1. OVERVIEW OF INFORMATION SECURITY

2. INFORMATION AND NETWORK SECURITY POLICIES

3. CRYPTOGRAPHY AND PKI

4. NETWORK SECURITY APPLICATIONS

5. DESIGN PRINCIPLES

6. COMPLIANCE EVALUATION SYSTEM AND LAW

7. MALICIOUS LOGIC AND ATTACKS

8. VULNERABILITY ANALYSIS AND IT AUDIT

9. INTRUSION DETECTION AND LOG ANALYSIS

LAB WORK -ISA

SOLVED PRACTICE QUESTIONS

Common Attacks and Examples

SOME COMMON ATTACKS 

1. Phishing Attacks

Description: Phishing attacks involve tricking individuals into revealing sensitive information, such as usernames, passwords, or credit card details, by pretending to be a trustworthy entity in electronic communications.

Example: A phishing email appears to be from a legitimate bank, asking the recipient to click a link to verify their account information. The link leads to a fake website that looks like the bank's site, where the victim is prompted to enter their credentials.

2. Malware Attacks

Description: Malware is malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Common types of malware include viruses, worms, Trojans, and ransomware.

Example: The WannaCry ransomware attack in 2017 infected hundreds of thousands of computers worldwide, encrypting files and demanding a ransom payment in Bitcoin to decrypt the files.

3. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Description: DoS and DDoS attacks aim to make a network service unavailable by overwhelming it with a flood of illegitimate requests, thereby disrupting legitimate traffic.

Example: In October 2016, a massive DDoS attack targeted Dyn, a major DNS provider, using a botnet composed of IoT devices. This attack caused widespread disruption, affecting major websites like Twitter, Netflix, and Reddit.

4. Man-in-the-Middle (MitM) Attacks

Description: MitM attacks occur when an attacker intercepts and potentially alters the communication between two parties without their knowledge. This can lead to data theft or unauthorized actions.

Example: An attacker sets up a rogue Wi-Fi hotspot in a public place. When users connect to the hotspot and access the internet, the attacker intercepts their data, including login credentials and other sensitive information.

5. SQL Injection Attacks

Description: SQL injection attacks involve inserting or "injecting" malicious SQL code into a query to manipulate a database, allowing attackers to view, modify, or delete data.

Example: A vulnerable web application accepts user input for a search query without proper validation. An attacker enters an SQL statement that returns all user data from the database, exposing sensitive information.

6. Cross-Site Scripting (XSS) Attacks

Description: XSS attacks occur when an attacker injects malicious scripts into web pages viewed by other users. These scripts can steal cookies, session tokens, or other sensitive information.

Example: A message board allows users to post comments without sanitizing input. An attacker posts a comment containing a malicious JavaScript code that executes when other users view the comment, stealing their session cookies.

7. Social Engineering Attacks

Description: Social engineering attacks exploit human psychology to manipulate individuals into divulging confidential information or performing actions that compromise security.

Example: An attacker calls an employee, pretending to be from the IT department, and asks for their password to "fix an issue". The unsuspecting employee provides the password, giving the attacker access to the system.

8. Password Attacks

Description: Password attacks aim to obtain or guess a user's password, enabling unauthorized access to systems and data. Common methods include brute-force attacks, dictionary attacks, and password spraying.

Example: In a brute-force attack, an attacker uses automated tools to try every possible combination of characters until the correct password is found.

9. Zero-Day Exploits

Description: Zero-day exploits target vulnerabilities in software that are unknown to the software vendor and for which no patch exists. These attacks can be particularly dangerous as there is no immediate defense.

Example: The Stuxnet worm exploited multiple zero-day vulnerabilities in Windows to target and damage Iran's nuclear facilities by causing centrifuges to malfunction.

10. Insider Threats

Description: Insider threats involve malicious actions taken by individuals within an organization, such as employees or contractors, who have legitimate access to the organization's systems and data.

Example: A disgruntled employee with access to sensitive customer data decides to sell this information to a competitor or use it for personal gain.

Mitigation Strategies:

  1. Phishing:

    • Educate users on recognizing phishing attempts.
    • Use email filtering and anti-phishing tools.

  2. Malware:

    • Keep antivirus and anti-malware software updated.
    • Regularly update systems and applications to patch vulnerabilities.

  3. DoS/DDoS:

    • Use network security tools like firewalls and DDoS protection services.
    • Monitor traffic to identify and mitigate attacks early.

  4. MitM:

    • Use encryption protocols like HTTPS.
    • Avoid using unsecured public Wi-Fi for sensitive transactions.

  5. SQL Injection:

    • Use parameterized queries and prepared statements.
    • Validate and sanitize user inputs.

  6. XSS:

    • Sanitize and encode user inputs.
    • Implement Content Security Policy (CSP).

  7. Social Engineering:

    • Train employees on security awareness and procedures.
    • Implement strict verification processes for sensitive information requests.

  8. Password:

    • Enforce strong password policies and multi-factor authentication (MFA).
    • Use password managers to generate and store complex passwords.

  9. Zero-Day:

    • Apply security patches promptly.
    • Use intrusion detection and prevention systems (IDS/IPS).

  10. Insider Threats:

    • Implement role-based access control (RBAC).
    • Monitor user activity and employ data loss prevention (DLP) tools.