CompTIA Network+ | Microsoft MTA Networking: Common Security Threats
Source mc mcse Certification Resources
- DoS (Denial of Service) – A DoS attack is a common type of attack in which false requests to a server overload it to the point that it is unable to handle valid requests, cause it to reset, or shut it down completely.There are many different types of DoS attacks including Syn Flooding and Ping Flooding.
- Viruses – A Computer Virus is a program that can copy itself and infect a computer without the permission or knowledge of the user. A Computer Virus has 2 major characteristics: the ability to replicate itself, and the ability to attach itself to another computer file. Every file or program that becomes infected can also act as a Virus itself, allowing it to spread to other files and computers. The term “computer virus” is often used incorrectly as a catch-all phrase to include all types of Malware such as Computer Worms, Trojan Horses, Spyware, Adware, and Rootkits. There are many different anti-virus programs available to prevent and remove viruses. Since new threats are created almost constantly, it is important to keep the virus definition files updated for your software.
- Worm – Worms are stand alone programs that do not need other programs in order to replicate themselves like a virus which relies on users to inadvertently spread it. Viruses and Worms can be prevented by installing anti-virus software which can be run on servers, clients, firewalls and other devices.
- Attackers – We aren’t entirely sure what CompTIA is referring to with this term so we will offer a general definition. The term attackers refers to any person or group of people that cause harm on individual computers, networks, and the internet. This could include hackers, virus and malware creators, and anyone else who attempts to interfere with normal computer and network operations.
- Man in the Middle – These attacks can include the interception of email, files, passwords and other types of data that can be transferred across a network. This is a form of Data Theft attack.
- Smurf – This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages in an attempt to cause massive network traffic. To accomplish this, the attacker sends ICMP echo packets to broadcast addresses of vulnerable networks with a forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies which will overload it. These types of attacks are very easy to prevent, and as a result, are no longer very common.
- Rogue Access Point – This term most often refers to unauthorized access points that are deployed with malicious intent. But in general, it would refer to any unauthorized device regardless of its intent. Types of Rogue APs could include one installed by an employee without proper consent, a misconfigured AP that presents a security risk, AP from neighboring WLANs, or one used by an attacker. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.
- Social Engineering (Phishing) – Social engineering describes various types of deception used for the purpose of information gathering, fraud, or computer system access. Phishing, a form of social engineering, is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication such as email, chat, or instant messaging.
- Mitigation Techniques – For the purposes of this guide, we can’t cover all of the various options to prevent security breaches, so we’ll keep it brief with the following:
- Policies and Procedures – an outline in a group, organization or across an enterprise which outlines different sets of standards and actions. These will often define acceptable use of network systems and repercussions for violations. Generally they are drafted by system and network administrators as an outline of service and use and legal will generally tighten up the actual meaning. Management will ultimately need to follow up with approval authorization and who will actually enforce them.
- User Training – skills that need to be communicated to the end user community that are using the network resources and connected systems. This training usually consists of rudimentary explanations of expected and acceptable use and what the procedures are for violations. Additionally, it will include some basic level of explanation of security threats and how user interaction can help defend the network as well as make it more at risk when the wrong actions are taken.
- Patches and Updates – operating system updates and application fixes that are released to enhance security features or to fix known issues with software. Generally, most of the patches and some of the updates are released in order to correct recently discovered security deficiencies in the code. These updates are always delivered by the application owner unless a specific agreement is made between the application owner and another vendor. Users and administrators would generally download these updates manually to install onto systems or set up some type of automated system for delivery to managed systems and devices.
Want more information on how to become CompTIA Net+ Certified? Learn more!
Also published on Medium.