2$ adjacencies.

• As routers are added to the network, the number of adjacencies increases dramatically.

• A multiaccess network with 20 routers would create 190 adjacencies.

1.3.6 LSA Flooding With a DR

• A dramatic increase in the number of routers also dramatically increases the number of LSAs exchanged between the routers.

• This flooding of LSAs significantly impacts the operation of OSPF.

• If every router in a multiaccess network had to flood and acknowledge all received LSAs to all other routers on that same multiaccess network, the network traffic would become quite chaotic.

1.4.1 What did I learn in this module?

• OSPF offers faster convergence and better scalability than RIP.

• OSPF uses areas for scalability; a link is a router interface or a network segment connecting routers; Link-state information includes network prefix, prefix length, and cost.

• Routing protocols use messages to exchange route information; OSPF packets include Hello, database description, link-state request, link-state update, and link-state acknowledgment packets.

• OSPF databases: adjacency, link-state LSDB, and forwarding (routing table).

• Topology table is built using Dijkstra's SPF algorithm.

• Cost determines the best path; single-area OSPF best practice is to use area 0; Multiarea OSPF divides a routing domain into smaller areas.

• OSPFv3 exchanges IPv6 prefixes; In IPv6, the network address is the prefix and subnet mask is the prefix-length.

• OSPF packets: Hello, DBD, LSR, LSU, and LSAck. Hello packets discover neighbors, advertise parameters, and elect DR/BDR on multiaccess networks; point-to-point links do not need DR/BDR.

• Important Hello packet fields: type, router ID, area ID, network mask, hello interval, router priority, dead interval, DR, BDR, and list of neighbors.

• OSPF operation involves creating adjacencies, exchanging routing information, calculating best routes, and reaching convergence.

• States: down, init, two-way, ExStart, Exchange, loading, and full.

• Routers send Hello packets to determine neighbors.

• Hello packets are sent to the IPv4 multicast address 224.0.0.5.

• The database synchronization states (after Two-Way) include deciding the first router, exchanging DBDs, and sending an LSR.

• Multiaccess networks create LSA flooding challenges - the creation of multiple adjacencies and extensive flooding of LSAs.

• A dramatic increase in the number of routers also dramatically increases the number of LSAs exchanged between the routers; this impacts OSPF operation.

• DR and BDR election is necessary.

• On multiaccess networks, OSPF elects a DR and a BDR.

2.0.1 Why should I take this module?

• Module focuses on single-area OSPFv2 configuration.

• OSPF is designed to find the fastest route and create fast and available routes.

• OSPF allows you to manually override the DR election process and create your own preferred routes.

2.0.2 What will I learn to do in this module?

• Module Title: Single-Area OSPFv2 Configuration

• Module Objective: Implement single-area OSPFv2 in both point-to-point and broadcast multiaccess networks.

• Topic Title Topic Objective

  • OSPF Router ID Configure an OSPFv2 router ID.

  • Point-to-Point OSPF Networks Configure single-area OSPFv2 in a point-to-point network.

  • Multiaccess OSPF Networks Configure the OSPF interface priority to influence the DR/BDR election in a multiaccess network.

  • Modify Single-Area OSPFv2 Implement modifications to change the operation of single-area OSPFv2.

  • Default Route Propagation Configure OSPF to propagate a default route.

  • Verify Single-Area OSPFv2 Verify a single-area OSPFv2 implementation.

2.1.1 OSPF Reference Topology

• Foundation of OSPF is the OSPF router ID.

• The routers in the topology have a starting configuration, including interface addresses.

• There is currently no static routing or dynamic routing configured on any of the routers.

• All interfaces on R1, R2, and R3 (except the loopback 1 on R2) are within the OSPF backbone area.

2.1.2 Router Configuration Mode for OSPF

• OSPFv2 is enabled using the router ospf process-id global configuration mode command.

• The process-id value represents a number between 1 and 65,535.

• The process-id value is locally significant

• It is considered best practice to use the same process-id on all OSPF routers.

• After entering the router ospf process-id command, the router enters router configuration mode

2.1.3 Router IDs

• An OSPF router ID is a 32-bit value, represented as an IPv4 address.

• The router ID is used to uniquely identify an OSPF router.

• All OSPF packets include the router ID of the originating router.

• Every router requires a router ID to participate in an OSPF domain.

• The router ID is used by an OSPF-enabled router to:

  • Participate in the synchronization of OSPF databases - During the Exchange State, the router with the highest router ID will send their database descriptor (DBD) packets first.

  • Participate in the election of the designated router (DR) - In a multiaccess LAN environment, the router with the highest router ID is elected the DR. The routing device with the second highest router ID is elected the backup designated router (BDR).

2.1.4 Router ID Order of Precedence

• Cisco routers derive the router ID based on three criteria:

  1. The router ID is explicitly configured using the OSPF router-id rid router configuration mode command. This is the recommended method.

  2. If the router ID is not explicitly configured, the router chooses the highest IPv4 address of any configured loopback interfaces.

  3. If no loopback interfaces are configured, then the router chooses the highest active IPv4 address of any of its physical interfaces. This is the least recommended method.

2.2.1 The network Command Syntax

• One type of network classified by OSPF is a point-to-point network.

• You can specify the interfaces that belong to a point-to-point network by configuring the network command.

• You can also configure OSPF directly on the interface with the ip ospf command.

• Both commands determine which interfaces participate in the routing process for an OSPFv2 area.

• The basic syntax for the network command is as follows:

  • Routerconfig-router# network network-address wildcard-mask area area-id

  • The network-address wildcard-mask syntax is used to enable OSPF on interfaces.

  • The area area-id syntax refers to the OSPF area

  • When configuring single-area OSPFv2, the network command must be configured with the same area-id value on all routers.

  • Best Practice: use area ID of 0 with single-area OSPFv2.

2.2.2 The Wildcard Mask

• The wildcard mask is typically the inverse of the subnet mask configured on that interface.

• In a subnet mask, binary 1 is equal to a match and binary 0 is not a match.

• In a wildcard mask, the reverse is true, as shown in here:

  • Wildcard mask bit 0 - Matches the corresponding bit value in the address.

  • Wildcard mask bit 1 - Ignores the corresponding bit value in the address.

• The easiest method for calculating a wildcard mask is to subtract the network subnet mask from 255.255.255.255.

2.3.6 Default DR/BDR Election Process

• The OSPF DR and BDR election is based on the following criteria:

  1. The routers in the network elect the router with the highest interface priority as the DR. The router with the second highest interface priority is elected as the BDR.

  • Priority is between 0 and 255; if the interface priority is 0, that interface cannot be elected as DR nor BDR.

  • The default multiaccess broadcast interfaces priority is 1

  1. if the interface priorities are equal, then the router with the highest router ID is elected the DR. The router with the second highest router ID is the BDR.

• The router ID is determined in one of the following three ways:

  1. The router ID can be manually configured.

  2. if no router IDs are configured, the router ID is determined by the highest loopback IPv4 address.

  3. if no loopback interfaces are configured, the router ID is determined by the highest active IPv4 address.

2.3.7 DR Failure and Recovery

• After the DR is elected, it remains the DR until one of the following events occurs:

  • The DR fails.

  • The OSPF process on the DR fails or is stopped.

  • The multiaccess interface on the DR fails or is shutdown.

• If the DR fails, the BDR is automatically promoted to DR.

• After a BDR is promoted to DR, a new BDR election occurs and the DROTHER with the highest priority or router ID is elected as the new BDR.

2.3.1 OSPF Network Types

• Multiaccess OSPF networks are unique in that one router controls the distribution of LSAs.

• The router elected for this role should be determined by the network administrator via configuration.

2.3.8 The ip ospf priority Command

• If the interface priorities are equal on all routers, the router with the highest router ID is elected the DR.

• It is possible to configure the router ID to manipulate the DR/BDR election.

• This process only works if there is a stringent plan for setting the router ID on all routers.

• It is better to control the election by setting interface priorities with the command ip ospf priority value, where value is 0 to 255.

• A value of 0 does not become a DR or a BDR. A value of 1 to 255 on the interface makes it more likely that the router becomes the DR or the BDR.

2.3.9 Configure OSPF Priority

• ip ospf priority command will be used to change the DR and BDR as follows:

  • R1 should be the DR and will be configured with a priority of 255.

  • R2 should be the BDR and will be left with the default priority of 1.

  • R3 should never be a DR or BDR and will be configured with a priority of 0.

• The clear ip ospf process command must be entered on R2 and R3 (not shown).

2.4.1 Cisco OSPF Cost Metric

• A routing protocol uses a metric to determine the best path.

• A metric gives indication of the overhead that is required to send packets across a certain interface.

• OSPF uses cost as a metric.

• A lower cost indicates a better path than a higher cost.

• The Cisco cost of an interface is inversely proportional to the bandwidth of the interface.

• A higher bandwidth indicates a lower cost.

• The formula used to calculate the OSPF cost is:

  • $Cost = reference bandwidth / interface bandwidth$
    The default reference bandwidth is $10^8$ (100,000,000); therefore, the formula is:

  • $Cost = (10^8) bps / interface bandwidth in bps$

• Because the OSPF cost value must be an integer, FastEthernet, Gigabit Ethernet, and 10 Gigabit Ethernet (10 GigE) interfaces share the same cost.

• To correct this situation, you can:

  • Adjust the reference bandwidth with the auto-cost reference-bandwidth command on each OSPF router.

  • Manually set the OSPF cost value with the ip ospf cost command on necessary interfaces.

2.4.2 Adjust the Reference Bandwidth

• The cost value must be an integer; if something less than an integer is calculated, OSPF rounds up to the nearest integer.

• All interfaces faster than Fast Ethernet will have the same cost value of 1 as a Fast Ethernet interface; the reference bandwidth must be changed to a higher value to accommodate networks with links faster than 100 Mbps.

• Changing the reference bandwidth does not actually affect the bandwidth capacity on the link; rather, it simply affects the calculation used to determine the metric.

• To adjust the reference bandwidth, use the auto-cost reference-bandwidth Mbps router configuration command.
  Router(config-router)# auto-cost reference-bandwidth Mbps

• This command must be configured on every router in the OSPF domain.

• Use show ip ospf interface g0/0/0 command to verify the current OSPFv2 cost assigned to the R1 GigabitEthernet 0/0/0 interface.

• The auto-cost reference-bandwidth command must be configured consistently on all routers in the OSPF domain to ensure accurate route calculations.

2.4.3 OSPF Accumulates Costs

• The cost of an OSPF route is the accumulated value from one router to the destination network.

2.6.1 Verify OSPF Neighbors

• Following two commands are particularly useful for verifying routing:

  • show ip interface brief - Verifies that the desired interfaces are active with correct IP addressing.

  • show ip route - Verifies that the routing table contains all the expected routes.

• Additional commands for determining that OSPF is operating as expected include the following:

  • show ip ospf neighbor

  • show ip protocols

  • show ip ospf

  • show ip ospf interface

• Use the show ip ospf neighbor command to verify that the router has formed an adjacency with its neighboring routers.

• If the router ID of the neighboring router is not displayed, or if it does not show as being in a state of FULL, the two routers have not formed an OSPFv2 adjacency.

• Incomplete LSDBs can cause inaccurate SPF trees and routing tables.

2.7.4 What did I learn in this module?

• OSPFv2 enabled using router ospf process-id global configuration mode command; process-id is a number between 1 and 65,535; process-id value is locally significant.

• OSPF router ID is a 32-bit value, represented as an IPv4 address.

• The router ID is used to synchronize OSPF databases and participate in DR/BDR elections.

• Cisco routers derive the router ID based on one of three criteria:
  1. Configured using the OSPF router-id rid router configuration mode command.
  2. Highest IPv4 address of any configured loopback interfaces
  3. If no loopback interfaces are configured, the router chooses the highest active IPv4 address of any of its physical interfaces.

• After a router selects a router ID, an active OSPF router does not allow the router ID to be changed until the router is reloaded or the OSPF process is reset.

• Within routing configuration mode, there are two ways to identify the interfaces that will participate in the OSPFv2 routing process:
  1. Wildcard mask identifies the interface based on the network addresses.
  2. OSPFv2 can be enabled by specifying the exact interface IPv4 address using a quad zero wildcard mask.

• To configure OSPF directly on the interface, use the ip ospf interface configuration mode command.

• The DR/ BDR election process is unnecessary with point-to-point network.

• Ethernet LANs are the most common example of broadcast multiaccess networks.

• DR uses the multicast IPv4 address 224.0.0.5 which is meant for all OSPF routers.

• The OSPF DR and BDR election decision is based on the following criteria:
  1. The routers in the network elect the router with the highest interface priority as the DR. ip ospf priority
  2. If the interface priorities are equal, then the router with the highest router ID is elected the DR.

• With the ip ospf priority command, If the value is 0, the router will not become a DR or BDR; if the value is 1 to 255, then the router with the higher priority value will more likely become the DR or BDR on the interface.

• The formula used to calculate the OSPF cost is: Cost = reference bandwidth / interface bandwidth; Cisco defaults to ($$10^8) bps.

• To change the cost value report by the local OSPF router to other OSPF routers, use the interface configuration command ip ospf cost value.

• The Dead interval is a default of 4 * Hello interval; show ip ospf interface. command is used to verify the OSPFv2 interface intervals.

• Command ip route 0.0.0.0 0.0.0.0 followed by the default-information originate router configuration command is used to propagate a default route.

• To verify routing:
  * show ip interface brief - Used to active interfaces.
  * show ip route- Used to verify the expected routes.
  * show ip ospf neighbor
  * show ip protocols
  * show ip ospf
  * show ip ospf interface

3.0.2 What will I learn in this module?

• Module Title: Network Security Concepts

• Module Objective: Explain how vulnerabilities, threats, and exploits can be mitigated to enhance network security.

3.1.1 Current State of Affairs

• Cyber criminals have the expertise and tools necessary to take down critical infrastructure and systems.

• Tools and techniques continue to evolve, malware taking to unprecedented levels of sophistication and impact.

• Cyber criminals are exploiting undefended gaps in security.

• Network security breaches disrupt e-commerce, cause loss of business data, threaten privacy, and compromise information.

• These breaches can result in lost revenue for corporations, theft of intellectual property, lawsuits, and can even threaten public safety.

• Maintaining a secure network ensures the safety of network users and protects commercial interests.

3.1.2 Vectors of Network Attacks

• An attack vector is a path by which a threat actor can gain access to a server, host, or network.

• Attack vectors originate from inside or outside the corporate network.

3.1.3 Data Loss

• Data is an organization’s most valuable asset.

• Data loss or data exfiltration is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.

• The data loss can result in:

  • Brand damage and loss of reputation

  • Loss of competitive advantage

  • Loss of customers

  • Loss of revenue

  • Litigation/legal action resulting in fines and civil penalties

  • Significant cost and effort to notify affected parties and recover from the breach

3.2.1 The Hacker

• Hacker is a common term used to describe a threat actor.

• Hacker Type

  • Description

  • White Hat Hackers These are ethical hackers who use their programming skills for good, ethical, and legal purposes.

  • Gray Hat Hackers These are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage.

  • Black Hat Hackers These are unethical criminals who compromise computer and network security for personal gain, or for malicious reasons, such as attacking networks.

3.2.2 Evolution of Hackers

• Hacking started in the 1960s with phone freaking, or phreaking, which refers to using audio frequencies to manipulate phone systems.

• In the mid-1980s, computer dial-up modems were used to connect computers to networks.

• Hackers wrote “war dialing” programs which dialed each telephone number in a given area in search of computers.

• When a computer was found, password-cracking programs were used to gain access.

3.2.3 Cyber Criminals

• It is estimated that cyber criminals steal billions of dollars from consumers and businesses.

• Cyber criminals operate in an underground economy where they buy, sell, and trade attack toolkits, zero day exploit code, botnet services, banking Trojans, keyloggers, and much more.

• They also buy and sell the private information and intellectual property they steal.

• Cyber criminals target small businesses and consumers, as well as large enterprises and entire industries.

3.2.4 Hacktivists

• Two examples of hacktivist groups are Anonymous and the Syrian Electronic Army.

• Although most hacktivist groups are not well organized, they can cause significant problems for governments and businesses.

• Hacktivists tend to rely on fairly basic, freely available tools.

3.2.5 State-Sponsored Hackers

• State-sponsored hackers create advanced, customized attack code, often using previously undiscovered software vulnerabilities called zero-day vulnerabilities.

3.3.2 Introduction to Attack Tools

• To exploit a vulnerability, a threat actor must have a technique or tool.

• Over the years, attack tools have become more sophisticated, and highly automated.

• These new tools require less technical knowledge to implement.

3.3.3 Evolution of Security Tools

• Ethical hacking involves many different types of tools used to test the network and keep its data secure.

• To validate the security of a network and its systems, many network penetration testing tools have been developed.

• Tools: Password Crackers, Wireless Hacking Tools, Network Scanning and Hacking Tools, Packet Crafting Tools, Packet Sniffers, Rootkit Detectors, Fuzzers to Search Vulnerabilities, Forensic Tools, Debuggers, Hacking, Encryption Tools, Vulnerability, Exploitation Tools, Vulnerability, Scanners

3.3.4 Attack Types

• Threat actors can use attack tools, or a combination of tools, to create attacks.

• Common types of attacks: Eavesdropping Attack, Data Modification Attack, IP, Address Spoofing Attack, Password-Based Attacks, Denial of Service Attack, Man-in-the-Middle Attack, Compromised-Key Attack, Sniffer Attack

3.4.2 Viruses and Trojan Horses

• Viruses require human action to propagate and infect other computers.

• The virus hides by attaching itself to computer code, software, or documents on the computer.

• When opened, the virus executes and infects the computer.

• Modern viruses are developed for specific intent.

3.4.3 Other Types of Malware

• Adware

• Ransomware

• Rootkit

• Spyware

• Worm

3.5.1 Overview of Network Attacks

• When malware is delivered and installed, the payload can be used to cause a variety of network related attacks.

• To mitigate attacks, it is useful to understand the types of attacks.

• Networks are susceptible to the following types of attacks:

  • Reconnaissance Attacks

  • Access Attacks

  • DoS Attacks

3.5.5 Access Attacks

• Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services.

• The purpose of these types of attacks is to gain entry to web accounts, confidential databases, and other sensitive information.

• Threat actors use access attacks on network devices and computers to retrieve data, gain access, or to escalate access privileges to administrator status.

• Password attacks, spoofing attacks

/