The Attacker’s Arsenal

Back>
Instead of writing a whole book for this topic, I'm gonna to place a video and an example here.

Video, "Hacking Methodologies"

This video is about "Viruses, trojans, worms, phishing, spyware, spam"
This video contains a fairly complete list of computer malware.

There are many factors which can pose threats to the network security.

• Hardware threats invove threats of physical damage to the router or switch hardware. For example, an unauthorized personnel entered the room where the network equipments locate then set a fire. Mission-critical Cisco network equipment should be locked in wiring closets or computer rooms with secured access point which only allow authorized personnel to access. It is recommanded to log all entry attempts via electronic access control system and monitor the activity via security cameras with automatic recording.


• Enviromental threats involve threats caused by physical enviroment, such as temperature extremes or homidity extremes. For example, the room gets too hot or too wet. To prevent eviromental threats, the room should be monitored via dependable temperature and humidity control systems. The electrostatic and magnetic interference sources should be removed in the room. It is recommanded to monitor and alarm the enviromental parameters of the room remotely.


• Electrical threats include voltage spikes, insufficient supply voltage, noise in the power supply and total power loss. Electrical threats can be avoid by installing uninterruptible power supply (UPS) systems, backup generator systems, redundant power supplies and regularly testing the power systems.


• Maintenance threats include poor handling of key electronic components, electrostatic discharge (ESD), lack of critical spares, poor cabling, poor labeling, and so on. To prevent maintenance threats, you should clearly label all equipment cabling and secure the cabling to equipment racks. Use cable runs, raceways, or both to traverse rack-to-ceiling or rack-to-rack connections. Always follow ESD procedures when replacing or working with internal router and switch device components. Maintain a stock of critical spares for emergency use. Do not leave a console connected to and logged into any console port. Always log off administrative interfaces when leaving a station.


• In a man-in-the-middle attack, an intruder intercepts the traffic being transmitted and then rewrites the information in the packets and re-transmits modified packets to the sender. Man-in-the-middle attacks are often implemented using tools like packet sniffers, and routing and transport protocols. This attack is commonly used for the following:
  * Information theft
  * Session hijacking to gain access to the internal network
  * Information about the network and users
  * Corruption of transmitted data
  * Introduction of new network session information


• In an access attack, an intruder tries to gain access to a network device or an application.


• In a reconnaissance attack, the intruder tries to gather information about the network to determine how the targeted system or the network is organized. The intruder also tries to search and map the vulnerabilities on the network. This type of attack is normally followed by an attack on the open vulnerability found by the intruder.


• In a DoS attack, an intruder attacks the computer system in such a way that legitimate users are denied access to the network, system, or services.


• In a password attack, the intruder attempts to identify a user account, password, or both. They get the purpose with brute-force, Trojan horse programs, IP spoofing, or packet sniffers. To prevent password attack, you should not use the same password on multiple system; your passwords should be strong, that is, at least eight characters long with uppercase letters, lowercase letters, numbers and special characters; the system should disable accounts after many unsuccessful logins; the system should not store passwords as plaintext, it should encrypt passwords.

pen test

The following is an imaginary hacking scenario:

Network Penetration  

Pre-connection: at the beginning, a hacker has a computer with a wireless card. She starts to gather information about the networks and computers around her and launch a number of attacks without a password, such as disturbing the electromagnetic fields to deny any device from connecting to any device. She might create a fake access point, attract users to connect to it and capture any important information they enter.

Gaining Access: Now that she has gathered information about the networks around her and found her target, she will crack the key and gain access to the target network. There are many methods to crack WEP/WPA/WPA2 encryption.

Post Connection: Now she uses the cracked key to connect to the target network, she also cracked the WEP/WPA/WPA2 encryption, so everything flying with wireless are plain text to her, including the passwords. She then launch a number of attacks that will allow her to gain access to any account accessed by any device connected to the network and read all the traffic used by these devices (images, videos, audio, passwords ...etc).

Gaining Access 

At this stage,  she will gain full control over the computer system.

Server Side Attacks:  She starts with gathering information about a target computer system such as its operating system, open ports, installed services and discover weaknesses and vulnerabilities. She then exploits these weaknesses to gain full control over the target. For example, if the target system is a web server, she will gather information about the target website, such as website owner, server location, used technologies and much more. Once she discover and exploit a number of dangerous vulnerabilities such as SQL injections, XSS vulnerabilities, etc, she might find ways to steal admin's session in order to add herself as an admin, or find admin password in SQL database, or create buffer overflow situation to gain better privilege than the web container has.

Client Side Attacks: If the target system does not contain any weaknesses then the only way to gain access to it is by interacting with the user. In this approach she will launch attacks to fool the target user and get them to install a backdoor on their device. This is done by creating fake updates and serving them to the user or by backdoornig downloaded files on the fly. She will gather information about the target person and use social engineering to deliver a backdoor to them as an image or any other file type.

Post Exploitation 

At this stage, she is able to access the file system (read/write/upload/execute), maintain her access, spy on the target for sensitive information such as password and even use the target computer as a pivot to hack other computer systems.



CCENT will ask you to Explain general methods to mitigate common security threats to network devices, hosts, and applications.

CCENT will ask you to Describe security recommended practices including initial steps to secure network devices.

Good luck for your CCENT and CCNA exam.

ICND1 and ICND2 break down