CompTIA® Network+ Exam Notes : Network Security Threats

4. Network Security

4.4 Common networking attacks

Network attacks:

Dos(Denial-of-service): DoS attacks, are explicit attempts to block legitimate users system access by reducing system availability. DoS attacks exploit this to target mission-critical services. Any physical or host-based intrusions are generally addressed through hardened security policies and authentication mechanisms. Although software patching defends against some attacks, it fails to safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet packets. The Internet architecture provides an unregulated network path to attack innocent hosts.


Smurf attack is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system

Social engineering: Social engineering is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a favor. For example, the attacker may hold packages with both the hands and request a person with appropriate permission to enter a building to open the door. Social Engineering is considered to be the most successful tool that hackers use.

Defense against social engineering may be built by:

  • Including instructions in your security policy for handling it, and
  • Training the employees what social engineering is and how to deal with it.

Examples of social engineering:

1. Phishing: Phishing is the act of sending an e-mail to a user claiming to be a reputed organization (such as a bank) in an attempt to scam the user into providing information over the Internet. The e-mail directs the user to a Web site where they are prompted to provide private information, such as credit card, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

Phishing is the practice of enticing unsuspecting Internet users to a fake Web site by using authentic-looking email with the legitimate organization's name, in an attempt to steal passwords, financial or personal information, or introduce a virus attack.

2. Piggybacking: It is another type of social engineering. Here the intruder poses as a new recruit, or a guest to your boss. The intruder typically uses his social engineering skills to enter a protected premises on someone else's identity, just piggybacking on the victim

Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another. Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. A virus is a program that propagates itself by infecting other programs residing on the computer system. Viruses are capable of inflicting serious damage to your system, such as erasing your files or your whole disk, or they may just do lighter things like a pop-up a window with a message.

Worm:Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect. A worm can spread itself (without the help of any other program) over the network from one computer to another. Worms replicate without any user intervention, whereas viruses are known to spread through a user. The replication is based on a security flaw in the Operation System or any other applications running on a system.

Trojan Horse: The Trojan Horse, at first glance appears to be a useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening it because it appears to be receiving legitimate software or file from a legitimate source. A general term, referring to programs that appear innocent, but actually harmful. For example a download that says "birthday greetings" etc. But when you download and run it, it may do serious damage to your computer system such as damaging important files or even making the computer unusable. The trojan's contents could also be a virus or worm, which then spread the damage.

Logic bomb: A logic bomb is signified by uniqueness of occurrence. It can be a virus or Trojan horse, but activated on the occurrence of an event in the future.


Viruses, worms, and Trojan horses are all harmful pieces of software. The way they differ is how they infect the computers, and spread.

Zero day attack:A zero day attack, also known as a zero hour attack, takes advantage of computer vulnerabilities that do not currently have a solution. Typically, a software company will discover a bug or problem with a piece of software after it has been released and will offer a patch - another piece of software meant to fix the original issue. A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known.

For detecting spam-ware and virus, one need to install anti spam-ware, and anti virus programs. Installing the latest updates to Operating Systems will protect your system from exploits (like gaining back-door entry), but not necessarily from downloaded virus or spam-ware.

Anti-virus package is required for scanning any virus. A virus is a malicious content that regenerates itself without the knowledge of the user. Some times a virus can be destructive.

Rogue accesspoint: A Rogue Access Point is a Wi-Fi Access Point which is setup by an attacker for the purpose of sniffing wireless network traffic. 802.11 (Wi-Fi) utilizes SSIDs (Service Set IDentifiers) to authenticate NICs to wireless access points. There is no similar protocol for authenticating wireless access points. It is possible to place a rogue wireless access point into an 802.11 network. This rogue wireless access point can then be used to hijack the connections of legitimate network users./p>

War driving: Driving around the town looking for an insecure wireless hot spot is known as War driving. The practice of marking the buildings with unsecured wireless networks is called war-chalking. The practice of sniffing wireless networks is known as war-driving. Tempest was the name of a classified (secret) U.S. government project to study the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. TEMPEST certification ensures that the building is shielded adequately and the EM radiations are within limits to prevent intruders from accessing the information from outside the building.

Evil twin: An evil-twin is a wireless version of the phishing. The term phishing is a variant of fishing, because attackers are "fishing" for victims. An evil-twin in wireless tries to trick users to connect to fake Wi-Fi by posing like a legitimate wireless network. Users connect to Wi-Fi access points (AP) referencing the network SSID. In this case, a hacker can deploy an AP near the cyber cafe Wi-Fi. Users' wireless client will automatically connect to the preset wireless network on the wireless client. The wireless device itself will connect to the wireless AP that has the strongest signal. If the attacker's AP possess the strongest signal, user devices will then connect to the evil twin. In some cases, the evil-twin AP does not have to provide Internet access, instead, it can act like one's mobile Internet provider and ask for credit card information and/or login and password.

Previous   Contents   Next

Network+ Cram Notes Contents
certexams ad

simulationexams ad