Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:01
Welcome to Part three of Section one dot to the Company of Security, Plus example, where we're talking about comparing and contrasting types of attacks
00:10
in this video will be addressing network and wireless attacks. Section 1.2 talks about many different types of attacks.
00:19
This part I'll be talking about hijacking and related attacks such as Click Jackie Session Hijacking Your L Hijacking, Mac and I P Spoofing
00:30
also discussed network and wireless tax, such as denial of service Man in the middle. Amplification are poisoning rogue access, points jamming and blue jacket.
00:42
Hijacking Attack
00:44
tries to take over an application or Web browser from the name to user.
00:49
There are multiple forms. First we'll talk about is click Jacket, where it's tricking a Web user into clicking on a spoofed button or graphic. An attacker uses multiple transparent or opaque layers to trick a user into clicking a button or link on another page. When they were intending to click on the top level page,
01:07
there's also session hijacking or cookie hijacking.
01:10
We're in exploitation of a valid computer session to gain unauthorized access to information or service is it's exploiting that valid computer session through a cookie
01:21
third type is that you are l hijacking, also known as typo Squatting, where the attacker registers a domain similar to a well known domain such as Google. You see some examples on your screen. Some people might not notice the three O's in Google.
01:37
Computer networks are also platforms for hijacking.
01:41
Common form is Mac spoofing the media access control addresses hard coded into a network interface card. We use network interface cards for any type of networking I P based.
01:53
Some drivers allow the Mac address to be changed so I can change my Mac address as an attacker to be your Mac address. To defeat some security defenses,
02:05
you see the example on your screen.
02:07
Eyepiece moving is a similar type of attack, although it's against the I p layer of the network. It's a technique used to gain unauthorized access to machines whereby the attacker illicitly impersonates another machine by manipulating I P. Packet
02:23
I p spoofing involves modifying the packet header with a forge were spoofed I P. Address a check some and the order value.
02:31
The graphic on your screen shows how it is done.
02:36
ARP spoofing is another form of a network hijack attack
02:39
are is on layer two of the O S. I levels.
02:44
It's when an attacker sends a fake AARP address resolution protocol message over a local area network.
02:51
This results in the linking of Attackers Mac address with the I P address of a legitimate computer or server network.
02:59
A man in the middle attack is another form of network attack. It's where an attacker secretly relays and possibly alters the communication between two parties who believe they're directly communicating with each other.
03:12
You see the example on your screen someone who's bypassing between a client and a server
03:16
attacker me. Either observe confidentiality, attack or alter the data.
03:23
A denial of service attack or DOS attack physically preventing access to resources by users authorized to use those It's attacking systems availability.
03:35
It may accomplish the ability to deny access to information applications systems so could be done over the network. Or it could be done within a system to take down an application. It could be used to crash the operating system to force a reboot, potentially to install malicious software
03:53
or can fill the communications channel of a network and prevent access by any authorized users.
04:00
a distributed denial of service. Attack di Das is a form of a DOS attack. It's using multiple compromised computer systems as the source of the network traffic, so we'll have hundreds of zombie computers attacking the victim. It amplifies the concept of a DOS attack by using multiple computer systems,
04:18
often through botnets, to conduct the attack
04:21
against a single system or organization.
04:26
There are many examples of DOS and de DOS attacks. I recommend you read about
04:30
ways to prevent or protect against DOS and de das attacks. First is to work with your Internet service provider or network provider. They will often provide some layers of defense for you and your organization.
04:46
You can also installed border protection, such as an intrusion detection protection system.
04:51
Updating your network appliance is operating systems and applications is also another good defense mechanism.
04:59
Lastly, and user system should be up to date and you should deploy anti virus basically, to reduce the prevalence of bots on end user systems, consider these and other good Adidas and Das prevention mechanisms.
05:13
Another attack methodology we see is the amplification attack. The goal of the Attackers to get the response to the request to a greater than a 1 to 1 ratio. Additional band with traffic works to congest and slow the responding server down. It amplifies what is currently happening.
05:30
Ratio achieved is known as the amplification factor, and high numbers are possible with UDP based protocols such as NTP Charge in and D. N s. It's usually employed as part of Adidas Attack
05:46
Domain Hijacking D. N s Poisoning. Indian s spoofing takes advantage of address resolution If you recall D. N s domain name system is the address resolution protocol that is used to translate common names Web You are l's to their corresponding i p addresses.
06:03
Deanna's poisoning occurs when attacker alters the domain name toe I p address map ings in a. D. N s system to redirect traffic, toe a rogue system or perform a DOS attack.
06:15
Dina spoofing is when an attacker sense false replies to requesting system in place of a valid D. N s response.
06:24
Protections include using your own internal well known DNA servers and use authoritative DNA sources.
06:32
Wireless networks are also under attack.
06:35
One method is using an evil twin. It's where the attacker installs a wireless access point that acts like the wireless access point installed by the well known service. It's a rogue wireless access point, posing as a legitimate wireless service provider to intercept information that a user transmits
06:55
Rogue Access Point is any wireless access point added to your network that has not been authorized. So say someone runs out the best buy or new organization to buy their own wireless access point plugs it into your production network. That's a rogue. A P
07:11
initialization vector is a concept we talk about in the encryption section. It's an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed on Lee one time in any session. If the ivy is weak, as in with wireless equivalency protocol Web,
07:30
it may be reused.
07:32
Jamming is another form of wireless tact, where you're causing interference with wireless signal so it's preventing others from using that WiFi service.
07:44
Not only are their attacks against I P wireless networks but also personal area network using Bluetooth blue jacking is one example. It's sending unsolicited messages like spam over Bluetooth connection so you could get Bluetooth spam on your watch for example,
08:03
Blue snarfing is the gaining of unauthorized access through a Bluetooth connection, also intercepting data through that Bluetooth connection. So if someone was blue snarfing, they could see the messages that came to my watch or how many steps I took today.
08:18
In this video, I discussed hijacking network and wireless attacks. Let's practice on a few sample questions. Question one
08:26
of the blow term, which one best describes the type of attack that captures portions of a session to play back later to convince a host that it continues to communicate with the original system.
08:39
The answer is D replay attack. This is the definition for replay attack
08:46
question, too.
08:48
You have a user call you from the hotel saying there's an issue with your organization's website and that it looks like it's been compromised.
08:56
You check it from your work and it appears fine. What is a likely cause associated with the user at a hotel?
09:03
The answer is
09:05
B. D. N s poisoning. Most likely, the hotel's D. N s has been compromised, so that hotel user is goingto a different website and not actually your organization's website.
09:18
This concludes Part three, where I talked about network wireless attacks and this concludes section 1.2 of the Company of Security Plus example, where I talked about comparing and contrasting the different types of attacks.
09:35
Refer to your study material form or information.

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor