This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher.
All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director
of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning.
1.3 Network Attacks
CompTIA Security+ Certification Support Skills
Objectives
1.3 Network Attacks
• Understand the relevance of the OSI model to network technologies and protocols
• Describe the function of network sniffers and protocol analyzers
• Describe procedures and products used to survey and test security systems
• Describe network attacks, such as scanning, spoofing, Man-in-the-Middle, replay, and Denial of Service
41
1.3 Network Attacks
OSI Model
41
1.3 Network Attacks
TCP/IP Protocol Suite
43
1.3 Network Attacks
Network Boundaries
44
1.3 Network Attacks
Sniffers and Protocol Analyzers• Sniffer
o Captures frames from network
o Hardware or software
• Hubs, switches, and promiscuous mode
• Protocol Analyzero Decodes and presents frames
for analysis
o Network monitoring
• Packet injection
• Preventing eavesdropping 45
1.3 Network Attacks
ARP Attacks• Address Resolution
Protocol (ARP)
• Maps IPv4 addresses to hardware (MAC) interfaces
• ARP poisoningo Dsniff
o Ettercap
o Cain and Abel
• MAC flooding
47
1.3 Network Attacks
• Spoofing / masquerade as a general attack (can take place at many levels)
o Identity theft / social engineering
• Network spoofing attackso Replay
− Obtain some authentication data and use it to regain accesso Man-in-the-Middle
− Intercept packets (without sender or receiver knowing)− Can monitor contents of packets (unless encrypted)− Could modify packets and send on
Replay and Man-in-the-Middle Attacks
49
1.3 Network Attacks
IP Spoofing and TCP/IP Hijacking• Spoofing IP addresses
• TCP hijackingo 3-way handshake
o Non-blind spoofing
o Blind spoofing
• ICMP redirect
50
1.3 Network Attacks
• Discover network / host configuration
• Footprinting (network mapping)o Protocols, services, and applications running on the network
o Host workstation and server OS types and patch status
o Network addresses and host names
o Network interconnect device types and status
o Network security appliances and software
o User accounts and groups (especially administrative / root accounts) and passwords