Summary

This chapter focused on the types of attacks that you will encounter and your vulnerabilities. You learned the areas where you are the most vulnerable, including:

  • Attack methods

  • TCP/IP

  • Malicious code

  • Social engineering

Attack methods include Denial of Service, Distributed Denial of Service, back door attacks, spoofing attacks, man in the middle attacks, and replay attacks. Each of these attacks takes advantage of inherent weaknesses in the network technologies most commonly used today.

TCP/IP is particularly vulnerable to attacks at the Host-to-Host or Transport layer and the IP layer. Transport layer attacks are designed to take advantage of the synchronization method used by TCP, the unsynchronized characteristics of UDP, and the maintenance messages generated by ICMP.

Common attacks on TCP include the SYN or ACK flood attack, TCP sequence number attack, and TCP/IP hijacking.

UDP is vulnerable to flooding attacks. Flooding attacks are DoS attacks, and they are designed to prevent access by authorized users.

TCP/IP uses protocols and services at each layer of the network model. These protocols and services offer ports to receive and send messages to other services or applications. The ports are vulnerable to attack depending on the protocol. Thousands of ports are available for use in TCP/IP. The ports numbered below 1024 are considered well known, and they usually require administrative access to be used.

Applications interface with the TCP/IP protocol suite using either APIs or Windows sockets. These interfaces are well established and published.

Each layer of the protocol suite communicates with the layers above and below it. The process of preparing a message for transmission involves adding headers as the packet moves down this stream. This process is called encapsulation.

Malicious code describes an entire family of software that has nefarious intentions in your networks and computers. This includes viruses, Trojan horses, logic bombs, and worms. Viruses and worms are becoming a major problem on the Internet. The best prevention methods available include anti- virus software and user education.

The process of using human intelligence to acquire access to information and systems is called social engineering. Social engineering involves someone contacting a member of the organization and attempting to con them out of account and password information. The best method of minimizing social engineering attacks is user education and positive verification of the identity of the person committing the attack.

Audit files and system logs are a very effective manner of tracking activity in a network or on a server. These logs should be reviewed regularly to identify if unauthorized activity is occurring. Systems should be routinely inspected to verify whether physical security procedures are being followed.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net