Network Issues and Attacks

Network Issues and Attacks

Router Performance Issues

  • Long Load Times of Web Pages
    • The network administrator is alerted due to web pages experiencing prolonged load times.
    • After ruling out routing or DNS issues, the administrator accesses the router for diagnostics.
    • Possible issues observed at the router may include:
      • DDoS Attack: Distributes traffic across multiple sources to overwhelm resources.
      • Memory Leak: Occurs when a program fails to release memory that is no longer needed, leading to resource depletion.
      • Buffer Overflow: When data exceeds buffer capacity, causing erratic behaviors and potential exploits.
      • Resource Exhaustion: General depletion of network or system resources, possibly due to high network load or misconfigured services.

Security Incident Analysis

  • User Account Lockout Investigation
    • A security analyst investigates how an attacker gained access to User3's account exploiting the company's lockout policy.
    • The policy enforces account lockout for 15 minutes after 3 failed login attempts.
    • Possible attacks that could have occurred:
      • Dictionary Attack: Systematically attempts valid passwords from a predetermined list.
      • Credential Stuffing: Utilizes stolen account credentials from other data breaches to gain unauthorized access.
      • Password Spraying: A less targeted attack that tries a few common passwords across many accounts.
      • Brute-force Attack: Attempts all possible password combinations until success.

Network Attack Scenarios

  • SSH Connection Disruption
    • A researcher logs into a remote SSH service and begins experiencing issues after a year of normal use.
    • Network attack types under consideration include:
      • MAC Cloning: An attacker impersonates a device through MAC address duplication.
      • Evil Twin Attack: A rogue access point mimicking a legitimate one, capturing sensitive data.
      • Man in the Middle (MitM) Attack: An unauthorized party intercepts communication between two lawful entities.
      • ARP Poisoning: Linking an attacker's MAC address to a legitimate IP address within the local network.

Organizational Network Resilience

Improving Fault Tolerance and Availability

  • Point-of-Sale System Stability During High Load
    • An organization experiencing outages during critical sales periods needs to fortify server reliability and site performance.
    • Best options include:
      • Load Balancing: Distributing network or application traffic across multiple servers to enhance performance and availability.
      • Incremental Backups: Backing up only the data that changed since the last backup, improving recovery times.
      • Uninterruptible Power Supply (UPS): Protects against power outages while ensuring operational continuity.
      • RAID (Redundant Array of Independent Disks): A method for data storage that duplicates data across multiple drives.

Security Assessment Outcomes

  • User Data Compromise via Phishing
    • A user unknowingly submits sensitive login information to a faked recruiting site. Investigation leads to these possibilities:
      • Reverse Proxy Redirection: Traffic is routed through a malicious proxy.
      • SSL Strip MITM Attack: Redirects legitimate HTTPS connections to insecure HTTP, capturing details.
      • Name Server Poisoning: Falsifies DNS entries leading to unwitting navigation to malicious sites.
      • ARP Poisoning: Attacker tricks network devices into using their MAC address.

Security Design Elements

VPN and DLP Implementation Assessment

  • VPN Traffic Routing and Security Measures
    • An organization routes traffic through a VPN with multilayered security components. Weaknesses bubble up:
      • Integration with Next-Generation Firewalls (NGFW): DLP should be included with firewall protocols for better security coverage.
      • Split-Tunnel VPN Connections: May degrade DLP efficiency during traffic inspection processes.
      • Encrypted Traffic Inspection: Risks exist in not inspecting encrypted traffic, leaving vulnerabilities unaddressed.
      • Increased VPN Hops: While beneficial, more hops may incur latency, affecting user experience.

Cybersecurity Concepts

Phishing Attack Definition

  • Phishing Attack Explanation
    • B) A method of tricking individuals into providing sensitive information by masquerading as a trustworthy entity.

Vulnerability Assessment Purpose

  • Primary Goal
    • A) To identify and prioritize vulnerabilities in a system or network.

Buffer Overflow Exploitation Methods

  • Common Exploitation Techniques
    • B) Code injection, leading to unauthorized code execution by overfilling a buffer.

Patch Management in Cybersecurity

  • Definition
    • B) The systematic approach to managing updates for software applications and systems, ensuring systems are current and secure.

Brute-Force Attack Definition

  • Brute-Force Attack Clarification
    • B) An attempt to gain unauthorized access by systematically trying all possible passwords.

Characteristics of Ransomware Attacks

  • Common Traits
    • B) It encrypts files and demands payment for decryption keys.

Mitigation Strategy for SQL Injection

  • Effective Measures
    • B) Implementing input validation and prepared statements to thwart input manipulation attacks.

Dangers of Public Wi-Fi Networks

  • Associated Risks
    • C) Potential for man-in-the-middle attacks and data interception.

Addressing Insider Threats

  • Mitigation Strategies
    • D) All of the above strategies: thorough background checks, strict access controls, and comprehensive cybersecurity training.

Security Operations Center Significance

Role of Penetration Testing

  • Objective of Penetration Tests
    • B) To simulate real-world attacks to identify and exploit vulnerabilities, providing insight into organizational weaknesses.

Supply Chain Attack Vulnerabilities

  • Common Exploitation Points
    • A) Weaknesses in third-party software components.

Asset Criticality in Vulnerability Assessment

  • Importance
    • B) The potential impact on business operations if the asset is compromised defines assessment priorities.

IoT Device Exploitation Methods

  • Common Attack Vectors
    • C) Command Injection techniques to manipulate IoT device operations.

SOAR Platform Functionality in Incident Response

  • Primary Function
    • B) To automate the correlation of alerts from multiple security tools, enhancing response times.

Risk Management Terminology

  • Risk Appetite Definition
    • C) The willingness to accept certain risks in pursuit of objectives.

Post-Exploitation Phase Significance in Penetration Testing

  • Importance of Post-Exploitation
    • A) Identify and exploit additional vulnerabilities in the compromised system for holistic risk assessment.

Challenges in Insider Threat Programs

  • Key Issues
    • B) Balancing employee privacy with proactive monitoring initiatives.

Purpose of Threat Hunting Programming

  • Functionality
    • B) To proactively search for signs of potential threats and vulnerabilities within the network to enhance preparedness.

Data Exfiltration Definition in Cybersecurity

  • Definition
    • B) The unauthorized transfer of data from a computer or network.

Methodologies for Vulnerability Impact Assessment

  • Best Approaches
    • B) FAIR (Factor Analysis of Information Risk) for evaluating potential vulnerability impacts.

Security Strategy Overview

Vulnerability Assessment vs. Penetration Testing

  • Primary Differences
    • A) Vulnerability assessments identify vulnerabilities, while penetration tests validate them through exploitation practices.

NIST Cybersecurity Framework Significance

  • Management of Cybersecurity Risks
    • B) Offers a structured approach to managing cybersecurity risks across five core functions: Identify, Protect, Detect, Respond, and Recover.

Principle of Least Privilege Impact on Insider Threats

  • Application
    • A) Limits user access to resources necessary for job functions, effectively reducing misuse risk.

Zero-Day Vulnerability Challenges

  • Description
    • B) A vulnerability known to the vendor but not publicly disclosed, posing exploitation risks before patches are available.

Social Engineering Exploitation Techniques

  • Behaviour Exploitation
    • B) Manipulating individuals to divulge confidential information; countermeasures include training and awareness programs.

Role of Threat Intelligence

  • Benefit to Security Posture
    • B) Helps identify emerging threats and vulnerabilities, allowing proactive defense measures to be adopted.

Attack Surface Defined in Security Context

  • Meaning
    • B) Describes all entry points for potential attacks, strategies like constant updates and patching aim to minimize overall risk exposure.

Defensive Measures Against Network Attacks

Man-in-the-Middle Attack Description

  • Definition
    • B) An attack where an attacker intercepts and potentially alters communications between two parties; preventive measures include encryption protocols like TLS.

Shared Responsibility Model in Cloud Security

  • Understanding Security Roles
    • B) Both provider and customer share security responsibilities; providers manage infrastructure while customers secure their applications and data.

Business Impact Analysis (BIA) Importance in Disaster Recovery

  • Key Elements for Analysis
    • B) Identifies critical business functions and the impact of disruptions, should address recovery time objectives (RTO) and recovery point objectives (RPO).

Remediation and Recovery Strategies

Addressing SQL Injection Vulnerability Remediation

  • Remediation Steps
    • B) Apply input validation and utilize parameterized queries, safeguarding against direct database manipulation.

Ransomware Recovery and Prevention Actions

  • Best Practices
    • B) Restore data from secure backups while bolstering security controls to prevent recurrence.

Risks from Third-Party Libraries in Software Development

  • Key Concerns
    • C) Introduction of known vulnerabilities from integrated libraries.

Red Team/Blue Team Exercise Goals

  • Main Objective
    • C) Simulate real-world attacks to improve defensive capabilities of organizations.

Significance of Post-Mortem Analysis in Incident Response

  • Purpose
    • B) Identifies root causes of security incidents and recommends enhancements to prevent future occurrences.

Integrity Attacks on Data During Transmission

  • Specific Attack Types
    • C) Man-in-the-Middle (MitM) attack targeting the integrity of data during transmission.

Web Application Firewalls (WAF) Function and Differences from Traditional Firewalls

  • WAF Functionality
    • B) Inspects HTTP/HTTPS traffic for malicious content; unlike traditional firewalls, which focus more on network-layer traffic.

Purpose of SIEM Systems in Organizations

  • Objective
    • C) To collect, analyze, and correlate security data from diverse sources for enforcing threat detection and incident response.

Challenges in Multi-Factor Authentication (MFA) Implementation

  • Significant Objection
    • B) User resistance and possible effects on user experience during implementation procedures.

Network Segmentation Definition in Security

  • Importance
    • B) Dividing a network into smaller, isolated segments to limit access and mitigate overall risk exposure.