INTRODUCTION – Secure Against Network Intrusions
It also covers an in-depth understanding of types of network attacks enabling participants to identify and understand how to counteract threats to networked systems and devices. Different forms of attack by malicious actors to compromise the network infrastructure are elaborated; this is while tackling the nuanced use of sophisticated techniques that cybersecurity professionals use for securing and fortifying vulnerable systems. Real-life case studies and practical activities will expose participants to the learning of invaluable insights into the strategies of their cyber adversaries and proactive measures undertaken by cybersecurity experts to identify and close potential loopholes. The module is valuable for holistic comprehension of network security combined with abilities to navigate and mitigate emerging threats in the cybersecurity landscape.
Learning Objectives:
- Network intrusion tactics.
- To provide and teach how to secure networks against intrusion tactics.
- Investigating breaches in security.
- To understand the network attack types.
- Solving basic network problems by using relevant tools and methods.
TEST YOUR KNOWLEDGE: SECURE NETWORKS AGAINST DENIAL OF SERVICE (DOS) ATTACKS
1. What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?
- Phishing attack
- Distributed Denial of Service (DDoS) attack (CORRECT)
- Denial of Service (DoS) attack
- Tailgating attack
A DDoS attack refers to the attack that is executed through multiple devices or through multiple servers from different locations flooding some specific directed target with huge amounts of traffic to attack and overload the network that they will make it malfunction and it will be those failures or crashes.
2. What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?
- SYN flood attack (CORRECT)
- On-path attack
- SYN-ACK flood attack
- ICMP flood
SYN floods are typically an attack method that resembles the initial step of a TCP handshake. A server becomes the target of this by receiving large amounts of SYN packets, which overloads its resources and makes it impossible for any user to complete the TCP handshake and therefore function as necessary.
3. Fill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.
- ICMP flood
- On-path
- SYN flood
- Ping of Death (CORRECT)
A Denial of Service (DoS) attack known as “The Ping of Death” occurs when an intruder sends a packet with an Internet Control Message Protocol (ICMP) beyond its maximum size of 64KB. The destination system may crash, freeze, or reboot as a result of overflow since this supersized packet may exceed its internal buffer size.
4. Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply.
- ICMP flood attack (CORRECT)
- TCP connection attack
- SYN flood attack (CORRECT)
- Tailgating attack
These are computer-based denial-of-service attacks. The ICMP flood attack is launched against a user or a server using overwhelming requests from the communication protocols of a packet network. In case of ICMP flooding, enormous numbers of ICMP Echo Request packets are sent as ping requests to saturate and inundate the server as well as deplete its resources. For SYN flood attacks, several SYN packets are sent to the specific target, wherein a server on receiving such SYN would allocate resources for an incomplete connection and, ultimately, reach an extent of being overwhelmed so that it cannot function properly.
5. Which of the following are common network attacks? Select all that apply.
- Malware (CORRECT)
- Packet flooding (CORRECT)
- Spoofing (CORRECT)
- Proxy servers
In general, such types of network attacks include spoofing, packet flooding, and malware.
6. Fill in the blank: A _____ attack happens when an attacker sends a device or system oversized ICMP packets that are bigger than 64KB.
- Ping of death (CORRECT)
- Internet Control Message Protocol (ICMP) Flood
- Distributed denial of service (DDoS)
- SYN (synchronize) flood
A ping of death is a type of denial of service attack where a hacker uses a legitimate ping program to send packet sizes greater than 64 kilobytes, so the system receiving the oversized ICMP packet is either going to crash or become unresponsive to user input.
TEST YOUR KNOWLEDGE: NETWORK INTERCEPTION ATTACK TACTICS
1. Passive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.
- True
- False (CORRECT)
In active packet sniffing attack, it comprises of modifying data packets while transmitting. An injection protocol is used for this attack, to redirect the packets from the legitimate ports to unauthorized ports and changes information within the packet. Another aspect is passive packet sniffing-an interception, read interception whereby packets in transit are without changing any of their contents.
2. Fill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network.
- using only websites with HTTP at the beginning of their domain addresses
- using a network hub
- using free public Wi-Fi
- using a VPN (CORRECT)
The security analysts do the work of passing the malicious packet sniffers without them knowing by private VPNs through which they encrypt data while traveling over the network. VPN is today a network security tool that masks public IP addresses and hides the user’s virtual locations; hence making data private when on a public network.
3. Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?
- Ping of death
- Replay attack
- IP spoofing (CORRECT)
- On-path attack
IP spoofing is an attack when an intruder changes the source IP address of a single IP packet with the intent of masquerading as a trusted system, causing the attacker to eventually gain unauthorized access to the network.
4. Which of the following statements accurately describes a smurf attack?
- A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum size
- A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets (CORRECT)
- A DoS attack performed by an attacker repeatedly sending ICMP packets to a network server
- A network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another time
Smurf attacks happen whenever an attacker surges the target with packets through an IP address spoofing. The IP address typically claims an authorized user of a system. So, it is a kind of distributed denial of service (DDos) attack that suffers some attributes of IP spoofing, meant to flood the victim’s network with unwanted, fabricated traffic, thereby overwhelming them.
5. Which part of a data packet may contain valuable information about the data in transit?
- Network
- Header
- Footer
- Body (CORRECT)
Sensitive information, like credit card numbers, dates of birth, or personal messages, could be appended within the body of a data packet. This information may be misused by the malign for nefarious purposes, invading privacy or safety features.
6. Which of the following attacks use IP spoofing? Select three answers.
- Smurf attack (CORRECT)
- Tailgating
- Replay attack (CORRECT)
- On-path attack (CORRECT)
Replay attacks,
on-path attacks, and smurf attacks are few common forms of IP spoofing attack. A smurf attack is one of the kinds wherein an intruder captures an authorized user’s IP address and floods it with packets to make requests without the authorized user’s permission.
Tailgating is an attack as a scheme of social engineering where an unauthorized person gains entry by following an authorized individual closely into the restricted area.
Replay attacks occur, for example, when an attacker manages to intercept a data packet while it is being transmitted.The attacker then will be able to either delay the packet or replay it again at a later time.
An on-path attack, often referred to as a man-in-the-middle attack, occurs when an attacker places himself in between the two parties within which communication continues to happen. He can then intercept data being exchanged, and possibly manipulate it as well.
MODULE 3 CHALLENGE
1. What happens during a Denial of Service (DoS) attack?
- The target crashes and normal business operations cannot continue. (CORRECT)
- The data packets containing valuable information are stolen as they travel across the network.
- The network is infected with malware.
- The attacker successfully impersonates an authorized user and gains access to the network.
2. Which type of attack overloads a network with traffic and overwhelms the target server?
- Denial of Service (DoS) (CORRECT)
- Ping of death
- SYN flood
- IP spoofing
3. A security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe?
- On-path attack
- SYN flood attack (CORRECT)
- Ping of Death
- ICMP flood
4. Which type of attack occurs when a malicious actor sends an oversized ICMP packet to a server?
- SYN flood
- smurf
- on-path
- Ping of Death (CORRECT)
5. Which of the following statements Correctly describe passive and active packet sniffing? Select three answers.
- Active packet sniffing may enable attackers to redirect the packets to unintended ports. (CORRECT)
- The purpose of passive packet sniffing is to read data packets while in transit. (CORRECT)
- Passive packet sniffing may enable attackers to change the information a packet contains.
- Using only websites with HTTPS at the beginning of their domain names provides protection from packet sniffing. (CORRECT)
6. As a security professional, you research on-path, replay, and smurf attacks in order to implement procedures that will protect your company from these incidents. What type of attack are you learning about?
- IP spoofing (CORRECT)
- Ping of death
- Packet sniffing
- SYN flooding
7. Fill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization.
- firewall (CORRECT)
- demilitarized zone
- HTTPS domain address
- VPN
8. Fill in the blank: In a/an ____ attack, a malicious actor places themselves in the middle of an authorized connection and intercepts the data in transit.
- Malware attack
- On-path attack (CORRECT)
- Smurf attack
- Packet flooding attack
9. Fill in the blank: The _____ network attack occurs when an attacker intercepts a data packet in transit, then repeats it at another time.
- replay (CORRECT)
- smurf
- on-path
- SYN flood
10. Fill in the blank: A ___ attack happens when a malicious actor sniffs an authorized user’s IP address and floods it with packets.
- On-path attack
- Replay attack
- Smurf attack (CORRECT)
- Ping of Death
11. What is the main objective of a Denial of Service (DoS) attack?
- Repeatedly send ICMP packets to a network server
- Simulate a TCP connection and flood a server with SYN packets
- Disrupt normal business operations (CORRECT)
- Send oversized ICMP packets
12. A security team investigates a server that has been overwhelmed with SYN packets. What does this scenario describe?
- Ping of Death
- On-path attack
- ICMP flood attack
- SYN flood attack (CORRECT)
13. Fill in the blank: The maximum size of a Correctly formatted IPv4 ICMP packet is _____, as opposed to the oversized packet that is sent during a Ping of Death attack.
- 64TB
- 15Gb
- 64KB (CORRECT)
- 32KB
14. Which type of packet sniffing allows malicious actors to view and read data packets in transit?
- Passive packet sniffing (CORRECT)
- Active packet sniffing
- IP packet interception
- Hardware packet sniffing
15. Fill in the blank: In a _____ attack, an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.
- IP spoofing (CORRECT)
- Passive packet sniffing
- Active packet sniffing
- Ping of Death
16. What are some common IP spoofing attacks? Select all that apply.
- on-path attacks (CORRECT)
- replay attacks (CORRECT)
- smurf attacks (CORRECT)
- KRACK attacks
17. A malicious actor impersonates a web browser or web server by placing themselves between two devices, then sniffing the packet information to discover the IP and MAC addresses. Which type of attack is this?
- Smurf attack
- On-path attack (CORRECT)
- Malware attack Packet flooding attack
18. Which attack involves an attacker sniffing an authorized user’s IP address and flooding it with packets?
- Smurf attack (CORRECT)
- On-path attack
- Replay attack
- Ping of Death
19. What do network-level Denial of Service (DoS) attacks target?
- Commonly used software applications
- The personal information of employees
- All hardware within an organization
- Network bandwidth (CORRECT)
20. A malicious actor intercepts a network transmission that was sent by an authorized user and repeats it at a later time to impersonate a user. Which type of attack is this?
- SYN flood
- replay (CORRECT)
- smurf
- on-path
21. A malicious actor takes down a network by flooding an authorized user’s IP address with packets. Which type of DDoS attack is this?
- Smurf attack (CORRECT)
- Ping of Death
- On-path attack
- Replay attack
22. Fill in the blank: A _____ attack uses multiple devices in different locations to flood the target network with unwanted traffic.
- Distributed Denial of Service (DDoS)
- Tailgating
- Ping of death
- ICMP flood
23. Fill in the blank: _____ is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.
- IP spoofing (CORRECT)
- A DoS attack
- A KRACK attack
- SYN flooding