Join Mike Meyers for an in-depth discussion in this video Threats, part of CompTIA Network+ Exam Prep (N10-006) Part 7: Managing the Network.
- View Offline
- CompTIA doesn't really say this but in my opinion they treat the Network + as kind of like the next step after taking the A+ exams. Now, you don't have to do that, and lots of people take the CompTIA Net + without ever taking the A+, but there are certain things within the objectives of the Network + that kinda tell you that that's what they're assuming. A great example would viruses. There are two objectives within the Network + exam that talk about viruses and worms. Now, I just happen to have a virus right here I'd like to show you.
Okay, he's not really...yep, he is a virus. Now, this is a HEP2C 1997, it's an old virus, okay? Anyway, the idea behind a virus is that a virus is a bad thing that is going to do two things. Number one, it's going to make copies of itself through some method or another. And, the second thing it's going to do is activate, it's going to do something usually bad to the infected system. The idea of virus predates the internet. Back in the old days a virus was something that was transferred by, well believe it or not, floppy diskettes, things like that.
So, the whole idea of the classic virus kind of fades out, I'm surprised it's even still in the Network +. 'Cause what happened is the internet came along and allowed us to start creating worms. A worm is a piece of malware that uses the internet, in particular TCP/IP networks, to be more detailed to propigate, and remember a virus has to do two things it has to propigate, and it has to activate. So, a worm really is a virus.
But, it propigates using the internet. So, this entire concept of virus and worm, I mean forget it, it doesn't even make sense anymore. Today, we just use the word malware. The Network + doesn't expect you to know that much about malware. In fact, it expects you to have already known it. This is interesting because you're gonna see questions on the Network + that are gonna ask you basics about malware, because they assume that it's assumed knowledge and I think they're right. I mean who doesn't have a good anti-malware program running on their computers anymore.
Well, to those three of you who aren't, shame on you all right? So, you know, the classic things that we always run into: slowed down systems, unsolicited popups, all that type of stuff are signs of malware. And, the only thing I'm gonna remind you about, and you should know this too, is that you should have definition file updates. Every now and then your anti-malware program needs to know about the new malware out there and it needs to be updated. So, that all I'm gonna be saying about that. The other area that we worry about, and this is a much bigger area, is when people try to attack our networks.
Now, it is really hard to aggressively attack a network in order to do things like to try to take control of the network, or to try to grab data. Now, it can be done by, you know, you find the right people, they know how to do it. But, most of the time your network just isn't interesting enough to motivate for people to do that. So, a far more common issue that we run into is what we call Denial of Service attacks. So, to understand the Denial of Service attack let's take a look at a server.
A Denial of Service attack is one of the most common attacks that you can do to an individual computer. The idea behind Denial of Service is to make your target so busy that he can't respond to anything and you, in essence, take him down. Denial of Service attacks have been around for a long time and they're still very common and they're still very, very dangerous. So, to do a Denial of Service attack what we need to start off with is a target, somebody we don't like. Web pages are usually one of the most common things we're gonna see here. So, let's pretend like this is a web server.
So, I'm going to bring my attacking computer online. So, what my attacking computer's going to do is he's going to be sending him ICMP packets. These are usually going to be malformed ping packets that this computer doesn't know what to do with. So, I'll send him a ping that's all kind of messed up and as a result he won't know how to respond to it and if I keep sending him enough packets his buffers will overflow and it could end up rebooting the computer, locking up the server, whatever it might be.
Now, the problem with that is that these are usually powerful computers and they're designed to handle some amount of problem packets. So, what if we instead of just having one computer, what if we suddenly had two, three, four, a gazillion computers all sending malformed packets simultaneously. When all of these devices are sending malformed ICMP packets to this one device it's gonna be brought down. And, this is what we call a Distributed Denial of Service attack, or DDOS.
This is extremely common today. One of the big problems we run into is that a lot of the malware that we see out there today is little programs that are installed on yours, and mine, and other people's computers and they're what we call Zombie computers. They are very small programs, they don't cause any trouble at all, until there's a certain point where the guy who's controlling all these computers decides to unleash them and then suddenly your computer, my computer, and all the other infected computers start attacking a particular target and bringing it down.
And, that's probably the number one malware issue we have today is through DDOS. So, if anybody says they're computer's zombified basically it has some form of malware in it and they're gettin' it cleaned up. Now, Distributed Denial of Service attacks, there we go, are a big issue, but there's one other kind of interesting issue and that is a Smurf attack. Now, a Smurf attack is kind of like a Distributed Denial of Service attack, but what it does instead is that it will go ahead and send out, using a bunch of computers, a spoofed source address.
So, in this case we will take all of our computers out here and we'll have them send something, and it doesn't even have to be to one particular computer, we can send it to other computers, but they all have the target's address as the source address for the problem. And then, what will take place is that all of these devices are trying to respond back to the source and so the source gets nailed with all of this again, Denial of Service attack from all kinds of computers from all over the place.
So, Denial of Service is a big issue and the big bad guy are Smurfs. Now, not all problems take place in electronics land, I love it in the movies where it's always the bad guy hackers, you know, and they're just sitting there and they're doing all kinds of bad guy stuff. Actually, a lot of trouble takes place in the world of what we call social engineering, and probably the best place to start all this would be in a dumpster.
We are now a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.