This is the last of a series of posts about the CCNA Cyber Ops certification, you can find the fifth part here.

6.1 Compare and contrast an attack surface and vulnerability: The attack surface of a software environment is the sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. A vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

6.2 Describe these network attacks

• 6.2.a Denial of service: (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
• 6.2.b Distributed denial of service: A distributed denial-of-service (DDoS) is a cyber-attack where the perpetrator uses more than one, often thousands of, unique IP addresses.
• 6.2.c Man-in-the-middle: an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

6.3 Describe these web application attacks

• 6.3.a SQL injection: is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
• 6.3.b Command injections: Command injection is an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.
• 6.3.c Cross-site scripting: (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

6.4 Describe these attacks

• 6.4.a Social engineering: An attack based on deceiving end users or administrators at a target site. Social engineering attacks are typically carried out by email or by contacting users by phone and impersonating an authorized user, in an attempt to gain unauthorized access to a system or application.
• 6.4.b Phishing: Phishing is misrepresentation where the criminal uses social engineering to appear as a trusted identity.
• 6.4.c Evasion methods: bypassing an information security device in order to deliver an exploit, attack, or another form of malware to a target network or system, without detection.

6.5 Describe these endpoint-based attacks

• 6.5.a Buffer overflows: is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
• 6.5.b Command and control (C2): the term refers to the influence an attacker has over a compromised computer system that they control.
• 6.5.c Malware: short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
• 6.5.d Rootkit: is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
• 6.5.e Port scanning: probing a server or host for open ports.
• 6.5.f Host profiling: Identifying groups of Internet hosts with a similar behavior or configuration.

6.6 Describe these evasion methods

• 6.6.a Encryption and tunneling: One common method of evasion used by attackers is to avoid detection simply by encrypting the packets or putting them in a secure tunnel.
• 6.6.b Resource exhaustion: A common method of evasion used by attackers is extreme resource consumption, though this subtle method doesn’t matter if such a denial is against the device or the personnel managing the device. Specialized tools can be used to create a large number of alarms that consume the resources of the IPS device and prevent attacks from being logged.
• 6.6.c Traffic fragmentation: Fragmentation of traffic was one of the early network IPS evasion techniques used to attempt to bypass the network IPS sensor.
• 6.6.d Protocol-level misinterpretation: Attackers also evade detection by causing the network IPS sensor to misinterpret the end-to-end meaning of network protocols.
• 6.6.e Traffic substitution and insertion: is when that attacker attempts to substitute payload data with other data in a different format, but the same meaning. A network IPS sensor may miss such malicious payloads if it looks for data in a particular format and doesn’t recognize the true meaning of the data.
• 6.6.f Pivot: refers to a method used by penetration testers that use the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.

6.7 Define privilege escalation

Privilege Escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

6.8 Compare and contrast remote exploit and a local exploit

A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator.

Well, that is all for now and please, don’t open that link on your inbox if you don’t know who the sender is.