Fatskills
Practice. Master. Repeat.
Study Guide: SSCP: 5. Attacks
Source: https://www.fatskills.com/systems-security-certified-practitioner-sscp/chapter/sscp-5-attacks

SSCP: 5. Attacks

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~5 min read

Traditional definitions indicate that hackers aren’t malicious, but crackers are. However, the media generally uses the term hacker to identify anyone who launches attacks on computers or computer systems with malicious intent. Some security professionals separate the good guys from the bad guys with terms such as white hats and black hats and refer to anyone who attacks with malicious intent as an attacker. An advanced persistent threat (APT) is a state-sponsored group that has both the capability and intent to carry out successful attacks. Insider threats often cause accidental losses by not following security policies, and allowing outside attackers into an organization.
Attackers are constantly modifying their attack strategies just as IT security professionals are constantly modifying their countermeasure strategies. Even though attacks have changed over the years, many attacks share common characteristics. By understanding past attack methods, it is easier to respond to new threats and understand the need for certain countermeasures. Basic countermeasures include patching systems, hardening systems, increasing user awareness, and implementing intrusion detection and protection systems (IDPSs).
Attackers often use spoofing techniques, such as modifying the source IP address, the source MAC address, or the From field in an e-mail. Data theft refers to any attack that allows an attacker to exfiltrate data. A denial of service (DoS) attack launches an attack on a single system from a single system. A distributed DoS (DDoS) attack launches an attack on a single system from multiple systems. A botnet is a group of computers (called zombies) controlled by an attacker through a command and control center. A botnet can control tens of thousands of computers, and some have controlled over a million computers. Criminals rent out the botnets to others for money, and these botnets are used to launch attacks and send out spam.
Some attacks attempt to gain information about a network and/or traffic sent over a network. Sniffing attacks use protocol analyzers to capture data sent over a network. If the data is sent in cleartext, the attacker can read the data with the protocol analyzer. Reconnaissance attacks (such as ping sweeps) attempt to discover active IP addresses on a network. Fingerprinting attacks (such as port and service scans and TCP/IP analysis) attempt to identify details of individual systems.
Man-in-the-middle (MITM) attacks capture traffic sent between two systems, typically with a sniffer or protocol analyzer. Advanced MITM attacks can create two TLS sessions, giving the user the impression they have a secure HTTPS session, but all data is still viewable on the attacking system. A replay attack starts as an MITM attack. It then uses the captured data to impersonate one of the systems. A session hijacking attack captures information from a TCP/IP session and attempts to take over the session by impersonating one of the parties.
Domain Name System (DNS) cache poisoning attacks attempt to redirect users to alternate sites. Domain Name System Security Extensions (DNSSEC) helps prevent DNS cache poisoning.
Organizations that host their own websites need to implement software security. Countermeasures include input validation, application review, code signing, and sandboxing. Input validation is the most important countermeasure. It checks all input data before using it to ensure it is valid. It helps prevent many attacks, including buffer overflow attacks, SQL injection attacks, cross-site scripting (XSS) attacks, and cross-site request forgery (CSRF) attacks. A buffer overflow attack sends unexpected data to an application and exposes normally protected memory areas. SQL injection attacks send embedded SQL statements as input to access backend databases. An XSS attack exploits the user’s trust of a website and downloads code onto the user’s system. A CSRF attack exploits the trust that a site has in the user’s browser and attempts to send unauthorized commands from the user’s system to the website.
Password attacks attempt to discover a user’s password. Using strong, complex passwords helps thwart many password attacks. Passwords are typically stored in a hashed format. Older hashing functions such as MD5 should not be used to hash passwords. Newer hashing functions such as SHA-3 provide more security. Salting passwords with additional bits helps thwart rainbow table attacks.
Phishing is a form of social engineering that uses e-mail. The attacker sends out massive amounts of spam (unsolicited e-mail) hoping that someone responds by either clicking a link or responding to the e-mail with sensitive information such as a username and password. Simply by clicking the link, the responder can install malware on their system through a drive-by download. Variations on phishing attacks include spear phishing (targeted at an organization), whaling (targeted at a specific person, such as an executive), vishing (using telephones or VoIP), and smishing (using text or SMS messages).
Social engineering is the practice of using primarily nontechnical means to get people to give up sensitive data or perform actions they wouldn’t normally perform. A social engineer uses deception and fraud to trick or manipulate people into giving up information they wouldn’t normally give up. Tailgating occurs when one person enters a controlled space without providing credentials by following closely behind someone else who has used his or her credentials. Social engineers sometimes impersonate others, either in person or over the phone. Dumpster diving is the practice of sorting through trash to get potentially useful information that may have been thrown away.
A primary method of combating social engineering attacks is through training. The goal is to raise user awareness and change user behaviors from unsafe actions to safe actions. Training can be completed when a person is initially hired, annually, and/or periodically throughout the year. Training can consist of live presentations, online presentations, periodic e-mails, articles in newsletters, or any other means that an organization finds effective.



ADVERTISEMENT