Wired Network Attacks
What does the term Indicators of Compromise refer to?
Evidence items pointing to any security intrusion that has taken place on a host system or network.
Is a technique used to intercept unsecured connections in order to steal personal information.
What is Eavesdropping
What can be termed rogue if it has been installed within a WLAN without the authorization of the network administrator.
What is a Rouge access point?
These indicators are based on files or file attributes that suggest malicious activity
What is File-Based IoCs?
This is gathered by capturing and storing all the packets flowing through a network without any filtration. It offers a significant amount of granularity and flexibility during network-based data analysis.
What is Full content data?
When an intruder obtains access to sensitive information, they might alter or delete the data as well. This is commonly referred to as?
What is Data Modification
This attack occurs due to the misconfiguration of a wireless access point. This is one of the easiest vulnerabilities that an attacker can exploit.
What is a Misconfigured Access Point Attack?
These indicators relate to suspicious network traffic or communication patterns
What is Network-Based IoCs?
This provides the summary of a conversation between two network devices. Although it is not as detailed as full content data, it includes an aggregation of metadata of network traffic such as the destination IP and destination port, source IP and source port, start time of the session, and information exchanged during the session.
What is Session Data?
In this attack, the attacker floods the target with large amounts of invalid traffic, thereby exhausting the resources available on the target.
What is Dos attack?
The attacker can reconfigure the MAC address so that it appears to be an authorized access point to a host on a trusted network
What is Access Point MAC Spoofing?
These indicators focus on deviations from normal system behavior, which may suggest compromise.
This is triggered by tools like Snort IDS and Suricata that inspect the network traffic flow and report potential security events as alerts.
What is Alert Data?
This is the process of gathering information about a network, which may subsequently be used to attack the network.
What is Enumeration?
The attacker conducts the attack using a USB adapter or wireless card. In this method, the host connects with an unsecured station to attack a particular station or evade access point security.
What is Ad-Hoc Connection Attack?
These indicators are found in the system's volatile memory and can signal active attacks or malware.
What is Memory-based IoCs?
This type of data provides an overall profile or summary of the network traffic, which can be of significant investigative value.
What is Statistical Data?