13.13 Security Troubleshooting
Spam
may or may not be malicious in nature. However, it wastes time, network bandwidth, and storage space as many organizations are required by law in the United States to retain all email communications for a period of time.
MAC Spoofing
occurs when an attacking device spoofs the MAC address of a valid host currently in the MAC address table of the switch. The switch then forwards frames destined for that valid host to the attacking device.
Pharming
redirects one website's traffic to another, bogus, website that is designed to look like the real website. Once there, the attacker tricks the user into supplying personal information, such as bank account and PIN numbers.
Botnet
refers to a group of zombie computers that are commanded from a central control infrastructure.
Phishing
scam employs an email pretending to be from a trusted organization, asking to verify personal information or send a credit card number.
Replay Attack
the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.
Phishing Emails
the process used by attackers to acquire sensitive information such as passwords, credit card numbers, and usernames by masquerading as a trustworthy entity. Phishing emails are drafted such that they appear to have come from a legitimate organization, such as banking, social media, or e-commerce websites.
ARP Spoofing
uses spoofed ARP messages to associate a different MAC address with an IP address.
Implement Browser Security
Disable pop-ups on all web browsers. Pop-ups can covertly install malware or redirect users to malicious websites. Enable pop-ups only for legitimate sites that require them. Override automatic cookie handling. Configure your browser to prompt you before allowing cookies. Disable third-party browser extensions. Disable sounds in web pages.
Configure Automatic Updates
Enable automatic updates for all operating systems.
Implement Malware Prevention
Install anti-malware on all systems to search for malware, viruses, worms, trojans, and rootkits. Enable automatic definition updates on your anti-malware software. Configure frequent quick malware scans along with less frequent full system scans. Implement anti-spam measures. This can be done using anti-spam software on each individual workstation. However, it's usually advantageous to implement an anti-spam appliance that filters email messages for your entire organization.
Maintain Awareness
Stay current by subscribing to security alerts offered by many security software vendors.
Educate Users
Use strong passwords. This includes email account passwords as well as workstation account passwords. Distrust anything coming from the web: Don't click anything just because the site says you must do so. View email with suspicion. A reputable company in the modern world will not send an email asking users to respond with personal information. Any message that does is using phishing to gather personal information. Recognize social engineering attempts and respond appropriately.
HTTP (session) Hijacking
a real-time attack in which the attacker hijacks a legitimate user's cookies and uses the cookies to take over the HTTP session.
TCP/IP (session) Hijacking
an extension of a man-in-the-middle attack where the attacker steals an open and active communication session from a legitimate user.
Zero Day
attack (also known as a zero hour or day zero attack) is an attack that exploits computer application vulnerabilities before they are known and patched by the application's developer.
Man-in-the-Middle
attack is used to intercept information passing between two communication partners.
Hijacked Emails
attackers use password hints set up by the user to try to gain access to the user's email account. Users should not use personal information such as their birthplace or mother's maiden name. This information is relatively easy to obtain using social media.
IP Spoofing
changes the IP address information within a packet.
Zombie
computer that is infected with malware that allows remote software updates and control by a command and control center called a zombie master.
Browser History
contain information that an attacker can exploit. If an attacker can gain access to the cache or the browser history
Cookies
data files placed on a client system by a web server for retrieval at a later time. Cookies are primarily used to track the client. By default, cookies can be retrieved only by the server that set them. The cookies themselves are fairly benign; however, cookies can be exploited by an attacker to steal a client's session parameters.
Rogue Antivirus
exploits usually employ a pop-up in a browser that tells the user the computer is infected with a virus and that the user must click a link to clean it. Sometimes this exploit is used to trick users into paying for worthless software they don't need.