General Network Threats
Pretending to be someone or something you are not - usually done to make threats
What is Spoofing?
This is a type of virus that exploits application macros to replicate and activate.
What is a Macro?
A typical system running any OS runs a large number of important programs in the background called services. Many of these services, however, operate on the network but are unneeded. As such, this kind of vulnerability (that we are looking for) is secured by disabling unneeded network services.
This is a type of network security where control is placed a user account and to track what these accounts can do. Such a control over what legitimate accounts can do is called the "principle of least privilege" approach, which is the most common security approach used in networks.
What is Controlling User Accounts?
These are devices or software that protect an internal network from unauthorized access by acting as a filter. Its most basic job is to look at each packet and decide based on a set of rules whether to block or allow traffic (i.e., inbound and outbound traffic).
What are firewalls?
This kind of attack targets the ARP caches on hosts and switches. A problem with ARP is that is has no security. An attacker can get inside the network, using proper tools, to send false ARP frames with evil data into every node's ARP cache in the network.
What is ARP Cache Poisoning?
This is a program that has two jobs: to replicate and to activate. It attaches itself to a host file, and usually activates to do damage like erasing the boot sector of a drive. This program can only replication on other applications on the drive or to other drives, but cannot replicate across a network.
What is a virus?
This vulnerability was identified because of the open nature of the Internet. This vulnerability is common when people often use channels that are not secured, such as when a tech uses Telnet to do remote logins into a very critical router for an ISP.
(Recall: The Telnet application is not a secured tool!)
What are Unencrypted Channels?
This is a network security approach that uses this kind of device, which is a piece of hardware that has been optimized to perform a task entry-point devices in the network. This device is usually installed closer to a client (than to a backbone) in the network.
What is Edge?
This is a type of firewall often implemented in some sort of hardware appliance or is built into the router that is installed between the LAN and the Internet.
What is a Network-Based Firewall?
These are attacks using vulnerabilities of a network that have not yet been identified (and fixed).
What are Zero-Day Attacks?
What is a worm?
What are Cleartext Credentials?
Cisco, as well as many other product vendors, uses this network security tool to implement Network Access Control (NAC).
(NAC is a standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network).
What is Posture Assessment?
What is a Host-based Firewall?
In this kind of attack, an attacker taps into communications between two systems. By using a special software on a wireless network, it covertly intercepts traffic thought to be only between those systems, reading or in some cases even changing the date and then sending the data on.
What is a (classic) Man-in-the-Middle attack?
This is a code written to execute when certain conditions are met. This code could be added to a company database, usually with malicious intent, such as deleting files (e.g. if the DB administrator loses her job).
What is a Logic Bomb?
This is a security vulnerability that hackers can take advantage of by "reading" data carried by radio waves/signals that penetrate walls, or to a certain extent, leak accidentally.
What is RF Emanation?
RF stands for "Radio Frequency".
The following are examples of this network hardening approach: changing default credentials, avoiding use of common passwords, keeping network devices up to date, disabling unnecessary services, using secure protocols, disabling unused ports, etc.
What is Device Hardening?
This is an advanced firewall that functions at multiple layers of the OSI model to tackle traffic that no traditional firewall can filter alone.
What are Next-Generation Firewalls?
This is somewhat similar to man-in-the middle attacks, which tries to intercept a valid computer session to get authentication information.
What is Session Hijacking?
For a virus or Trojan horse to succeed, it needs to come up with some method to hide itself. This program takes advantage of very low-level OS functions to hide itself from all but the most aggressive anti-malware tools. This program can strike OSs, hypervisors and even firmware.
What is a Rootkit?
This is a vulnerability when systems such as OS, firmwares and legacy systems have flaws or security holes. When flaws or security holes are discovered, one would need to patch them.
What are Unpatched/Legacy Systems?
These are programs used to protect your PCs by acting both as a sword and shield - that is, in an active-and-destroy mode and in a passive sentry mode.
What is an Anti-Malware (or Anti-Virus) Program?
What is Unified Threat Management?