INFORMATION

ASSURANCE &
SECURITY 1
 MODULE 1
SECURITY
FUNDAMENTALS
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define Information Security and its goals;
▪ Demonstrate the abstract view of the components of a goal of security;
▪ Enumerate the types of risks, threats, vulnerability, intrusion and attacks;
▪ Explain the Information Security Controls;
▪ Discuss Security Management Process;
▪ Give different aspects of CIA Triad.
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define cryptography;
▪ Discuss encryption and decryption;
▪ Discuss the concepts of steganography and digital signatures;
▪ Explain the process concept of authentication methods;
▪ Describe different states of authentication;
▪ Discuss common security practices
▪ Explain security policy;
▪ Discuss the concept of common security policy and group policy;
INFORMATION SECURITY
CYCLE
What Is Information Security?

Information Security is the state of being

protected against the unauthorized use of
information, especially electronic data, or the
measures taken to achieve this.
What to Protect

Data
Resource
Data Resource
Goals of Security

• Prevention
• Detection
• Recovery
A fundamental understanding of the standard concepts of security is
essential before people can start securing their environment.
Risk
Likelihood: Rare
Damage: Moderate

Disgruntled Former Threat of

Employees Improper Access

A risk is generally defined as the probability that an event will occur.

 Threats Intentional or
unintentional

Information Security Threats

Changes to Interruption Interruption Damage to Damage to

Information of Services of Access Hardware Facilities

A threat is a possible danger that might exploit a vulnerability to breach

security and therefore cause possible harm.
Vulnerability

Attacker Unsecured Router Information System

A vulnerability is a weakness which can be exploited by a threat actor, such

as an attacker, to perform unauthorized actions within a computer system.
Intrusion

Intrusions often involves stealing valuable resources and almost always

jeopardize the security of the systems and/or their data.
 Attacks

Attack is to set upon in a

Software-Based Attacks
forceful, violent, hostile, Physical Security Attacks

or aggressive way, with

or without a weapon

Social Engineering Attacks Web Application-Based Attacks

Network-Based Attacks
Security Controls

• Controls are the countermeasures that you need to put in place to avoid,
mitigate, or counteract security risks due to threats or attacks.

Detection Control Correction Control

Prevention Control
Security Management Process
CIA Triad

Availability

The CIA Triad is a well-known, venerable model for the development of security
policies used in identifying problem areas, along with necessary solutions in the
arena of information security.
Confidentiality

CONFIDENTIALITY is a concept we deal with frequently in real life. We

expect our doctor to keep our medical records confidential.
There are several technologies that support confidentiality in an
enterprise security implementation. These include the following:

❑Strong encryption
❑Strong authentication
❑Stringent access controls
Integrity

We define INTEGRITY in the information security context as the consistency,

accuracy, and validity of data or information.
Availability

AVAILABILITY is the third core security principle, and it is defined as a

characteristic of a resource being accessible to a user, application, or computer
system when required
AUTHENTICATION
METHODS &
CRYPTOGRAPHY
FUNDAMENTALS
Identification

Identification is defined as the act of determining who someone or what

something is.
Authentication

Authentication is the process of verifying the identity of a person or device.

Authentication Factors
❑Something you are
✓Fingerprints, handprints, or retinal patterns
❑Something you have
✓Key or ID card
❑Something you know
✓Password or PIN
Password
❑Somewhere you are or are not
✓IP address or GPS 24.213.151.4

❑Something you do
✓Keystroke patterns
Authorization

AUTHORIZATION is the process of giving individuals access to system

objects based on their identity.
Non-repudiation

Non-repudiation is the assurance that someone cannot deny the validity

of something.
Access Control
• Determining and assigning privileges to resources, objects, or data.
• Manages authorization.
Access Control Models

Mandatory Access Control Discretionary Access Control Role-Based Access Control

(MAC) (DAC) (RBAC)

Rule-Based Access
Control
Accounting and Auditing

• The process of tracking and recording system activities and resource access.
Common Security Practices

❑Implicit deny
❑Least privilege
❑Separation of duties
❑Job rotation
❑Mandatory vacation
❑Time of day restrictions
❑Privilege management
Implicit Deny

Default Deny

Read Access Granted Write Access Denied

An implicit deny only denies a permission until the user or group is allowed
to perform the permission
Least Privilege

Perform their jobs with User 1 User 4 Perform their jobs with
fewer privileges more privileges

User 2 User 3
Data Entry Clerks Financial Coordinators

LEAST PRIVILEGE is a security discipline that requires that a user, system, or

application be given no more privilege than necessary to perform its function or job.
Separation of Duties

Backup Audit Restore

SEPARATION OF DUTIES is a principle that prevents any single person or entity

from being able to have full access or complete all the functions of a critical or
sensitive process.
 Backup
Job Rotation

Audit

Access Control

Firewall Restore

JOB ROTATION is a concept that has employees rotate through

different jobs to learn the procedures and processes in each.
 Mandatory Vacation

MANDATORY VACATIONS policies require employees to take time away from their job.
Time of Day Restrictions

AM PM

TIME OF DAY RESTRICTIONS limit when users can access specific systems based on
the time of day or week.
Security Tokens

Unique
PIN
Value

User Password
Information

A security token (or sometimes a hardware token, hard token, authentication

token, USB token, cryptographic token, or key fob) is a physical device that an
authorized user of computer services is given to ease authentication.
Biometrics
❑Fingerprint scanner
❑Retinal scanner
❑Hand geometry scanner
❑Voice-recognition software
❑Facial-recognition software

Biometrics is an authentication method that identifies and recognizes people

based on voice recognition or physical traits such as a fingerprint, face recognition,
iris recognition, and retina scan.
Keystroke Authentication

Keystroke Pattern Detector

Keystroke dynamics has been used to strengthen password-based user authentication

systems by considering the typing characteristics of legitimate users.
Multifactor Authentication

Password

ID Card

When two or more authentication methods are used to authenticate someone, a

multifactor authentication system is being implemented.
Cryptography

Cryptography is a method of protecting information and communications through

the use of codes so that only those for whom the information is intended can read
and process it.
Encryption and Decryption

Plaintext Encryption Ciphertext

Ciphertext Decryption Plaintext

Plaintext

Encryption is a process which transforms the original information into an

unrecognizable form.
Decryption is a process of converting encoded/encrypted data in a form that is
readable and understood by a human or a computer.
 Ciphers

Original Information Encrypted Information

Cipher

Cipher is a system of writing that prevents most people from understanding the message
 Stream Cipher
Cipher Types

Plaintext Cipher Ciphertext

Stream ciphers create an arbitrarily long stream of key material, which is

combined with plain text bit-by-bit or character-by-character.
Block Cipher

Plaintext Ciphertext
Block Cipher Block

Block cipher takes a block of plain text and a key, and outputs a block of
ciphertext of the same size.
Steganography

Vessel Image Steganographic

Image

Steganographic techniques include:

• Hiding information in blocks.
Secret Data • Hiding information within images.
• Invisibly altering the structure of a digital image.

The art and science of hiding information by embedding messages within

other, seemingly harmless messages.
Types of Encryption

Encryption algorithms can be divided into three classes:

❑ Symmetric
❑ Asymmetric, and
❑ Hash function.

Symmetric and Asymmetric encryption can encrypt and decrypt data.

A Hash function can only encrypt data; that data cannot be decrypted
Hashing Encryption

Hashing is one way to enable security during the process of message

transmission when the message is intended for a particular recipient only.
Hashing Encryption Algorithms

❑MD5 – (Message Digest)

❑SHA – (Secure Hash Algorithms)

❑NTLM versions 1 and 2 – New Technology LAN Manager

❑RIPEMD - RACE Integrity Primitives Evaluation Message Digest

❑HMAC - Hash-based Message Authentication Code

Key

Original Information Cipher Encrypted

Information

= Two Letters
Following

An encryption key is a random string of bits created explicitly for scrambling

and unscrambling data.
Symmetric Encryption

Encrypts Data Decrypts Data

Same Key on Both Sides

Symmetric encryption uses a single key to encrypt and decrypt data. Therefore,
it is also referred to as secret-key, single-key, shared-key, and private-key
encryption.
Symmetric Encryption Algorithms

❑DES - Data Encryption Standard

❑3DES – Triple Data Encryption Standard
❑AES - Advanced Encryption Standard
❑Blowfish
❑Twofish
❑RC 4, 5, 6
Asymmetric Encryption

Public Key Encrypts Private Key Decrypts

Asymmetric encryption, also known as public key cryptography, uses two mathematically
related keys.
Asymmetric Encryption Techniques
❑RSA - Rivest–Shamir–Adleman
❑DH - Diffie–Hellman key exchange.
❑ECC - Elliptic curve cryptography
❑DHE - Diffie–Hellman key exchange
❑ECDHE - Elliptic curve Diffie-Hellman
Key Exchange

Sender Receiver
For messages to be exchanged, the sender and receiver need the right cryptographic keys

Symmetric cipher: Asymmetric cipher:

Same key Each other’s public key

Key exchange (also key establishment) is a method in cryptography by which

cryptographic keys are exchanged between two parties, allowing use of a
cryptographic algorithm.
Digital Signatures

Hash Value of
Hash Value Matches
Signature

DIGITAL SIGNATURE is a process that guarantees that the contents of a

message have not been altered in transit.
Session Keys

Single-Use Key

Related Sender Receiver

Messages

Unrelated message requires a different key

A SESSION KEY is an encryption and decryption key that is randomly

generated to ensure the security of a communications session between a
user and another computer or between two computers.
Key Stretching

Original Key Key Stretching Enhanced Key

Algorithm

Key stretching makes it harder to crack passwords and passphrases.

KEY STRETCHING is the practice of converting a password to a longer and more

random key for cryptographic purposes such as encryption.
SECURITY POLICY
FUNDAMENTALS
Security Policy

Individual Policy

Formal
Policy
Statement Resources to
Protect

Implementation
Measures

Security policy is a definition of what it means to be secure for a system,

organization or other entity.
Security Policy Components

Policy statement - Formal document outlining the ways in which an organization

intends to conduct its affairs and act in specific circumstances.

Standards - a level of quality or attainment.

Guidelines - a general rule, principle, or piece of advice.

Procedures - an established or official way of doing something.

Security Policy Components

All security policies should include a well-defined security vision for the
organization.

Enforcement – This section should clearly identify how the policy will be
enforced and how security breaches and/or misconduct will be handled.

User Access to Computer Resources – This section should identify the roles and
responsibilities of users accessing resources on the organization’s network.
Security Policy Components

Security Profiles – This section should include information that identifies how
security profiles will be applied uniformly across common devices

Sensitive data — This section addresses any information that is protected

against unwarranted disclosure.

Passwords – This section should state clearly the requirements imposed on

users for passwords.
Security Policy Components

E-Mail – This section includes how to handle attachments, through filtering,

personal use of the e-mail system, language restrictions, and archival
requirements

Internet – This section is about usage and what content filtering is in place.

Anti-Virus – This section identifies the frequency of updating the file definitions
as well as how removable media, e-mail attachments and other files are scanned.

Back-up and Recovery – A comprehensive back-up and recovery plan is included

here.
Security Policy Components

Intrusion Detection – This section discusses what if any Network Security

Intrusion Detection or Prevention System is used and how it is implemented.
Remote Access – This section should identify all the ways that the system can be
remotely accessed and what is in place to ensure that access is from only
authorized individuals
Information Security Auditing – How are all the security programs reviewed and
how frequently
Information Security Training – Training occurs in many different flavors. One of
the types of training required in an organization is Awareness Training
Common Security Policy Types

AUP – Acceptable User Policy - or fair use policy, is a set of rules

applied by the owner, creator or administrator of a network, website, or
service.

Privacy policy - is a statement or a legal document that discloses some

or all of the ways a party gathers, uses, discloses, and manages a
customer or client's data.

Audit policy defines account limits for a set of users of one or more
resources.
Common Security Policy Types

Extranet policy - this document describes the policy under which

third-party organizations connect to your networks for the purpose of
transacting business related to your company

Password policy is a set of rules designed to enhance computer

security by encouraging users to employ strong passwords and use
them properly.
Common Security Policy Types

Wireless standards policy - provides guidelines regarding wireless

access points and the management by ITS of 802.11X and related
wireless standards access.

Social media policy is a living document that provides guidelines for

your organization’s social media use.
Group Policy

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls
the working environment of user accounts and computer accounts.
Security Document Categories
System architecture - is the conceptual model that defines the structure,
behavior, and more views of a system

Change documentation should describe the requirements driving the

change in sufficient detail to allow approvers and other officials to make
an informed decision on the change request.

Log is an official record of events during the operation

Inventories is a complete list of items such as property, goods in stock,

or the contents of a building.
Change Management

A CHANGE MANAGEMENT system will record what changes are made.

Three Levels of Change Management

❑ Individual Change Management

❑ Organizational/Initiative Change Management

❑ Enterprise Change Management Capability

Documentation Handling Measures

Classification Retention and Storage Disposal and Destruction

Documentation Handling Measures

Classification

Classification is the action or process of classifying something according to

shared qualities or characteristics.
Documentation Handling Measures

Retention and Storage

Documentation Handling Measures

Disposal and Destruction

Every paper or electronic record has a specific amount of time that it needs
to be kept. This is called a retention period.
Once the retention period has ended, records are disposed
according to their value and content:

▪ Shred
▪ Recycle
▪ Delete
▪ Transfer
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
INFORMATION
ASSURANCE &
SECURITY 1
 MODULE 2
IDENTIFYING SECURITY THREATS
AND VULNERABILITIES
Upon completion of this module, the student would be able to:
▪ Define the social engineering and its goals;
▪ Demonstrate the abstract view of the social engineering;
▪ Enumerate the types of social engineering;
▪ Define TCP/IP;
▪ Discuss the concept of network-based attacks;
▪ Differentiate the types of network-based attacks;
▪ Define wireless threats and vulnerability;
Upon completion of this module, the student would be able to:
▪ Discuss the concept of wireless security;
▪ Differentiate the types of wireless attacks;
▪ Explain the types of malware;
▪ Discuss the different types of malware;
▪ Give different malware attacks.
▪ Identify the different types of software-based threats;
▪ Define the different types of software-based threats;
▪ Discuss the types of application attacks
SOCIAL ENGINEERING
Social Engineering Attacks
“This is the help desk.
Please provide your user
name and password so
that we can update our
records.”

SOCIAL ENGINEERING is a method used to gain access to data, systems,

or networks, primarily through misrepresentation.
Some techniques for avoiding social engineering attacks
include the following:
❑Be suspicious
❑Verify identity
❑Be cautious
❑Don’t use email
Types of Social Engineering

❑Spoofing/Impersonation ❑URL hijacking/typo squatting

❑Hoax ❑Spam and spim
❑Phishing ❑Shoulder surfing
❑Vishing ❑Dumpster diving
❑Whaling ❑Tailgating
Spoofing imitate (something) while exaggerating its characteristic features
for comic effect.

Impersonation is an act of pretending to be another person for the

purpose of entertainment or fraud.
Hoax is a humorous or malicious deception.
Phishing is the fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal
information, such as passwords and credit card numbers.
Vishing is the fraudulent practice of making phone calls or leaving voice
messages purporting to be from reputable companies in order to induce
individuals to reveal personal information, such as bank details and credit card
numbers.
A whaling attack is a method used by cybercriminals to masquerade as a senior
player at an organization and directly target senior or other important
individuals at an organization, with the aim of stealing money or sensitive
information or gaining access to their computer systems for criminal purposes.
URL hijacking also known as typo squatting is the process by which a URL is
wrongly removed from the search engine index and replaced by another URL.
Spam is unsolicited usually commercial messages sent to a large number of
recipients or posted in a large number of places
Spim is perpetuated by bots that harvest IM screen names off of the Internet
and simulate a human user by sending spam to the screen names via an
instant message.
Shoulder surfing is a form of credit-card fraud in which the perpetrator stands behind
and looks over the shoulder of the victim as he or she withdraws money from an
automated teller machine, memorizes the card details, and later steals the card
Dumpster diving is a technique used to retrieve information that could be used
to carry out an attack on a computer network.
Tailgating - In these types of attacks, someone without the proper
authentication follows an authenticated employee into a restricted area.
 Social Engineering Recommendations

Here are a few tips that organizations can incorporate into their security awareness
training programs that will help users to avoid social engineering schemes:

• Do not open any emails from untrusted sources.

• Do not give offers from strangers the benefit of the doubt.
• Lock your laptop whenever you are away from your workstation.
• Purchase anti-virus software.

https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
Hackers and Attackers

▪ Hacker was originally a neutral term.

▪ Attacker always refers to malicious hackers.
Categories of Attackers

❑Malicious insiders
❑Hacktivists
❑Data thefts
❑Script kiddies
❑Electronic vandals
❑Cyberterrorists
Malicious insiders
Hacktivists - a person who gains unauthorized access to computer files or
networks in order to further social or political ends.
Data theft is the act of stealing information stored on computers, servers, or other
devices from an unknowing victim with the intent to compromise privacy or obtain
confidential information.
Script kiddie, skiddie, or skid is an unskilled individual who uses scripts or
programs, such as a web shell, developed by others to attack computer
systems and networks and deface websites.
Electronic vandalism entails the determined and intentional malicious
attempt to destroy or manipulate the electronic media and data through
viruses, malevolent codes and other similar means
Cyberterrorism is the use of the Internet to conduct violent acts that result
in, or threaten, loss of life or significant bodily harm, in order to achieve
political or ideological gains through threat or intimidation.
MALWARE & SOFTWAR-BASED
THREATS
Software Attacks

Application Operating System Protocol

Software attacks means attack by Viruses, Worms, Trojan Horses etc.

Many users believe that malware, virus, worms, bots are all same things.
TYPES OF MALWARE

Common for a computer to be connected to the internet, there are more

opportunities than ever for a computer to be infected by malware.
Malware can be identified as one or more of the following:
❑Virus
❑Worm
❑Adware
❑Spyware and dishonest adware
❑Trojan horse
❑Rootkit
❑Backdoor
❑Polymorphic virus
❑Logic Bomb
❑Botnets
❑Zero-day attack
❑Ransomware
❑Armored Virus
Viruses

A computer virus is a malicious software program loaded onto a user’s

computer without the user’s knowledge and performs malicious actions.
Worms

A computer worm is a malicious, self-replicating software program which affects

the functions of software and hardware programs.
 Adware

Adware software that automatically displays or downloads advertising material

(often unwanted) when a user is online.
Spyware

Spyware is unwanted software that infiltrates your computing device,

stealing your internet usage data and sensitive information.
Spyware (Example)

A keylogger is a program that records the keystrokes on a computer. It does this by

monitoring a user's input and keeping a log of all keys that are pressed.
Trojan Horses

A Trojan horse is an executable program that appears as a desirable or useful

program.
 Rootkits

Administrative
access granted

A rootkit is a software program designed to provide a user with administrator

access to a computer without being detected.
Backdoor Attacks

A backdoor refers to any method by which authorized and unauthorized users

are able to get around normal security measures and gain high level user access
(aka root access) on a computer system, network, or software application.
Polymorphic Malware

Polymorphic malware is a type of malware that constantly changes its identifiable

features in order to evade detection.
 Logic Bombs

A logic bomb is commonly defined as an attribute or a portion of code running

within a program that remains inactive until a specific event or time occurs.
Botnets

A botnet is a distributed network of computers that have been compromised

by malicious software and are under the control of an attacker.
Ransomware

Ransomware is a type of malware from cryptology that threatens to publish the

victim's data or perpetually block access to it unless a ransom is paid
 Armored Viruses

An armored virus is a computer virus that contains a variety of mechanisms

specifically coded to make its detection and decryption very difficult.
Password Attacks

xxxxxxxxx
xPxxxxxxx
xPassxxxx
xPass1234
!Pass1234

Password attacks are a critical segment of a pentest in which preparation

can make a major impact on the success (or failure) of a pentest.
Types of Password Attacks

✓ Dictionary attack
✓ Brute force attack
✓ Man In the Middle
✓ Birthday attack
✓ Rainbow Table Attack
Types of Password Attacks

Dictionary attack - An attack that takes advantage of the fact people tend
to use common words and short passwords.
Types of Password Attacks

Brute force - Using a program to generate likely passwords or even

random character sets.
Types of Password Attacks

Man In the Middle - the hacker’s program doesn’t just monitor information being
passed but actively inserts itself in the middle of the interaction, usually by
impersonating a website or app.
Types of Password Attacks

Rainbow Table Attack - a rainbow table compiles a list of pre-computed hashes.

Application Attacks

Known flaw in
application
Types of Application Attacks
Application Attack Description

Cross-site scripting An attack that injects malicious scripts into trusted websites to be run when a
(XSS) user visits the site.

Command injection attacks include several types:

• SQL injection
Command injection
• LDAP injection
attacks
• XML injection
• Directory traversal

An attack that occurs when the security level of a system is at its lowest,
Zero day exploit
immediately after the discovery of a vulnerability.

Cookies An attack where an attacker injects a meta tag in an HTTP header, making it
manipulation possible to modify a cookie stored in a browser.

An attack where a website running Flash stores data objects (Flash cookies)
LSO attack on a user’s computer that are difficult to detect and remove, and may threaten
the user’s privacy.

An attack where the attacker can merge malicious software or code into a
Attachment attack downloadable file or attachment on a web server so that users download and
execute it on client systems.
Types of Application Attacks (Cont.)

Application Attack Description

An add-on that is meant to look like a normal add-on, except that when a user
Malicious add-ons installs it, malicious content will be injected to target the security loopholes that
are present in a web browser.

An attack where the attacker manipulates the header information passed

Header manipulation
between the web servers and clients in HTTP requests.

An attack in which data goes past the boundary of the destination buffer and
Buffer overflow begins to corrupt adjacent memory, which may cause an app to crash or rogue
code to execute on a system.

An attack in which a computed result is too large to fit in its assigned storage
Integer overflow space, which may lead to crashing or data corruption, and may trigger a buffer
overflow.

An attack that exploits application vulnerabilities by allowing an attacker to

Arbitrary code
execute any command on a victim's machine, potentially taking complete
execution
control over a system.
Types of Application Attacks

Cross-site scripting - This attack is the type of an injection in which there are
some malicious scripts inserted into the websites which are pretty trusted ones
by the users.
Types of Application Attacks

SQL injection - This attack is the technique in which some code injection
method is used.
Types of Application Attacks

LDAP injection - This attack falls into the category of the applications attacks as
well since it is also associated to some applications.
Types of Application Attacks

XML injection - When this attack is taken place, the attack mainly makes some efforts
and has an aim to inject some XML tags into the SOAP message and hence he wants
to modify the source of XML
Types of Application Attacks

Buffer overflow - This term is seed very basically and widely in the computer
programming and security.
Types of Application Attacks

Integer overflow - There is some overflow of integer condition when there is

an integer which is used in the determination of some memory allocation,
concatenation, allocation and something like this.
Types of Application Attacks

Zero-day - It is also known s the zero hour or the day zero attacks.
Types of Application Attacks

Cookies and attachments - There is a possibility that the cookies which are
downloaded are infected ones and the attachments which are downloaded are
also the victim of them.
Types of Application Attacks

LSO (Locally Shared Objects)- Local shared objectives are the pieces of the
data which belong to some website and they are happened when the adobe
flash is stored on the user's computer.
Types of Application Attacks

Malicious add-ons - Sometimes the ads on which are available to get can get
injected and they can turn the computers into botnets, it happened once in
the past when the Firefox got some ad on which created this problem.
Types of Application Attacks

Session hijacking - This is also known as the cookie hijack. In this case, the
computer session or the key session is simply exploited and hence the access
to some unauthorized area is gained to get some information or the service in
a computer.
NETWORK-BASED THREATS,
WIRELESS THREATS, PHYSICAL
THREATS AND
VULNERABILITIES
TCP/IP Basics
❑Standard network protocol used today.
❑A layered suite of many protocols.
❑The logical endpoints of a connection between hosts are called ports.
❑Ports can be open to allow communication or closed to prevent it.
❑Layers:
▪ Network interface/data link
▪ Internet
▪ Transport
▪ Application
Port Scanning Attacks

Port Protocol State

21 FTP Open

53 DNS Closed

80 HTTP Open

110 POP3 Closed

119 NNTP Closed

443 HTTPS Open

Eavesdropping Attacks

An eavesdropping attack can be difficult to detect because the network

transmissions will appear to be operating normally.
Man-in-the-Middle Attacks

Original
Transmission

User User

Man in the Middle

Man-in-the-Middle Attacks is an attack where the attacker secretly relays and

possibly alters the communications between two parties who believe that
they are directly communicating with each other.
Replay Attacks

10:00 A.M.

It is a form of network attack in which a

valid data transmission is maliciously or
fraudulently repeated or delayed.

1:00 P.M.
 Social Network Attacks
▪ Evil twin attack - is a fraudulent Wi-Fi access point that appears to be legitimate but
is set up to eavesdrop on wireless communications.

▪ Account phishing - the act of sending an email to a user falsely claiming to be an

established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft.

▪ Drive-by download - refers to potentially harmful software code that is installed on a

person's computer without the user needing to first accept or even be made aware
of the software installation.
Social Network Attacks

▪ Clickjacking - is a malicious technique of tricking a user into clicking on something

different from what the user perceives
▪ Password stealer - is a Trojan that is designed to gather information from a system.
▪ Spamming - the activity of sending advertisements by email to people who do not
want to receive them
 DoS Attacks

Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator

seeks to make a machine or network resource unavailable to its intended users by
temporarily or indefinitely disrupting services of a host connected to the Internet.
DDoS Attacks

Drones

Distributed denial of service (DDoS) attacks are a subclass of denial of service

(DoS) attacks.
Types of DoS Attacks (1 of 2)

❑ ICMP flood - also known as a Ping flood attack, is a common Denial-of-

Service (DoS) attack in which an attacker attempts to overwhelm a targeted
device with ICMP echo-requests (pings)

❑ UDP flood - attack in which the attacker overwhelms random ports on the
targeted host with IP packets containing UDP datagrams.

❑ SYN flood - an attacker sends a succession of SYN requests to a target's

system in an attempt to consume enough server resources to make the
system unresponsive to legitimate traffic.
Types of DoS Attacks (2 of 2)

❑Buffer overflow- is an anomaly where a program, while writing data to a

buffer, overruns the buffer's boundary and overwrites adjacent memory
locations.

❑Reflected DoS attack - makes use of a potentially legitimate third party

component to send the attack traffic to a victim, ultimately hiding the
attackers’ own identity.

❑Permanent DoS attack - is denial of service via hardware sabotage. During

such an attack, an attacker bricks a device or destroys firmware, rendering the
device or an entire system useless.
Session Hijacking

Legitimate Computer
Session

Stealing
an Active
Session
Cookie

Session hijacking is an attack where a user session is taken over by an attacker.

ARP Poisoning

IP Address

DHCP Server

Redirects
IP Address to Self

ARP poisoning is an attack on the protocol used to determine a device’s hardware

address (MAC address) on the network when the IP address is known.
Transitive Access Attacks
Host File

Grant access
to:

John
Jane
Alice
Frank
…
Bob

Transitive access is a misuse of trust that causes issues with securing information
or control.
DNS Vulnerabilities

Vulnerability Description

An attacker exploits the traditionally open nature of the DNS system to redirect a
DNS poisoning domain name to an IP address of the attacker's choosing.
An attacker sets up a rogue DNS server. This rogue DNS server responds to legitimate
DNS hijacking requests with IP addresses for malicious or non-existent websites.
Wireless Security

Wireless security is the prevention of unauthorized access or damage to computers

or data using wireless networks, which include Wi-Fi networks.
Rogue Access Points

Rogue access points often do not

conform to wireless LAN (WLAN)
security policies, and additionally can
allow anyone with a Wi-Fi device to
connect to your network.

Rogue
Access Point
Evil Twins

dtech devtech
Legitimate Access Point Evil Twin

A rogue wireless access point installed near a legitimate one for purposes of
eavesdropping or phishing.
Jamming

Jamming is a simple, yet highly effective method of causing a DoS on a

wireless LAN.
Bluejacking

Bluejacking is a hacking method that allows an individual to send anonymous

messages to Bluetooth-enabled devices within a certain radius.
Bluesnarfing

Bluesnarfing is a device hack performed when a wireless, Bluetooth-

enabled device is in discoverable mode.
War Driving and War Chalking

War driving also called access point mapping

Warchalking is the drawing of symbols in public places to advertise an open Wi-

Fi network.
Wireless Replay Attacks

The delay or repeat of the data 10:00 A.M.

transmission is carried out by the

sender or by the malicious entity,
who intercepts the data and
retransmits it.

1:00 P.M.
Sinkhole Attacks

Sinkhole attacks are carried out by either hacking a node in the network or
introducing a fabricated node in the network
WEP and WPA Attacks
WEP
CF461
E
IV: CF461E
password
Password
WPA PASSWORD
Passphras
e:
passw0rd p4ssword
passw0rd

Wired Equivalent Privacy (WEP) is used in home / personal as well as enterprise

environments to protect the connection between a wireless device and Wifi
network with a secret key.
A Wi-Fi Protected Access (WPA) cracking attack captures traffic and then performs
an offline brute force attack to discover the encryption key.
WPS Attacks
Checksum

4018 291 7
40182917

10,000 possibilities for 1,000 possibilities for

WPS PIN first four digits next three digits

11,000 possibilities, not 100,000,000

The WPS attack is relatively straightforward using an open source tool

called Reaver.
Physical Security

❑ The implementation and practice of various control mechanisms that

are intended to restrict physical access to facilities.

❑ Assuring the reliability of certain critical infrastructure elements such as

electrical power, data networks, and fire suppression systems.
Physical Security, Threats and Vulnerabilities

• Physical security

• Physical threat

• Physical Vulnerability
Physical Security, Threats and Vulnerabilities

❑ Internal
❑ External
❑ Natural
❑ Man-made
Environmental Threats and Vulnerabilities

❑ Fire
❑ Hurricanes and tornadoes
❑ Flood
❑ Extreme temperature
❑ Extreme humidity
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)