Networking CLI
You want to view your computer’s IP address, subnet mask, and default gateway on a Windows machine.
This type of attack tries to make a service unavailable by overwhelming it with traffic or requests
DOS or DDOS
Pretending to be a trusted device, user, website, or address to trick someone or a system is called this.
Spoofing
A VPN primarily helps by doing this to your traffic between your device and the VPN server.
Encrypting the traffic (creating a secure tunnel)
Authorized security testing performed to find vulnerabilities before real attackers do is called this.
Penetration testing
You want to test whether your computer can reach another device on the network by sending small packets and checking for replies.
ping
This is the key difference between DoS and DDoS: a DDoS attack comes from ______.
Multiple devices
Capturing and inspecting network traffic packets is called this.
Sniffing
“A VPN makes me invisible and unhackable.” Is that accurate? Explain why.
False.
A VPN improves privacy but does not make you invisible. The VPN provider can still "see" you and could potentially sell your information.
Code, a technique, or a method that takes advantage of a vulnerability is called this.
Exploit
You suspect a system is making strange network connections. You want to see active connections and listening ports from the command line.
netstat
What are computers involved in a DDOS attack called.
Zombies / Botnet
A fake email appears to come from a teacher or bank to trick someone into clicking a link. This is an example of ______.
Spoofing (phishing)
A hidden way for an attacker to regain access later, even after initial compromise, is called this.
Backdoor
Open a secure encrypted connection with another computer. Allows you to work remotely on another computer
ssh
This is a common goal of a DoS/DDoS attack, even if no files are stolen.
Disrupting availability
A user on public Wi-Fi logs into a site over HTTP instead of HTTPS. Which attack topic from this category becomes a much bigger risk, and why?
Sniffing, unencrypted traffic can be captured/read
Name 2 ways to improve security while on public wifi.
•Turn on your firewall.
•Make sure Anti-Virus is up to date and running.
•Confirm the name of the network
•Do NOT use a credit card or do any online shopping.
•Use VPN software
On a Windows PC, this built-in tool can help you spot suspicious processes using high CPU, RAM, or disk unexpectedly.
Task Manager / Process Explorer
Open a port to listen for incoming connections or connect to another listening device
netcat
Give one realistic mitigation/defense for DoS/DDoS attacks used by organizations.
Rate limiting, traffic filtering, load balancing, or DDoS protection service
What is ARP poisoning?
Putting a false MAC address entry in the target’s ARP cache with the result that packets will be directed to the attack computer instead of the intended receiver.
What is an evil twin attack?
The attacker’s access point is set up to look like a better connection option. Once you connect to the evil access point, the attacker can analyze your network traffic and execute MitM attacks.
A process has a strange name, high CPU usage, and launches at startup, but the user doesn’t recognize it. What is the best next step?
Investigate. Check which user is running it. Check the process in Process Explorer. Check the threat level. Terminate the process. Delete necessary files.