Module 01 - Network Attack and Defense Strategies

LEARNING OBJECTIVES

• LO#01: Explain essential terminologies related to network security attacks

• LO#02: Describe various examples of network-level attack techniques

• LO#03: Describe various examples of application-level attack techniques

• LO#04: Describe various examples of social engineering attack techniques

• LO#05: Describe various examples of email attack techniques

• LO#06: Describe various examples of mobile device-specific attack techniques

• LO#07: Describe various examples of cloud-specific attack techniques

• LO#08: Describe various examples of wireless network-specific attack techniques

• LO#09: Describe attacker hacking methodologies and frameworks

• LO#10: Understand fundamental goal, benefits, and challenges in network defense

• LO#11: Explain continual/adaptive security strategy

• LO#12: Explain defense-in-depth security strategy

Essential Terminologies

• Asset: Anything of interest to an attacker with monetary value, can be tangible (hardware, systems) or intangible (data, brand reputation).

  • Examples include: Software, Systems, People, Data, Servers.

• Threat: A potential negative event that can cause damage to an asset.

  • Examples include: Data theft, server shutdowns, employee deceit, malware infection.

Threat Sources

• Natural: Fires, floods, power failures.

• Unintentional: Admin errors, accidents.

• Intentional: Criminal activities, disgruntled employees.

  • Types of malicious actors: External hackers, corporate raiders, terrorists.

Threat Actors/Agents

• Hacktivists: Individuals promoting a political agenda through hacking.

• Cyber Terrorists: Individuals disrupting networks for radical causes.

• State-Sponsored Hackers: Government employees targeting other nations.

• Script Kiddies: Unskilled hackers using tools from others.

• Industrial Spies: Individuals targeting companies for commercial advantage.

Vulnerabilities

• General Definition: Refers to weaknesses in an asset that can be exploited.

  • Common causes: Misconfiguration, insecure design, technology weaknesses, careless user behavior.

• Examples:

  • Technological Vulnerabilities: Insecure TCP/IP protocols, unpatched OS systems.

  • Network Device Vulnerabilities: Lack of authentication, insecure routing protocols.

  • Configuration Vulnerabilities: Weak passwords, misconfigured internet services.

Risk

• Definition: Potential loss when a threat to an asset exists along with a vulnerability.

  • Formula: Risk = Asset + Threat + Vulnerability.

  • Potential impacts: Business disruptions, data loss, legal liabilities, reputational damage.

Attack Overview

• Definition: Action to exploit vulnerabilities for malicious purposes.

  • Components: Motive (Goal) + Method (Tactics, Techniques and Procedures, or TTPs) + Vulnerability.

• Common Motives: Business disruption, information theft, financial gain, propaganda.

Network-Level Attack Techniques

• Reconnaissance Attacks: Gathering information on the target network.

  • Techniques include: DNS footprinting, port scanning, system enumeration.

• Sniffing Attacks: Monitoring data packets on the network.

• Man-in-the-Middle Attack: Intercepting and altering communication between two parties.

• Password Attacks: Using techniques (brute force, phishing) to crack user passwords.

• Privilege Escalation Attacks: Gaining higher access rights on a network.

• DNS Poisoning Attacks: Manipulating DNS records to redirect traffic.

Application-Level Attack Techniques

• SQL Injection: Malicious SQL queries that gain unauthorized access to the database.

• Cross-Site Scripting (XSS): Injecting scripts into web pages viewed by other users.

• Parameter Tampering: Modifying application data through URL parameter manipulation.

• Session Hijacking: Taking over a valid communication session.

Social Engineering Attacks

• Impersonation: Pretending to be someone legitimate to solicit information.

• Eavesdropping: Listening to unauthorized conversations to gather information.

• Shoulder Surfing: Observing a user to gain access to their confidential data.

• Dumpster Diving: Searching through trash for sensitive information.

Email Attacks

• Malicious Email Attachments: Emails delivering malware upon opening.

• Phishing: Deceptively acquiring personal information by posing as a trusted entity.

• Spamming: Sending unsolicited emails to generate malicious activity or financial gain.

Mobile Device-Specific Attacks

• Rooting and Jailbreaking: Gaining unauthorized access to mobile operating systems.

• Malicious Apps: Apps that collect data or damage the system when installed.

• SMS Phishing (SMiShing): Text-based phishing attacks to trick users into revealing personal data.

Cloud-Specific Attack Techniques

• Data Breach: Unauthorized access to confidential data stored in the cloud.

• Insecure Interfaces: Vulnerabilities arising from poorly secured APIs.

• Malicious Insiders: Users with legitimate access who misuse their privileges.

Wireless Network-Specific Attack Techniques

• Rogue Access Points: Unauthorized APs set up to capture user data.

• WEP Cracking: Breaking the WEP encryption to gain unauthorized access.

• Denial-of-Service (DoS): Overloading wireless services to disrupt network access.

Hacking Methodologies and Frameworks

• CEH Methodology: Stages of a hacking effort – reconnaissance, scanning, gaining access, maintaining access, clearing tracks.

• MITRE ATT&CK Framework: A knowledge base used for developing threat models based on real-world attack observations.

Defense Strategies

• Goal: Protect organizational assets from unauthorized access and disruption.

• Defense-in-Depth: A layered security strategy that uses multiple defenses to protect information systems, including technical, administrative and physical controls.

• Continual Security Improvement: An adaptive security strategy involving protection, detection, response, and prediction activities.