CHAPTER 5: ATTACKS

Get Started. It's Free
or sign up with your email address
Rocket clouds
CHAPTER 5: ATTACKS by Mind Map: CHAPTER 5: ATTACKS

1. Malware Attack

1.1. Trojans

1.1.1. Definition

1.1.1.1. Any malicious computer program which misleads users of its true intent.

1.1.2. How it works

1.1.2.1. Trojan comes attached to what looks like a legitimate program, however, it is actually a fake version of the app, loaded up with malware.

1.1.3. What it can do

1.1.3.1. Can steal information from your device, and generate revenue by sending premium SMS texts.

1.1.4. Impact

1.1.4.1. Steal sensitive data

1.1.4.2. Delete files

1.1.4.3. Modify documents

1.2. Backdoors

1.2.1. Definition

1.2.1.1. A method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device.

1.2.2. How it works

1.2.2.1. A malware module may act as a backdoor itself, or it can act as a first-line backdoor, which means that it acts as a staging platform for downloading other malware modules that are designed to perform the actual attack.

1.2.3. Prevention

1.2.3.1. Security professionals may need to use specialized tools to detect backdoors, or use a protocol monitoring tool to inspect network packets.

1.3. Virus

1.3.1. Definition

1.3.1.1. Malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.

1.3.2. How it works

1.3.2.1. Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code.

1.3.3. Impact

1.3.3.1. Steal sensitive data

1.3.3.2. Delete files

1.3.3.3. Modify documents

1.3.4. Countermeasures

1.3.4.1. Firewall

1.3.4.2. Anti-virus

1.3.4.3. Isolated

1.4. Worms

1.4.1. Definition

1.4.1.1. Worms are programs that replicate themselves from system to system without the use of a host file.

1.4.2. How it works

1.4.2.1. Worms use up computer processing time and network bandwidth when they replicate, and often carry payloads that do considerable damage.

1.4.3. Impact

1.4.3.1. It can send email using an address book stored on the computer and it can inconspicuously open TCP ports to create holes in your security.

1.4.4. Prevention

1.4.4.1. Use a personal firewall to block external access to network services.

1.4.4.2. Alert when clicking on links in social media and email messages.

2. Network Attacks and Their Countermeasures

2.1. a. DOS/DDOS

2.1.1. A DoS attack is an attempt by a hacker to flood a user’s or an organization’s system.

2.1.2. DoS attacks can be either sent by a single system to a single target (simple DoS) or sent by many systems to a single target (DDoS).

2.1.3. A DoS attack may do the following: i)Flood a network with traffic, thereby preventing legitimate network traffic. ii)Disrupt connections between two machines, thereby preventing access to a service.

2.1.4. There are several ways to detect, halt, or prevent DoS attacks. The following are common security features available:

2.1.4.1. 1. Network-ingress filtering

2.1.4.2. 2.Rate-limiting network traffic

2.1.4.3. 3. Host-auditing tools

2.1.4.4. 4. Network-auditing tools

2.1.4.5. 5. Automated network-tracing tools

2.2. b. BOTs/BOTNETs

2.2.1. A BOT is short for web robot and is an automated software program that behaves intelligently.

2.2.2. BOTs can also be used as remote attack tools.

2.2.3. For example, web crawlers (spiders) are web robots that gather web-page information.

2.2.4. Countermeasures:

2.2.4.1. 1) An open-source honeypot

2.2.4.2. 2) Make them pay.

2.2.4.3. 3) Encrypt the command and control center.

2.3. c. Smurf

2.3.1. Smurf is a network layer distributed denial of service (DDoS) attack, named after the DDoS. Smurf malware that enables it execution.

2.3.2. Countermeasures:

2.3.2.1. To shut off the broadcast addressing feature of the external router and firewall.

2.3.2.2. To note that IP directed broadcast should be disabled on all routers and interfaces that do not need it.

2.3.2.3. Can also be configured to ensure that packets directed to broadcast addresses are not forwarded.

2.3.3. A Smurf attack scenario can be broken down as follows:

2.3.3.1. 1) Smurf malware is used to generate a fake ping request containing a spoofed source IP,

2.3.3.2. 2) The request is sent to an intermediate IP broadcast network.

2.3.3.3. 3) The request is transmitted to all of the network hosts on the network.

2.3.3.4. 4) Each host sends an ICMP response to the spoofed source address.

2.3.3.5. 5) With enough ICMP responses forwarded, the target server is brought down.

2.4. d. SYN Flood

2.4.1. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

2.4.2. Countermeasures:

2.4.2.1. One of the best countermeasure is DO NOT allocate large memory for FIRST PACKET (SYN).

2.4.2.2. Allocate memory ONLY after you receive ACK Packet(4th Packet) from the sender One of the Good Solution is –make use of Proxy Server

2.5. e. Session hijacking

2.5.1. Session hijacking is when a hacker takes control of a user session after the user has successfully authenticated with a server.

2.5.2. Countermeasures:

2.5.2.1. Use encrypted session negotiation.

2.5.2.2. Use encrypted communication channels.

2.5.2.3. Stay informed of platform patches to fix TCP/IP vulnerabilities, such as predictable packet sequences.

3. Web Attack

3.1. Web Server Vulnerabilities

3.1.1. Web servers, like other systems, can be compromised by a hacker. The following vulnerabilities are most commonly exploited in web servers:

3.1.1.1. Misconfiguration of the web server software

3.1.1.2. Operating system or application bugs, or flaws in programming code

3.1.1.3. Lack of or not following proper security policies and procedures

3.2. Web Application Vulnerabilities

3.2.1. a. Sql injection

3.2.1.1. Inserting SQL commands into the URL gets the database server to dump, alter, delete, or create information in the database.

3.2.1.2. Countermeasures:

3.2.1.2.1. Validate user variables.

3.2.2. b. Command injection

3.2.2.1. The hacker inserts programming commands into a web form.

3.2.2.2. Countermeasures:

3.2.2.2.1. Use language-specific libraries for the programming language.

3.2.3. c. Cookie poisoning and snooping

3.2.3.1. The hacker corrupts or steals cookies.

3.2.3.2. Countermeasures:

3.2.3.2.1. Don’t store passwords in a cookie. Implement cookie timeouts, and authenticate cookies.

3.2.4. d. Buffer overflow

3.2.4.1. Huge amounts of data are sent to a web application through a web form to execute commands.

3.2.4.2. Countermeasures:

3.2.4.2.1. Validate user input length, and perform bounds checking.

3.2.5. e. Authentication hijacking

3.2.5.1. The hacker steals a session once a user has authenticated.

3.2.5.2. Countermeasures:

3.2.5.2.1. Use SSL to encrypt traffic.

3.2.6. f. Directory traversal/Unicode

3.2.6.1. The hacker browses through the folders on a system via a web browser or Windows explorer.

3.2.6.2. Countermeasures:

3.2.6.2.1. Define access rights to private folders on the web server. Apply patches and hotfixes.

4. Wireless Hacking Techniques

4.1. a. cracking encryption and authentication mechanisms

4.2. b. eavesdropping or sniffing

4.3. c. denial of service

4.4. d. AP masquerading or spoofing

4.5. e. MAC Spoofing

5. Cracking Encryption And Authentication Mechanisms

5.1. These mechanisms include cracking WEP, WPA presharedkey authentication passphrase, and Cisco’s Lightweight EAP authentication (LEAP).

5.2. Hackers can use them to connect to the WLAN using stolen credentials or can capture other users’ data and decrypt/encrypt it.

6. Eavesdropping Or Sniffing

6.1. This involves capturing passwords or other confidential information from an unencrypted WLAN or hotspot.

7. Denial Of Service

7.1. DoS can be performed at the physical layer by creating a louder RF signature than the AP with an RF transmitter, causing an approved AP to fail so users connect to a rogue AP.

7.2. DoS by generating deauthentication frames (deauth attacks) or by continuously generating false frames (Queensland attack).

8. AP Masquerading Or Spoofing

8.1. Rogue APs pretend to be legitimate APs by using the same configuration SSID settings or network name.

9. Physical Countermeasures

9.1. a. Lock server room

9.2. b. Set up and monitor video surveillance

9.3. c. Secure workstation keep intruders from opening the computer

9.4. d. Protect portable device