This topic describe common network attacks.. Start learning CCNA 200-301 for free right now!!
Note: Welcome: This topic is part of Module 3 of the Cisco CCNA 3 course, for a better follow up of the course you can go to the CCNA 3 section to guide you through an order.
Table of Contents
Overview of Network Attacks
As you have learned, there are many types of malware that hackers can use. But these are not the only ways that they can attack a network, or even an organization.
When malware is delivered and installed, the payload can be used to cause a variety of network related attacks.
To mitigate attacks, it is useful to understand the types of attacks. By categorizing network attacks, it is possible to address types of attacks rather than individual attacks.
Networks are susceptible to the following types of attacks:
Video – Reconnaissance Attacks
Click Play in the figure to view a video about reconnaissance attacks.
Reconnaissance is information gathering. It is analogous to a thief surveying a neighborhood by going door-to-door pretending to sell something. What the thief is actually doing is looking for vulnerable homes to break into, such as unoccupied residences, residences with easy-to-open doors or windows, and those residences without security systems or security cameras.
Threat actors use reconnaissance (or recon) attacks to do unauthorized discovery and mapping of systems, services, or vulnerabilities. Recon attacks precede access attacks or DoS attacks.
Some of the techniques used by malicious threat actors to conduct reconnaissance attacks are described in the table.
Perform an information query of a target
The threat actor is looking for initial information about a target. Various tools can be used, including the Google search, organizations website, whois, and more.
Initiate a ping sweep of the target network
The information query usually reveals the target’s network address. The threat actor can now initiate a ping sweep to determine which IP addresses are active.
Initiate a port scan of active IP addresses
This is used to determine which ports or services are available. Examples of port scanners include Nmap, SuperScan, Angry IP Scanner, and NetScanTools.
Run vulnerability scanners
This is to query the identified ports to determine the type and version of the application and operating system that is running on the host. Examples of tools include Nipper, Secuna PSI, Core Impact, Nessus v6, SAINT, and Open VAS.
Run exploitation tools
The threat actor now attempts to discover vulnerable services that can be exploited. A variety of vulnerability exploitation tools exist including Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, and Netsparker.
Click each button to view the progress of a reconnaissance attack from information query, to ping sweep, to port scan.
Click Play in the figure to view an animation of a threat actor using the whois command to find information about a target.
Click Play in the figure to view an animation of a threat actor doing a ping sweep of the target’s network address to discover live and active IP addresses.
Click Play in the figure to view an animation of a threat actor performing a port scan on the discovered active IP addresses using Nmap.
Video – Access and Social Engineering Attacks
Click Play in the figure to view a video about access and social engineering attacks.
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services. The purpose of these types of attacks is to gain entry to web accounts, confidential databases, and other sensitive information.
Threat actors use access attacks on network devices and computers to retrieve data, gain access, or to escalate access privileges to administrator status.
In a password attack, the threat actor attempts to discover critical system passwords using various methods. Password attacks are very common and can be launched using a variety of password cracking tools.
In spoofing attacks, the threat actor device attempts to pose as another device by falsifying data. Common spoofing attacks include IP spoofing, MAC spoofing, and DHCP spoofing. These spoofing attacks will be discussed in more detail later in this module
Other Access attacks include:
Buffer overflow attacks
Click each button to view an illustration and explanation of these access attacks.
In a trust exploitation attack, a threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target. Click Play in the figure to view an example of trust exploitation.
In a port redirection attack, a threat actor uses a compromised system as a base for attacks against other targets. The example in the figure shows a threat actor using SSH (port 22) to connect to a compromised Host A. Host A is trusted by Host B and, therefore, the threat actor can use Telnet (port 23) to access it.
In a man-in-the-middle attack, the threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties. The figure displays an example of a man-in-the-middle attack.
In a buffer overflow attack, the threat actor exploits the buffer memory and overwhelms it with unexpected values. This usually renders the system inoperable, creating a DoS attack. The figure shows that the threat actor is sending many packets to the victim in an attempt to overflow the victim’s buffer.
Social Engineering Attacks
Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information. Some social engineering techniques are performed in-person while others may use the telephone or internet.
Social engineers often rely on people’s willingness to be helpful. They also prey on people’s weaknesses. For example, a threat actor could call an authorized employee with an urgent problem that requires immediate network access. The threat actor could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.
Information about social engineering techniques is shown in the table.
Social Engineering Attack
A threat actor pretends to need personal or financial data to confirm the identity of the recipient.
A threat actor sends fraudulent email which is disguised as being from a legitimate, trusted source to trick the recipient into installing malware on their device, or to share personal or financial information.
A threat actor creates a targeted phishing attack tailored for a specific individual or organization.
Also known as junk mail, this is unsolicited email which often contains harmful links, malware, or deceptive content.
Something for Something
Sometimes called “Quid pro quo”, this is when a threat actor requests personal information from a party in exchange for something such as a gift.
A threat actor leaves a malware infected flash drive in a public location. A victim finds the drive and unsuspectingly inserts it into their laptop, unintentionally installing malware.
This type of attack is where a threat actor pretends to be someone they are not to gain the trust of a victim.
This is where a threat actor quickly follows an authorized person into a secure location to gain access to a secure area.
This is where a threat actor inconspicuously looks over someone’s shoulder to steal their passwords or other information.
This is where a threat actor rummages through trash bins to discover confidential documents.
The Social Engineering Toolkit (SET) was designed to help white hat hackers and other network security professionals create social engineering attacks to test their own networks.
Enterprises must educate their users about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
The figure shows recommended practices that should be followed by all users.
Recommended Social Engineering Protection Practices
Lab – Social Engineering
In this lab, you will research examples of social engineering and identify ways to recognize and prevent it.
Click Play in the figure to view a video about denial of service attacks.
DoS and DDoS Attacks
A Denial of Service (DoS) attack creates some sort of interruption of network services to users, devices, or applications. There are two major types of DoS attacks:
Overwhelming Quantity of Traffic – The threat actor sends an enormous quantity of data at a rate that the network, host, or application cannot handle. This causes transmission and response times to slow down. It can also crash a device or service.
Maliciously Formatted Packets – The threat actor sends a maliciously formatted packet to a host or application and the receiver is unable to handle it. This causes the receiving device to run very slowly or crash.
Click each button for an illustration and explanation of DoS and DDoS attacks.
DoS attacks are a major risk because they interrupt communication and cause significant loss of time and money. These attacks are relatively simple to conduct, even by an unskilled threat actor.
Click Play in the figure to view the animation of a DoS attack.
A Distributed DoS Attack (DDoS) is similar to a DoS attack, but it originates from multiple, coordinated sources. For example, A threat actor builds a network of infected hosts, known as zombies. The threat actor uses a command and control (CnC) system to send control messages to the zombies. The zombies constantly scan and infect more hosts with bot malware. The bot malware is designed to infect a host, making it a zombie that can communicate with the CnC system. The collection of zombies is called a botnet. When ready, the threat actor instructs the CnC system to make the botnet of zombies carry out a DDoS attack.
Click Play in the figure to view the animations of a DDoS attack.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.