• Choose a category
• All
• Classic-Fiction

Chapter 2

Identifying Potential Risks

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

✓ 1.1 Differentiate among various systems’ security threats.

■ Privilege escalation

■ Virus

■ Worm

■ Trojan

■ Spyware

■ Spam

■ Adware

■ Rootkits

■ Botnets

■ Logic bomb

✓ 1.5 Implement security applications.

■ Antivirus

■ Anti-spam

✓ 2.1 Differentiate between the different ports and protocols, their respective threats and mitigation techniques.

■ Antiquated protocols

■ TCP/IP hijacking

■ Null sessions

■ Spoofing

■ Man-in-the-middle

■ Replay

■ DoS

■ DDoS

■ Domain Name Kiting

■ DNS poisoning

✓ 2.5 Explain the vulnerabilities and mitigations associated with network devices.

■ Privilege escalation

■ Weak passwords

■ Back doors

■ DoS

✓ 4.2 Carry out vulnerability assessments using common tools.

■ Vulnerability scanners

■ OVAL

■ Password crackers

✓ 6.6 Explain the concept of and how to reduce the risks of social engineering.

■ *Phishing

■ Hoaxes

■ Dumpster diving

Everywhere you turn, there are risks. The risks begin the minute you turn a computer on and grow exponentially the moment you slap in a network card. The threat of attack to your network, servers, and workstations can come from many sources. Your job is to implement and maintain measures that can help keep your systems safe from attack. There is a running battle between the people who want to attack your systems and the people who make products and services to help protect your system. Unfortunately, you’re right in the middle of these two extremes, and your network and systems constitute the battlefield.

In this chapter, we’ll look at several types of attacks, as well as some of the reasons your network is vulnerable. In many instances, the vulnerabilities that you must deal with are a result of the operating system’s implementation of networking coupled with the trusting nature of Transmission Control Protocol/Internet Protocol (TCP/IP).

Calculating Attack Strategies

In computing, a lot of the terminology used comes from other fields, such as the military. That seems to be particularly true when it comes to security. Using that line of logic, an attack occurs when an unauthorized individual or group of individuals attempts to access, modify, or damage your systems or environment. These attacks can be fairly simple and unfocused, or they can appear to be almost blitzkrieg-like in their intensity.

One main reason for the differences in attacks is that they occur in many ways and for different reasons. Regardless of how they occur, they are generally used to accomplish one or more of these three goals:

■ In an access attack, someone who should not be able to wants to access your resources.

■ During a modification and repudiation attack, someone wants to modify information in your systems.

■ A denial-of-service (DoS) attack is an attempt to disrupt your network and services. When your system becomes so busy responding to illegitimate requests, it can prevent authorized users from having access.

Those who are attacking you might be doing it for the sheer fun of it, they might be criminals attempting to steal from you, or they might be individuals or groups who are using the attack to make a political statement or commit an act of terrorism. Regardless of the motive, your job is to protect the people you work with from these acts of aggression. You are, in many cases, the only person in your organization charged with the responsibility of repulsing these attacks.

The following sections deal with the general types of attacks you’ll experience.

The attacks described in the following sections are considered attack strategies. We’ll look at the specific attacks—each of which will fall within one or more of these strategies—later in this chapter, in the section titled “Recognizing Common Attacks.