IT SECURITY AND RISK MANAGMENT

Chapter 5: Networking and Server Attacks 

1. Network-Based Attacks 

• Interception Attacks: 

• Man-in-the-Middle (MITM): Attacker intercepts and alters communication between two parties. 

• Man-in-the-Browser (MITB): Malware inside a browser modifies transactions. 

• Replay Attack: Copies and reuses legitimate transmissions to gain access. 

• Poisoning Attacks: 

• ARP Poisoning: Alters ARP tables to redirect traffic. 

• DNS Poisoning: Redirects users to fraudulent websites. 

2. Server Attacks 

• Denial-of-Service (DoS) & Distributed DoS (DDoS): Overwhelms a server with excessive requests. 

• Common DoS Attack Types: 

• Smurf Attack: Spoofs IP addresses and floods the victim with responses. 

• DNS Amplification: Uses open DNS resolvers to send massive responses to the target. 

• SYN Flood: Exploits TCP handshake, leaving connections open. 

• Web Application Attacks: 

• Cross-Site Scripting (XSS): Injects malicious scripts into web applications. 

• SQL Injection: Inserts harmful SQL statements to manipulate databases. 

• Session Hijacking: Attacker takes over a user's session. 

Chapter 6: Network Security Devices, Design, and Technology 

1. Network Security Devices 

• Firewalls: Filters incoming and outgoing traffic based on security rules. 

• Intrusion Detection & Prevention Systems (IDS/IPS): Monitors and prevents malicious activities. 

• SIEM (Security Information and Event Management): Aggregates and analyzes security data. 

2. Secure Network Architecture 

• Demilitarized Zone (DMZ): Isolates public-facing services from the internal network. 

• Network Address Translation (NAT): Masks internal IP addresses. 

• Segmentation: Divides networks for security and performance. 

3. Network Security Technologies 

• Unified Threat Management (UTM): Combines multiple security features (firewall, antivirus, etc.). 

• Data Loss Prevention (DLP): Monitors and prevents data leaks. 

• Virtual Private Network (VPN): Encrypts data for secure remote access.