Security+ (SY0-601) Cram Notes

Previous   Contents   Next

3. Threats and Vulnerabilities

3.3 Analyze and differentiate among types of social engineering attacks

Social engineering: It is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a favor. For example, the attacker may hold packages with both the hands and request a person with appropriate permission to enter a building to open the door. Social Engineering is considered to be the most successful tool that hackers use. Social engineering can be used to collect any information an attacker might be interested in, such as the layout of your network, names and/or IP addresses of important servers, installed operating systems and software. The information is usually collected through phone calls or as new recruit or guest to your boss.

Shoulder surfing is when a person uses direct observation to find out a target’s password, PIN, or other such authentication information. The simple resolution for this is for the user to shield the screen, keypad, or other authentication requesting devices.

Dumpster diving is when a person literally scavenges for private information in garbage and recycling containers. Any sensitive documents should be stored in a safe place as long as possible. When they are no longer necessary, they should be shredded.

Piggybacking is where the intruder poses as a new recruit, or a guest to your boss. The intruder typically uses his social engineering skills to enter a protected premises on someone else’s identity, just piggybacking on the victim.

Tailgating is essentially the same as Piggybacking with one difference: it is usually without the authorized person’s consent.

Impersonation is when an unauthorized person impersonate as a legitimate, authorized person.

A hoax is the attempt at deceiving people into believing something that is false. hoaxes can come in person, or through other means of communication

Staff training is the most effective tool for preventing attacks by social engineering. Defense against social engineering may be built by:

  • Including instructions in your security policy for handling it, and

  • Training the employees what social engineering is and how to deal with it.

3.4 Analyze and differentiate among types of wireless attacks

Packet sniffing is a form of wire-tap applied to computer networks instead of phone networks. It came into vogue with Ethernet, which is known as a "shared medium" network. This means that traffic on a segment passes by all hosts attached to that segment. Ethernet cards have a filter that prevents the host machine from seeing traffic addressed to other stations. Sniffing programs turn off the filter, and thus see everyone traffic.

Bluesnarfing allows hackers to gain access to data stored on a Bluetooth enabled phone using Bluetooth wireless technology without alerting the phone's user of the connection made to the device. The information that can be accessed in this manner includes the phonebook and associated images, calendar, and IMEI (International Mobile Equipment Identity). By setting the device in non-discoverable, it becomes significantly more difficult to find and attack the device.

Evil twin is another access point or base station that uses the same SSID as an existing access point. It attempts to fool users into connecting to the wrong AP, compromising their wireless session.

Wardriving is the act of using a vehicle and laptop to find open unsecured wireless networks

Rogue access points can be described as unauthorized wireless access points/routers that allow access to secure networks

Interference happens when devices share channels, are too close to each other, or multiple technologies share the same frequency spectrum

3.5 Analyze and differentiate among types of application attacks

Cross-site scripting (XSS) is an attack on website applications that injects client-side script into web pages.

SQL injection is when code (SQL-based) is inserted into forms or databases. Input validation is the best way to prevent SQL injection attacks on web servers and database servers

LDAP injection is similar to SQL injection, again using a web form input box to gain access, or by exploiting weak LDAP lookup configurations. The Lightweight Directory Access Protocol is a protocol used to maintain a directory of information such as user accounts, or other types of objects. The best way to protect against this (and all code injection techniques for that matter) is to incorporate strong input validation.

Buffer overflow occurs when the input is more than that allocated for that purpose. The system doesn’t know what to do with the additional input, and it may result in freezing of the system, or sometimes to take control of the system by a hacker. By validating the inputs, it is possible to reduce this vulnerability to a great extent.

Zero day attack is an attack executed on a vulnerability in software, before that vulnerability is known to the creator of the software. It’s not a specific attack, but rather a group of attacks including viruses, Trojans, buffer overflow attacks, and so on. These attacks can cause damage even after the creator knows of the vulnerability, because it may take time to release a patch to prevent the attacks and fix damage caused by them.

Previous   Contents   Next

Copyright © Anand Software and Training Private Limited.