Chapter 16: Network Security
To secure end points from bad actors a company must do what?
A company must have well-documented policies in place and employees must be aware of these rules. Employees need to be trained on proper user of the network Police often include the use of antivirus software and host intrusion prevention.
What doe firewalls do?
A firewall protects computers and networks by preventing undesirable traffic from entering internal networks.
In a port redirection attack, a threat actor uses what to attach other targets?
A threat actor uses a compromised system as a base for attacks against other targets. The example in the figure shows a threat actor using SSH (port 22) to connect to a compromised host A. Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.
In a trust exploitation attack, a threat actor uses what to gain access to a system?
A threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target. Example: System A trusts System B. System B trusts everyone. The threat actor wants to gain access to System A. Therefore, the threat actor compromises System B first and then can use System B to attack System A.
This server contains a secure database of who is authorized to access and manage network devices. Network devices authenticate administrative users using this database.
AAA Server
Which device is used by other network devices to authenticate and authorize management access? AAA server firewall ESA/WSA IPS
AAA server
The unauthorized manipulations of data system access or user privileges
Access attacks
What is an endpoint?
An endpoint, or host, is an individual computer system or device that acts as a network client.
Prevents or allows access by specific application types based on port numbers
Application Fitlering
AAA is a way to control who is permitted to access a network (____), what actions they perform while accessing the network (____), and making a record of what was done while they are there (__).
Authenticate Authorize Accounting Note: The concept of AAA is similar to the use of a credit card. The credit card identifies who can use it, how much that user can spend, and keeps account of what items the user spent money on, as shown in the figure.
What does AAA stand for?
Authentication Authorization Accounting
What is one of the most effective ways of protecting against data loss?
Backing up device configurations and data
Why is securing endpoints one of the most challenging jobs for network administrator?
Because it involves human nature
Threat actors can implement password attacks using several different methods:
Brute force Trojan Horse attacks Packet Sniffers
For Cisco routers, what feature can be enabled to assist securing the system?
Cisco Autor Secure feature
What does CnC stand for?
Command and Control program
What does Cisco Auto Secure do?
Configuration enhances the security of the router but will not make router absolutely secure form all security attacks.
This zone is used to house servers that should be accessible to outside users. Inside Outside DMZ internet
DMZ
In addition, there are some simple steps that should be taken that apply to most operating systems:
Default usernames and passwords should be changed immediately Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled when possible.
What does DMZ stand for?
Demilitarize Zone
What does DoS stand for?
Denial of Service
The disabling or corruption of networks, systems, or services
Denial of service
Cisco routers and switches start with a list of active services that may or may not be required in your network. Why should you disable the unused services?
Disable any unused services to preserve system resources, such as CPU cycles and RAM, and prevent threat actors form exploiting theses services.
The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when a natural disaster occurs or threat actor attacks the enterprise.
Disaster recovery plan is nonexistent
Which type of network threat is intended to prevent authorized users from accessing resources? trust exploitation access attacks DoS attacks reconnaissance attacks
DoS attacks
What does ESA stand for?
Email Security Appliance
Strong passwords are only useful if they are secret. There are several steps that can be taken to help ensure that passwords remain secret on a Cisco router and switch including these:
Encrypting all plaintext passwords Setting a minimum acceptable password length Deterring brute-force password guessing attacks Disabling an inactive privileged EXEC mode access after a specified amount of time.
Which benefit does SSH offer over Telnet for remotely managing a router? TCP usage encryption connections via multiple VTY lines authorization
Encryption
Which device controls traffics between two or more networks to help prevent unauthorized access? AAA server firewall ESA/WSA IPS
Firewall
A firewall could allow outside users controlled access to spacedive services. When would this be the case?
For example, servers accessible to outside users are usually located on a special network referred to as the demilitarized zone (DMZ), as shown in the figure. The DMZ enables a network administrator to apply specific policies for hosts connected to that network.
Perform backups on a regular basis as identified in the security policy Full backups can be time-consuming, therefore perform monthly or weekly backups with frequent partial backups of changed files
Frequency
What are the Four backup considerations?
Frequency Storage Security Validation
The type of services that are on by default will vary depending on the IOS version. For example, IOS-XE typically will have only which ports open by defautl?
HTTPS or port 443 DHCP or port 67 client
_______ is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes such as when someone is stealing proprietary information of an organization, like research and development data.
Information Theft
After the threat actor gains access to the network, four types of threats may arise:
Information Theft Data Loss and Manipulation Identify Theft Disruption of Service
What kind of threat is described when a threat actor steals scientific research data? data loss or manipulation disruption of service identity theft information theft
Information theft
The threat actor is looking for initial information about a target. Various tools can be used, including Google search, the websites of organizations, whois, and more.
Internet Queries
What does IPS stand for?
Intrusion Detection System
What is one solution to the management of critical security patches?
Is to make sure all end systems automatically downloads updates. On Windows 10 Security patches are automatically downloaded and installed without user intervention.
On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. Therefore, one method to create a strong password is to do what?
Is to use the space bar and create a phrase made of many words.
What is Malware?
It is code or software specifically designed to damage, disrupt, steal , or inflict bad or illegitimate action on data, hosts, or networks.
Often, devices shipped from the manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. How would you fix this issue?
It is important to update any software and install any security patches prior to implementation.
Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the netowrk.
Lack of authentication continutiy
A security policy cannot be consistently applied or enforced if it is not written down.
Lack of written security policy
This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.
Maintenance Threats
Malware is short for what?
Malicious software
Misconfiguration of equipment itself can cause significant security problems. For example, misconfigured access lists, routing protocols, or SNMP community strings can create or enable holes in security.
Misconfigured network equipment
More comprehensive endpoint security solutions rely on what?
Network access control
Typically, which devices on a network are under attack by threat actors?
Network devices and endpoints, such as servers and desktop computers.
How do network firewalls work?
Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access.
What is a standard software image?
Operating system and accredited applications that are authorized for use on client systems that is deployed on new or upgraded systems.
Prevents or allows access based on IP or MAC addresses
Packet Filtering
Firewall products come packaged in various forms. These products use different techniques for determining what will be permitted or denied access to a network. They include the following:
Packet Filtering Application Filtering URL Filtering Stateful Packet Inspection (SPI)
Access attacks can be classifies into four types:
Passwords attacks Trust Exploitation Port Redirection Man-in-the-Middle
The threat actor initiates a _______ sweep to determine which IP addresses are active.
Ping sweeps
Political battles and turf wars ca make it difficult to implement a consistent security policy
Policitcs
a threat actor performing a ____ scan on the discovered active IP addresses.
Port Scans
A good plan for physical security must be created and implemented to address these issues. The figure shows an example of physical security plan.
Secure computer room Implement physical security to limit damage to the equipment Step 1: Lock up equipment and prevent unauthorized access from the doors, ceiling, raised floor, windows, ducts, and vents Step 2: Monitor and control closet entry with electronic logs Step 3: Use security cameras
Backups should be transported to an approved offsite location on d daily, weekly, or monthly rotation, as required by the security policy
Security
Unauthorized changes to the network topology or installation of unapproved application create or enable holes in security.
Software and hardware installation and changes do no follow policy.
Incoming packets must be legitimate responses to request from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS)
Stateful Packet Inspection (SPI)
It is possible to configure a Cisco device to support SSH using the following six steps:
Step 1: Configure a unique device name Step 2: Configure the IP domain name Step 3: Generate a key to encrypt SSH traffic Step 4: Verify or create a local database entry Step 5: Authenticate against the local database Step 6: Enable vty inbound SSH sessions
Give an example of man-in the middle attack.
Step 1: When a victim requests a web page, the request is directed to the threat actor's computer Step 2: The threat actor's computer receives the request and retrieves the real page form the legitimate website Step 3: The threat actor can alter the legitimate web page and make changes to the data. Step 4: The threat actor forwards the requested page to the victim
A device must have a unique hostname other than the default
Step 1: configure a unique device name
Configure the IP domain name of the network by using the global command ip domain name name
Step 2: Configure the IP domain name
SSH encrypts traffic between source and destination. However, to do so, a unique authentication key must be generated by using the global configuration command crypto key generate rsa general-keys modulus bits. The modulus bits determines the size of the key and can be configured from 360 bits to 2045 bits. The larger the bit value, the more secure the key. However, larger bit values take longer to encrypt and decrypt information. The minimum recommended modulus is 1024 bits.
Step 3: Generate a key to encrypt SSH traffic
Create a local database username entry using the username global configuration command. In the example, the parameter secret is used so that the password will encrypted using MD5.
Step 4: Verify or create a local database entry
Use the login local line configuration command to authenticate the vty line against the local database
Step 5: Authenticate against the local database
By default , no input session is allowed on vty lines. You can specify multiple input protocols including Telnet and SSH using the transport input {ssh | telnet} command.
Step 6: Enable vty inbound SSH sessions
What is a data backup?
Stores a copy of the information on a computer to removable backup media that can be kept in a safe place.
Always validate backups to ensure the integrity of the data and validate the file restoration procedures.
Storge
This common problem is the result of poorly crated user passwords.
System accounts with easily guessed passwords
List three Technological Vulnerabilities:
TCP/IP Protocol Weakness Operating System Weakness Network Equipment Weakness
Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP) are inherently insecure. Simple Network Management Protocol (SNMP) and Simple Mail Transfer Protocol (SMTP) are related to the inherently insecure structure upon which TCP was designed.
TCP/IP Weakensses
What are three primary vulnerabilities or weakness in networking:
Technological, configuration, and security policy Note: All three of theses sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks.
What is vulnerability in Networking ?
The degree of weakness in a network or device Note: Some degree of vulnerability is inherent is routers, switches, desktops, servers, and even security device.
Authentication, authentication, and accounting, (AAA, or triple A) network security services provide what?
The primary framework to set up access control on network services.
In a man-in-the-middle attack, the threat actor does what in order to read or modify the data that passes between two parties?
The threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties.
What is a passphrase?
Therefore, one method to create a strong password is to use the space bar and create a phrase made of many words.
What do ping sweep tools do?
They systematically ping all network addresses in a given range or subnet.
The most effective way to mitigate a worm attacks is to do what?
To download security updates form the operating system vendor and patch all vulnerable system.
True or False: A firewall is on of the most effective security tools available for protecting users form external threats.
True
Prevents or allows access to websites based on specific URLs or keyowrds.
URL filtering
To protect network devices, it is important to use strong passwords. Here are standard guidelines to follow:
Use a password length of at least eight characters, preferably 10 or more characters. A longer passwords is more secure password Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed. Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty. Change passwords offer. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited. Do no write passwords down and leave them in obvious places such as on a desk or monitor.
Backups should be protected using strong passwords. The passwords is required to restore the data.
Validation
What does WSA stand for?
Web Security Appliance
What does the term vulnerability mean? Known target or victim machine a method of attack to exploit a target a potential threat that a hacker creates a computer that contains sensitive info a weakness that makes a target susceptible to an attack
a weakness that makes a target susceptible to an attack
What three configurations steps must be performed to implement SSH access to a router? (Choose three) an IP domain name an enable mode password a unique hostname a password on the console line an encrypted password a user account
an IP domain name a unique hostname a user account
Which is appropriate for providing endpoint security? a AAA server antivirus software a server base firewall an ESA/WSA
antivirus software
Which three services are provided by the AAA framework? (Choose three) automation autoblanking authorization authentication accounting autoconfiguration
authorization authentication accounting
What is the Privileged Exec mode command that enables Cisco Auto Secure?
auto secure
Give and example of strong passwords.
b67n42d39c- Combines alphanumeric characters 12^h u4@1p7- Combines alphanumeric characters, symbols, and includes a space
What is a the objective of a network reconnaissance attack? denying access to resources by legitimate users disabling network systems or services discovery and mapping of systems unauthorized manipulation of data
discovery and mapping of systems
Some routers and switches in a wiring closet malfunctioned after an air conditioning unit failed. What type of threat does this situation describe? environmental electrical configuration maintenance
environmental
By default, Cisco routers will logout an EXEC session after 10 minutes of inactivity. However, you can reduce this setting using what line configuration command?
exec-timeout minutes seconds Example: exec-timeout 5 30 In the figure, we are telling the Cisco device to automatically disconnect an inactive user on a vty line after the user has been idle for 5 minutes and 30 seconds.
Which component is designed to protect against unauthorized communications to and from a computer? security center antimalwalre port scanner firewall antivirus
firewall
For security reasons a network admin needs to ensure that local computers cannot ping each other. Which settings can accomplish this task? file system settings MAC address settings firewall settings smartcard settings
firewall settings
What is one of the most effective security tools available for protecting users from external threats? password encryption techniques router that run AAA services firewalls patch servers
firewalls
What kind of threat is described when a threat actor is stealing the user database of a company? data loss or manipulation disruption of service identity theft information theft
information theft
Threat actors may use password cracking software to conduct a brue-force attack on a network device. This attack continuously attempts to guess the valid passwords until one works. What Cisco global configuration command should be used to prevent this?
login block-for #attempts #within # example: login block-for 120 attempts 3 within 60 Command will block vty login attempts for 120 seconds if there are three failed login attempts within 60 seconds.
Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?
login block-for 30 attempts 2 within 10
What Cisco global configuration command would you use to close insecure HTTP server?
no ip http server
The exec-timeout line command can be applied to:
online console auxiliary vty line
What type of attack may involve the use of tools such as nslookup and fping? reconnaissance attack access attack denial of service attack worm attack
reconnaissance attack
A network admin establishes a connection to switch via SSH. What characteristic uniquely describes the SSH connection? remote access to the switch through the use of telephone dialup connection remote access to a switch where data is encrypted during the session out-of-band access to a switch through the use of a directly connected PC and console cable direct access to the switch through the use of terminal emulation program
remote access to a switch where data is encrypted during the session
Give wake examples of passwords and why they are weak.
secret -Simple dictionary password smith- Maiden name of mother toyota- make of a car bob1976- Name and birthday Blueleaf23-Simple words and numbers
To ensure that all configured passwords are a minimum of a specified length, use what Cisco global configuration command?
security passwords min-length length
IOS versions prior to IOS-XE use what show command to view all open ports on a Cisco router?
show control-plane host open-ports
What show command is used to show all open ports on IOS-XE and newer?
show ip ports all
What is the purpose of the network security accounting function? to provide challenge and response questions to require users to prove who they are to determine which resources a user can access to keep track of the actions of a user
to keep track of the actions of a user
Which backup policy consideration is concerned with using strong passwords to protect the backups and for restoring data? frequency storage security validation
validation
Which malicious code attack is self-contained and tries to exploit a specific vulnerability in a system being attacked? worm social engineering Trojan Horse virus
worm
After the IP address space is determined, a threat actor can do what with this information?
A threat actor can then ping the publicly available IP addresses to identify the addresses that are active.
This dedicated provides stateful firewall services. It ensures that internal traffic can go out and come back, but eternal traffic cannot initiate connections to inside hosts.
ASA Firewall
George needed to share a video with a co-worker. Because of the large size of the video file, he decided to run a simple FTP server on his workstation to serve the video file to his co-worker. To make things easier, George created an account with the simple password of "file" and provided it to his co-worker on Friday. Without the proper security measures or a strong password, the IT staff was not surprised to learn on Monday that George's workstation had been compromised and was trying to upload work related documents to the internet. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Access Attack
What do access attacks exploit?
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
Similar to a DoS is similar to a DoS attack, but it originates from multiple, coordinated sources.
DDoS Attack
_______ is breaking into a computer to destroy or alter data records. An example of data loss is threat actor sending a virus that reformats a computer hard drive. An example of data manipulation is breaking into a records system to change information, such as the price of an item.
Data loss and Manipulation
Which attacks are the most publicized form of attack and among the most difficult to eliminate in IT/Networking?
Denial of Service (DoS) Note: However, because of their ease of implementation and potentially significant damage, DoS attacks deserve special attention from security administrators.
Angela, an IT staff member at ACME Inc., notices that communication with the company's web server is very slow. After investigating, she determines that the cause of the slow response is a computer on the internet sending a very large number of malformed web requests to ACME'S web server. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Denial of Service (DoS) attack
A computer is used as a print server for ACME Inc. The IT staff failed to apply security updates to this computer for over 60 days. Now the print server is operating slowly, and sending a high number of malicious packets to its NIC. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Denial of Service attack (DoS)
_______ is preventing legitimate users form accessing services to which they are entitled. Examples include denial of service (DOS) attacks on servers, network devices, or network communications link
Disruption of Service
____ attacks are a major risk because they interrupt communication and cause significant loss of time and money. These attack's are relatively simple to conduct, even by an unskilled actor.
DoS Attack
The email security appliance (ESA) filters spam and suspicious emails. The web security appliance (WSA) filters known and suspicious internet malware sites.
ESA/WSA
This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
Electrical Threats
To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. To do this most organizations do what?
Employ a defense-in-depth approach (also known as layered approach) to security. This requires a combination of networking devices and services working in tandem.
This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)
Environmental Threats
Infrastructure devices should have backups of configuration files and Internetwork Operating System images on what?
FTP or similar file server for backup purposes
An access attack allows individuals to do what?
Gain unauthorized access to information that they have no right to veiw.
This includes physical damage to servers, routers, switches, cabling plant, and workstations
Hardware Threats
The four classes of physical threats are as follows:
Hardware threats Environmental Threats Electrical Threats Maintenance Threats
An intrusion prevention system (IPS) monitors incoming and outgoing traffic looking for malware, network attack signatures, and more. if it recognizes a threat, it can immediately stop it.
IPS
_________ is a form of information theft where personal information is stolen for the purpose of taking over the identity of someone. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. Identity theft is a growing problem costing billions per year.
Identity Theft
List six Policy Vulnerablities:
Lack of written security policy Politics Lack of authentications continuity Logical access controls not applied Software and hardware installation and changes do not follow policy Disaster recovery plan is nonexistent
Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. this could result in legal action or termination against IT technicians, IT management, or even company leadership that allows theses unsafe conditions to persists.
Logical access controls not applied
Arianna found a flash drive lying on the pavement of a mall parking lot. She asked around but could not find the owner. She decided to keep it and plugged it into her laptop, only to find a photo folder. Feeling curious, Arianna opened a few photos before formatting the flash drive for her own use. Afterwards, Arianna noticed that her laptop camera was active. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Malware Attack
Jeremiah was browsing the internet from his personal computer when a random website offered a free program to clean his system. After the executable was downloaded and running, the operating system crashed. Crucial operating system related files had been corrupted and Jeremiah's computer required a full disk format and operating system re-installation. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Malware attack
After the IP address space is determined, a threat actor can then ping the publicly available IP addresses to identify the addresses that are active. To help automate this step threat actors use what type of tool?
May use a ping sweep tool such as: fping gping
Turning on JavaScript in web browsers enables attacks by way of JavaScript controlled by threat actors when accessing untrusted sites. Other potential source of weakness include misconfigured terminal services, FTP, or web servers (e.g. Microsoft Internet Information Services (IIS), and Apache HTTP Server.
Misconfigured internet Services
Various Types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognized and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.
Network Equipment Weakness
Each Operating system has security problems what must be addressed. Unix, Linux, Mac OS, MAC OS X, Windows Server 2012, Windows 7, Windows8 They are documented in the Computer Emergency Response Team (CERT)
Operating System Weakness
Sharon, an IT intern at ACME Inc., noticed some strange packets while revising the security logs generated by the firewall. A handful of IP addresses on the internet were sending malformed packets to several different IP addresses, at several different random port numbers inside ACME Inc. What type of attack is described in this scenario? access attack denial of service (DoS) attack malware attack reconnaissance attack
Reconnaissance Attack
The discovery and mapping of systems, services, or vulnerabilities
Reconnaissance attacks
Network attacks can be classified into three major categories:
Reconnaissance attacks Access attacks Denial Service
How does a threat actor instruct the botnet of zombies to carry outa a DDoS attack?
The threats actor uses a command and control program or CnC
Intruders who gain access by modifying software or exploiting software vulnerabilities are called what?
Threat Actors
To help prevent DoS attacks it is important to do what?
To stay up to date with the latest security updates for operating systems and applications.
A Trojan horse is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (with excessive pop-up windows or changing the desktop) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojan horses are also known to create back doors to give malicious users access to the system. Unlike viruses and worms, Trojan horses do not reproduce by infecting other files. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet.
Trojan Horse
True or False: If the computer or router hardware fails, the data or configuration can be restored using the backup copy.
True
True of False: An equally important vulnerable are of the interwork to consider is the physical security of devices.
True, If network resources can be physically compromised, a threat actor can deny the use of the network resources.
Many products have default settings that create or enable holes in security.
Unsecured default settings within products
User accounts information may be transmitted insecurely across the network, exposing usernames and passwords to threat actors
Unsecured user accounts
List Five Configuration Vulnerabilites
Unsecured user accounts System accounts with easily guessed passwords Misconfigured internet services Unsecured default settings within products Misconfigured network equipment
A router is used to provide secure VPN services with cooperate sites and remote access support for remote users using secure encrypted tunnels.
VPN
Several security devices and services are implemented to protect an organization's users and assets against TCP/IP threats. They are as follows:
VPN ASA Firewall IPS ESA/WSA AAA Server
What does VPN stand for?
Virtual Private Network
A computer virus is a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects, to damaging data or software and causing denial of service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after the virus infects it. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected email attachments.
Viruses
What are three types of Maleware?
Viruses Worms Trojan Horse
Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. A worm does not need to attach to a program to infect a host and enter a computer through a vulnerability in the system. Worms take advantage of system features to travel through the network unaided.
Worms
When using a DDoS attack a threat actor builds a network of infected hosts known as what?
Zombies
A network of zombies is called what?
botnet
What kind of threat is described when a thereat actors overloads a network to deny other users network access? data loss or manipulation disruption of service identity theft information theft
data loss or manipulation
What kind of threat is described when a threat actor alters data records? data loss or manipulation disruption of service identity theft information theft
data loss or manipulation
What kind of threat is described when a threat actor sends you a virus that can reformat you hard drive? data loss or manipulation disruption of services identity theft information theft
data loss or manipulation
What kind of threat is described when a threat actor prevents legal users form accessing a data service? data loss or manipulation disruption of service identity theft information theft
disruption of service
What kind of threat is described when a threat actor impersonates another person to obtain credit information about that person? data loss or manipulation disruption of service identity theft information theft
identity theft
What kind of threat is described when a threat actor makes illegal online purchases using stolen credit information? data loss or manipulation disruption of service identity theft information theft
identity theft
External threat actors can use internet tools to easily determine the IP address space assigned to a give corporation or entity. What are these tools?
nslookup and whois
What do DOS attacks do?
ultimately, they prevent authorized people from using a service by consuming system resources.