Key security concepts

- The only sure way to secure a network is to unplug all its connections and its power cables. Unfortunately this defeats the purpose of having a network to begin with. To begin understanding how to secure a network, you really need a common language to describe the various mechanisms in play. The first term is vulnerability. Imagine a concrete bunker with only a single door. The single door becomes the primary vulnerability. In security terms, a vulnerability is any weakness that can compromise the security of a system. Say that the door to my bunker is very secure but I come up with a way to open the door other than the intended fashion. This is known as an exploit. A vulnerability in an exploit by themselves require another key component. Me. If a vulnerability exists and I use an exploit against it, then I am considered a threat. A mitigation technique is any measure taken to prevent or stop any malicious behavior. A common attack type is a spoofing attack. In essence it's when an attacker pretends to be a legitimate host or service. It could be sending packets pretending to be sourced from a different IP or pretending to be a known good DNS or DHCP server. It's not just IP addresses that can be spoofed for nefarious reasons. MAC addresses are also vulnerable. A technique known as DHCP starvation is where an attacker makes request to a DHCP server via spoof MAC addresses repeatedly until the server no longer has addresses to hand out from that pool. Another attack type is a denial of service or DoS. A DoS attack is one in which an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services. A simple DoS attack could be against a standard web server. An attacker can send copious TCP SYN packets. The server will then respond back with SYN ACK packets and wait for an act from the client. Since the attacker never responds, the TCP connections sit on the server until timeout and eventually the server will exhaust all of its resources. Now when a legitimate user attempts to connect, the server will either not respond or be so deprived of resources that it'll be unusable. DoS attacks exist in many forms. Often they are performed by many hosts attacking a single target at once. These attacks are known as distributed denial of service attacks. Reflection and amplification attacks are another from of DoS attack. Reflection attacks start by spoofing a target's IP address. This spoof traffic will be sent to a host, usually requesting some sort of information. When the host responds, it will do so to the target's IP. In some cases like a DNS amplification attack, a small amount of information will be sent to the reflecting host. And then that host will respond back to the target machine's address with a larger amount of traffic. This small to larger ratio is known as amplification attacks. A man-in-the-middle attack is an interesting one. An attacker through various means, will insert themselves between a host and the destination of their traffic. In essence they will accept the customer's traffic, monitor or manipulate it, and pass it along. The name clearly indicates what happens. The attacker inserts themselves in the middle. A reconnaissance attack is simply an attacker using various tools to look for potential vulnerabilities. They will often look for open ports and their protocols as well as what versions of services may be running. Malware is malicious software designed to compromise a user's computer. Malware comes in many flavors. A Trojan horse hides inside a piece of software waiting for an unsuspecting user to install it. A virus is a piece of code that will inject itself into a software application. It will then wait for a user to help it spread to another system. A worm is a malicious piece of software that once installed, will begin spreading itself to any and every other system available. I would wholly expect to see a few of these key terms on the test. So be sure to review again before the exam.