Chapter 17 Common Types of Attacks

So, let's talk about some other technology-based attacks.  

The first one that we're going to talk about is a password attack.  

It's one of the most common attacks where they try to crack or disclose passwords that can lead to server data breaches.  

That's generally the end game of a phishing attack, is to try and get your passwords. 

So, one way they can do it is called a brute force attack. 

That's where the attacker attempts every possible combination of numbers and letters that could be in a password.  

They use software to do this, where they just try to brute force it to A, either they get in or B, the system locks them out. 

And then another type is called a dictionary attack. 

I want to step back one second to brute force. 

Setting an account lockout policy is the simplest way to terminate that. 

 So, if you have it set to three tries and you're done, and help desk has to unlock it for you, that takes care of brute force attacks real quick. 

The next one is a dictionary attack.  

A dictionary attack uses all the words in the dictionary until a key is discovered that successfully decrypts the cipher text. 

This attack requires considerable time and processing power and is very difficult to complete. 

It also requires a comprehensive Dictionary of words, but it's not just words, also passwords. 

They will create a Dictionary of passwords and try to hack you that way.  

So, the next thing we want to talk about is Mac Spoofing.  

It's the assumption of another system's Mac address for the following purpose. 

To pass it through a Mac address filter, to receive data intended for another system, and to impersonate a Gator, a gateway like a router interface for the purpose of receiving all the data, leaving a subnet. 

Mac spoofing is the reason we don't rely solely on security Layer 2, which houses the Mac address, filters best practices call for basing access on users accounts rather than device properties such as the IP address or the Mac address. 

Another spoofing is IP spoofing.  

It's the process of changing a source IP address so that when a computer appears to be a different computer, that's usually done to get traffic through a firewall that would normally not be allowed.  

So basically, I set my IP address to look like one on your network so I can get through your firewall and do the bad things that I want to. 

Then De-authentication: 

It's a wireless de-authentication attack is a form of a DoS attack in which the attacker sends a large number of management packets called the authentication frames, on a wireless LAN, causing stations to be disconnected from the access point. 

Basically, it's packets that come through and say, “Hey, this person isn't authenticated,” and kicks them out of the server. 

So you have to try to keep getting back on. 

You can kick everybody out and it does, it just slows you down. 

As an employee or you may get locked out, you may get kicked out so often you just get frustrated and stop working for a while.