Chapter 2: Network Security Threats ===================================== Overview -------- Chapter 2 introduces the wide range of threats that target network security. These threats may come from malicious attackers, accidental user actions, technical failures, or physical and environmental disasters. Understanding these threats is essential for protecting networked systems. Attacker Motivations -------------------- Attackers target networks for several reasons: - Financial gain - Political or ideological goals - Espionage - Revenge or personal challenge Knowing attacker motivation helps organizations anticipate potential attack methods. The Five Phases of Hacking ---------------------------- Most cyberattacks follow a structured process: 1. **Reconnaissance** - Collecting information about the target - Examples: social media, public records, DNS lookups 2. **Scanning** - Identifying open ports and vulnerabilities - Examples: port scanners, vulnerability scanners 3. **Enumeration** - Gathering detailed system information - Examples: user accounts, network resources 4. **Attacking** - Exploiting discovered vulnerabilities - Examples: malware installation, password attacks 5. **Post-Attack Activities** - Maintaining access and hiding activity - Examples: backdoors, data exfiltration Common Network Security Threats ------------------------------- Malware ~~~~~~~ Malware is software designed to harm or exploit systems. - Viruses - Worms - Trojans - Ransomware - Spyware Hardware and Environmental Threats ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Hardware failures - Power outages or surges - Natural disasters such as fires or floods Insider Threats ~~~~~~~~~~~~~~~ - Users with authorized access - May be intentional or accidental - Often difficult to detect Advanced Network Attacks ------------------------ Session Hijacking ~~~~~~~~~~~~~~~~~ - Takes control of an active user session - Common on unsecured connections Spoofing ~~~~~~~~ - Falsifying identity to appear trusted - Examples include IP, email, and DNS spoofing Man-in-the-Middle (MitM) Attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Intercepts communication between two parties - Can steal or alter data in transit Denial-of-Service Attacks ------------------------- Denial-of-Service (DoS) ~~~~~~~~~~~~~~~~~~~~~~~ - Overloads a system with traffic - Originates from a single source Distributed Denial-of-Service (DDoS) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Uses multiple compromised systems - More difficult to mitigate than DoS attacks Social Engineering ------------------ Social engineering exploits human behavior rather than technical vulnerabilities. - Phishing emails - Impersonation - Deceptive phone calls or messages Defenses and Mitigation Strategies ---------------------------------- - Encryption to protect data - User training and awareness - Access control and least privilege - Monitoring and intrusion detection - Regular patching and updates Key Takeaways ------------- - Cyberattacks typically follow predictable phases - Social engineering is a major security risk - Malware and advanced attacks continue to evolve - Effective security relies on both technical and human defenses