The document discusses common security threats that come from inside and outside of secured networks. For inside threats, it lists malicious employees, privilege escalation, social engineering, ARP cache poisoning, client-side attacks, replay attacks, transitive access attacks, and Man-in-the-Middle attacks. For outside threats, it discusses spoofing, spam, spim, DNS poisoning, typosquatting, watering hole attacks, and various types of denial of service attacks. The document is a summary of attack types for an IT security course.
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
3. Page 3
– Inside threats and attacks.
– Outside threats and attacks.
PACE-IT.
5. Page 5
– Malicious employees.
» Malicious employees are difficult to defend against, as the
threat is already inside the network.
• Resources must be granted in order for employees to do their
jobs.
» One of the best defenses is using the principle of least
privilege.
• Only granting the least amount of authorization that is
required for people to get their work done.
– Privilege escalation.
» Attempting to raise a user’s account privileges to an
administrative level—giving them access to almost everything.
• Usually occurs due to a vulnerability that may be present in
the operating system itself; however, the vulnerability may
also be present in another piece of software.
» The best defense is to remove all known vulnerabilities from
operating systems and software.
A summary of types of attacks I.
6. Page 6
– Social engineering.
» The process of using social pressure to cause somebody to
compromise a system from inside the defenses of the network.
• The pressure can be applied in multiple forms: by phone, in
person, via email, through a rogue website, or by other
methods.
– ARP (Address Resolution Protocol) cache
poisoning.
» The ARP cache, which maps IP addresses to MAC addresses,
is corrupted by an attacker with the end result being that the
attacker has control of which IP addresses are associated with
MAC addresses.
• Commonly used in man-in-the-middle attacks.
– Client-side attack.
» An attack on a system through vulnerabilities that may be
present within software on a client system.
• Attacks often originate from Internet applications or
messaging applications.
A summary of types of attacks I.
7. Page 7
– Replay attack.
» An attack that uses a packet sniffer to capture network session
data.
• The attacker then re-submits the captured packets in an effort
to gain access to the network.
– Transitive access attack.
» The attacker attempts to get a user to click on a hyperlink to an
MS Windows shared folder.
• If the user clicks on the hyperlink, the user’s system is forced
to send the user account credentials—allowing the attacker to
attempt to get access to valid credentials.
– Man-in-the-middle (MitM) attack.
» The attacker is not necessarily inside the network per se, but is
in between two end points that are communicating on a
network.
» The attack allows a malicious user to be able to view all
network packets that are flowing between the communicating
hosts.
A summary of types of attacks I.
9. Page 9
– Spoofing.
» An attacker attempts to gain access to network resources by
having his or her system masquerade as a trusted system.
• This is achieved by modifying either the IP address or the
MAC address of the attacking system.
– Spam.
» Unsolicited bulk email (UBE), junk email that attempts to entice
a person into buying a product or service.
• While in most cases the receiving of spam isn’t a security
threat, it is a waste of resources—which is considered a
security issue.
– Spim (spIM or spam with instant
messaging).
» An attacker harvests instant message (IM) IDs and then
attempts to entice the end user to click on a hyperlink that is
included in an IM.
• Often used as the first step in another type of attack (e.g., a
pharming attack).
A summary of types of attacks I.
10. Page 10
– DNS poisoning.
» The attacker changes the DNS records for a specific website in
order to redirect traffic to a malicious website.
• The change in record can either be on the local DNS
apparatus, or it may occur at a higher level (e.g., at the
Internet service provider level).
– Typosquatting (or URL hijacking).
» The attacker sets up malicious websites using common
misspellings of legitimate URL (Uniform Resource Locator)
names.
• The attacker assumes that a certain amount of traffic will
reach the malicious website merely due to user error.
– Watering hole attack.
» The attacker compromises (e.g., plants malicious code on) a
legitimate trusted website.
• As users visit the trusted site, malicious code is executed.
A summary of types of attacks I.
11. Page 11
– DoS (Denial of Service) threats.
» Covers a very broad category of threats to networks and
systems.
• Any threat that can potentially keep users or customers from
using network resources as designed can be considered a
type of DoS threat.
» Permanent DoS attack.
• An attempt to permanently deny a network resource for
others; it can be done by physically destroying a resource or
by damaging (or corrupting) the underlying operating system.
» Traditional DoS attack.
• An attempt to flood a network with enough traffic to bring it
down—commonly used with malformed ICMP requests.
» Distributed DoS (DDoS) attack.
• A DoS attack in which more than a single system is involved
in sending the attack; a botnet is often used to implement the
attack.
» Smurf attack or smurfing.
• A network is flooded with ICMP requests in which the source
address for the requests appears to be that of the intended
target (it has been spoofed).
A summary of types of attacks I.
12. Page 12
A summary of types of attacks I.
Given the nature and purpose of networks, it can be difficult to make them
secure. Common threats or attacks that come from inside the network
include: malicious employees, privilege escalation, social engineering, ARP
cache poisoning, client-side attacks, replay attacks, transitive access
attacks, and MitM attacks.
Topic
Inside threats and attacks.
Summary
Security threats may come from outside of the secured network. Common
threats or attacks that come from outside of the network include: spoofing,
spam, spim, DNS poisoning, typosquatting, watering hole attacks, and
various types of DoS attacks.
Outside threats and attacks.
14. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.