Gain in-depth knowledge for passing your exam with Exam-Labs 350-701: Implementing and Operating Cisco Security Core Technologies certification video training course. The most trusted and reliable name for studying and passing with VCE files which include Cisco SCOR 350-701 practice test questions and answers, study guide and exam practice test questions. Unlike any other 350-701: Implementing and Operating Cisco Security Core Technologies video training course for your certification exam.

Common Security Attacks – Mitigation

1. Motivations behind Network Attacks

Now, the motivations behind any kind of network attackslike if an attacker is introducing some attack intoyour company or trying to access some database.So one of the main reason kind oflike financial benefits, like take an example online,there are millions of credit cards which aregenerally used for online transactions.Like people do some sales and purchases through online.Even you use some kind of online banking tolog into your banking account and do some transactions.And what attacker can do is attacker actuallytrying to monitor this kind of traffic.And the attacker intention is to get some informationlike the bank details or the credit card details.And once he get those credentials, he probably canuse those same credentials to log into the accountand transfer them on into his own account.So one of the main reason of the attackis generally the financial benefits, what attacker expects.The other possible reasons can be like disruption.Disruption is just like attacking some serversor attacking some networks of the competitors.Like we got two companies, ABC XYZ, the company ABCXYZ is trying to attack send some attacks on malicioustraffic to the ABC service, which can make this temporarilythe services down, which can impact the business loss becausemost of the like if the network is down fora specific amount of time, it is almost equal tothe revenue of that company.So maybe done by the competitors or maybesome people who actually protest against a company,like whatever the decisions they take, actions orbehavior of an enterprise or sometimes it canbe done to gain some media attention.So the attacker intention is not to get anyfinancial benefits here, just he wants the network tobe down as long as he can.Now, other possible reasons, likethere is something called geopolitical.Geopolitical is generally likebetween the different nations.The certain nations uses internet toengage into some cyber wars.Like some people of one country trying to getaccess to some database which can be used tointroduce some attacks or something or getting some secretinformation which is in the database.So they use some internet tolaunch this kind of attacks.

2. Social Engineering Attacks

social engineering attacks. So it is the art of manipulating people into providing some confidential information. just like taking the people into normal security procedures. One option is like shoulder watching.Shoulder watching is similar to typing a password in that someone is trying to watch what you are typing and paying attention to what you type. As an example, you could watch the keyboard or memorise the keys for whatever you're typing and use them later to gain access to your machine, system, or account. Now, the other options are things like fake phone calls, where you get a fake phone call from your company from someplace outside, or maybe he just makes a phone call to you asking for your credentials, maybe saying that he belongs to some security department, and he probably wants your username and password to log into a database. because he might say that there is some major troubleshooting in the network if you're a network engineer. Or maybe he will ask you to provide those details so that he can log in. He can actually use those details to log into the account. So asking some sense to information such as spoofing the identity of an employer or possibly a bank manager or something similar Email fishing is similar to how you might get some emails with some links in them. Probably when you click on that particular link, it will redirect to the website, and it looks as if the email has come from the bank and they want you to login to this particular site. You just go to the link and you need to validate your credentials so that you can make sure that your account is active all the time. So maybe it will deactivate your account or something like that. And you generally click on the link and try to provide the credentials. And then those credentials Actually, it goes to the fake website, and they will store those credentials, and they may use those credentials to gain access to your account. So probably there is one kindof attack called phishing via emails. And there's one more way, like USB memory lost on purpose. The USB lost on purpose is like when you find some USB in your office, maybe somewhere, that was lost by someone and you don't know to whom it actually belongs to.And you will most likely try to use it during the day to connect to your computer at work or your personal computer. So this USB has some malicious traffic, malicious code inside the USB that automatically executes at the back end and can make your network, which can install some kind of malicious software that affects the machine's performance. Or you can also spread over the network, causing some kind of attack or taking the network down.

3. Phishing Attacks

Phishing attacks. Phishing attacks is attack against the human making theusers or the human to leak some information. So some of the examples are like email phishing. Now, email phishing is something like when you get an email from a specific bank saying that you need to update the information so that you can use your account. Probably when you try to click on the link, it is going to redirect you to some website, maybe a fake website, and the person will think he's connecting to the website of the bank, and he will try to provide his credentials, and probably the attacker will use those credentials to gain access to his account through other options. Like there is something called "farming," for example. Now, this is based on the DNS. Now, in this kind of attack, what happens is the attacker will gain access to the DNS server and manipulate the DNS records. Like, let's say there is a bankabc.com; this is my bank account; let's say mybank.com, and the actual IP address is 51; the attacker is going to manipulate the DNS records and change the IP address of that particular bank to some other fake site like here; let's say it is 111. And then when the end user tries to log into the banking website, like whenever he types ABC.com for a specific banking website, the request goes to the DNS server to resolve the IP address, and then the DNS server actually redirects to the fake website where the user will try to enter his credentials like username and passwords or any other information, and then actually it will disconnect. So it probably says okay, currently the server is unavailable, probably you need to retrieve again later, and the end user will think there is some problem on the bank side, maybe the server is down or something else, and the attacker will get those credentials and use them to connect to the actual banking website and then do some transactions. Now the next attack is like wishing based on the phone calls, where you get a phone call from the bank as if you need to provide some kind of information in order to update your accounts, probably in order to make sure that you don't disrupt the services. So you probably think the call is from the bank and provide some information, possibly from an SMS, such as an SMS from so-and-so's website saying that you need to update your credentials or information and call this number to ensure that you can use your card without any problems in the future. so it will get deactivated. So you may end up calling them as if you were calling the consulting authority. Probably they will ask you for some details, and then you will end up providing those details to them, which may lead to some kind of attack. Now, most of these attacks attacks it'slike a phishing attack where the.

4. Social Engineering Attacks

What are the solutions that must be implemented in order to prevent social engineering and phishing attacks? Now, here are some lists. The first thing is that we need to educate the end users to follow certain security policies according to the company's policies. Like, maybe you need to provide some kind of training, define the policies, and use some simulations to explain the vulnerabilities of this kind of attack. So, educate users to be suspicious of any unresolved phone calls or email messages from anyone asking for employee information or possibly bank information. So even if something comes up, you need to make sure that you identify directly with the company, verify the identity of the particular users, and do not provide any kind of personal information about the organisation or any kind of personal details. and also do not provide any kind of financial information. Details in the email probably do not disclose that. Do not respond to any kind of email solicitation. Like if you get some kind of emails which you don'tknow really exactly, probably it's better not to open or justnot to click on any of the links inside that. So pay attention to the URLs because you may see the banking site, let's say Mybank.com, at times. Sometimes it is spelled in a similar way, like, let's say, My website is envoysolutions." An understandable attacker may employ tools such as You can see overall it looks same at the first sitewhen you see it looks like a valid website but actuallythey will use some additional keys or additional words or maybeinstead of.com they use in probably to create some fake websitesas if they look as a valid website. So you need to pay attention to those URLs when you visit them. And also, you need to install some programs, like antivirus programs, and have the end users install some firewalls in your network and apply some email filters, like ESA products. We'll talk about this more in detail later. The Web Security Appliance is a Cisco product that filters web traffic. We have an ESA email security appliance that filters most of these emails, which might be spam and include some malicious traffic. Those emails can be filtered by ESA and endpoint security. Also, by using some antivirus programmes and also at the network level, configuring some firewalls to restrict what traffic is allowed and what traffic is not, and also configuring some IPS devices to monitor the traffic, And if there is any kind of suspicious traffic or any kind of malicious traffic, IPS will detect and prevent that. So then you need to install some of the devices that will do some kind of monitoring and detect those kinds of attacks, which can be prevented apart from this. This is something that we do on the network side as a network security engineer. But you need to make sure that the end users are also aware.

5. Denial of Service Attacks – DoS

denial of service attack. Now in this attack, "denial of service" means preventing the users from accessing the resources, like maybe some specific servers, computer systems, or servers, any kind of device like a router or any other device, or it can be any other network resources. Now the attacker's intention is to overload the CPU. Assume I have a company web server; perhaps this is my web server. So what attacker will do is attacker will sendcontinuous traffic to this particular servers which will increasethe Cpilization and it is not a valid traffic. So he will send some thousands of requests to the server's CPU. The server's CPU will be overloaded, so if a valid user attempts to access the server, the server will respond with some busy signals, and you may have to wait, your request may be delayed, or you may not receive the request. Sometimes if there is too much traffic coming from the attacker, So the attacker's intention is to make sure that the services of the end device are not available for as long as they can. As a result, users may be unable to access information. Or perhaps too much bandagelization occurs on your network at times. So if the attacker is within your network, it increases the bandaging level, apart from the CPU. So some of the examples are like TCP sinkflooding attacks and the "ping of death," which are less common now because most firewalls and some security devices will be able to detect them and stop them before they actually occur. So in a TCP Sync flooding attack, as is commonly the case in TCP Sync flooding attacks, TCP uses a three-way handshake process. So first it will send a sync message tothe server and the server is going to sendback an acknowledgement for the sync and then youractual communication starts after the three way handshake process. Now what attacker will do is attackerwill let's say this is my server. So the attacker is sending a continuous request to the server, like maybe a sinkmessage, and the server is going to respond back with some sync acknowledgement messages. And as you are getting thousands of requests from the server because the attacker actually spoke with some different IP addresses or different addresses, he will pretend to act as if the requests are coming from different devices, but they're coming from one single device, and the server acts as if it's replying to a request. So it's actually replying to the request from this particular attacker. And when a valid user actually tried to access the server, the server session table actually got filled up with some requests utilising too many resources. And when a valid user is trying to access the server, maybe he will not be able to get the services or maybe they will be delayed. As the required utilisation of the service increases, TCP sync threading attacks become more common in most TCP-based applications, such as HTTP or FTP, or any other TCP-based service. Another common attack like ping of that ping ofdebt is like when the attacker is going tosend out an ICMP echo request message with thepackage size something more than 65,000 536. So you can have up to 60,056 bytes. However, if the package size is greater than this, the system will most likely crash while reassembling the packet into fragments. So this is a very old attack nowadays. It's really not common nowadays because this generally happens if you have any bugs in the operating systems in general. But most of the new patches or new operating systems will have a fix for this problem. So it's no longer applicable.

6. Distributed Denial of Service Attakcs – DdoS

service-attack emails were distributed This is more like a dose attack, but it is coming from multiple sources rather than from a single source. The dossier, like most, comes from a single source. But whereas in distribution repeated enough service, thetarget is attacked at once from multiple sources. Now, how is it going to be done? In the same way that the attacker will compromise the systems, the attacker will gain control of multiple systems and attack the server all at once. all at once. We can say, "Let's see how it works exactly." The first thing an attacker will do is install malicious codes on various computers on the Internet, and end users may install the specific code by clicking on links or receiving an email when they click on some links. So multiple computers, randomly, maybe on the internet,so multiple innocent computers will get installed thatparticular malicious code and then the attacker isgoing to control these endpoints. Now, once the code is installed, the attacker can control these computers and decide when to initiate the particular attack and what target exactly to attack. So now the attacker will actually send some instructions to these computers, or the commands, at a specific time. As a result, all of these endpoints will now initiate malicious traffic towards the victim. Let's say the victim server is here, so they all send a request to the victim all at the same time, which is coming from multiple sources. And typically these infected endpoints, we callthem as botnets botnets or Zombies. Those are the technical names used to define those infected computers. And this will actually result in too much vanishing on the network. Because, let's say the links are around 100 MPs, maybe you will receive more than 90 MPs of traffic, which can consume all your bandwidth, affecting the network's performance as well as any other services. And also, sometimes, if the server is getting too many requests, which it can handle more than the memory or CPU resources can handle, you may end up with the server not responding to the valid requests that are coming from valid users. So the DDoS attack is a distributed denial of service attack coming from multiple sources. So the attacker's intention is to deny the service to the valid users, and it's sourced from multiple devices. We can call it "Zombies" or "Fortnite." Now, the mitigation to prevent the dos attacks,mostly most of the applications firewalls will beable to filter this DDoS attacks. We need to harden our devices, like routers, that are connecting to the internet. And you can also configure some kind of ACL to restrict receiving traffic from any source other than valid sources. So these are some of the solutions we can implement in our network to prepare.

7. Spoofing Attacks

Spoofing attacks. In cases of spoofing attacks, the attacker fixes the identity of a specific device or the user. Take, for example, a device that wants to communicate with a server, and the attacker spoofs as if he's the server, and you end up sending the request to the attacker as if thinking you're sending to the server, and the attacker spoofs as if and sends the request back to the server, and the server replies, and the attacker captures the traffic and then sends it back to the server. And this kind of attack is typically called a man in the middle attack," where the traffic is going via the attacker. It's just like a man in the middle connection because the connection is not established directly between the client and the server; it's going via the attacker. So the main intention of the attacker is to be in the middle of the connection so that he can capture the traffic and extract the contents of the information. As a result, attackers can typically spoof with various options, such as within the land. If the communication is local, attackers can spoof with fake Mac addresses. Also, attackers can spoof an IPS with a fake one. Generally, spoofing IP is common on the internet. As if you were attempting to send a request to the Yahoo server, and the request was intercepted by an attacker. Attackers pretend to be a Yahoo server and send the request back to the Yahoo server. Something like that. You want to access the server on the internet. It can be on the internet or using the land, but it is most common outside the land. We can say "internet." Other spoofing options, such as application spoofing, may now exist within the land or on the outside network. Like within the land or within the network, there is something called ARP spoofing, where an attacker will send a false ARP reply on behalf of our valid users. When an attacker adds a false DHCP server that provides false or incorrect IP subnets or gives some incorrect gateway information addresses to end users and from the offshore network, this is referred to as DHCP spoofing. Also, maybe an attacker may add a false DNS server that provides you with the wrong entries or the wrong mapping information, or maybe a wrong SMTP server, or maybe an HTTP server. So the tiger can also spoof some specific applications and initiate some applications as if he's a valid server hosting those applications, and that will lead to some kind of denial of service as well as man in the middle kind of attacks. So spoofing is a method where the attackers fake the identity of a valid user and try to do.

8. Spoofing Attacks – Mitigation

Now, in order to prevent these spoofing attacks, we can use multiple solutions like infrastructure ACLs. Because you will not receive any traffic with a private IP source if you connect to the service for net network, I can configure some ACL on the outbound interface not to accept any traffic coming with the private IPS. And we can also configure some ACLs to say that in my network, let's say I'm using the Tendon network, any packet coming with a ten dot network, if someone is spoofing as if he belongs to the Tendon network on the outside interface, I can tell my router or the file wants to drop the traffic. So the infrastructure ACLs are like filtering the traffic and the IPS, which can be spoofs by the attacker, like the private IPS or my internal network, because those IPS generally do not receive traffic. If it is received, it might be an alternate solution, so we can use something called a unicast reverse path forwarding check. This is like generally let's say there's an internal serverwith ten or one or one or ten and thereis a valid user tend to one or five. And there's a possibility that an attacker who is using 172 subnets can spoof if he's under one five.So we can configure an ASA or the router with this feature. So, when the package arrives with the source, which is usually 1, we can instruct the router or ASA to check the reverse path for that specific source. In this case, the ten subnet is on the fzero by zero interface, but if the package receives from f zerox one, the request is invalid. So we can tell the device to drop those kinds of requests if they don't match the routing table entries and the exit interfaces. So you will be receiving a package with the source of tenonly on f zero x zero but not on Fzero by one. So here are some other solutions: these two are primarily for IP spoofing and other spoofing. We have port security solutions if you want to prevent Max spoofing attacks. We'll talk about more on this in the layerto security concepts in the later on topics. So, to prevent false ARP replies, we have enabled a dynamic inspection feature on the switches because these are closer to the land. DSCP Spoofing DHCP snoopingis a solution again enabled on the switches. IP source guard is also a feature to prevent IP-spoofing attacks within the LAN enabled on the switches. Of course, we can also implement some routing protocol authentication to prevent unauthorised updates to routing protocols, and we can also implement some BGP digital security, like if you're connecting your router to the service model, you implement some BGP. So to prevent a false BGP message or false BGP neighbors, we can implement some detailed security options and also some IP option checking for source verification and IPsec VPN. Most of these options will be discussed in greater depth as we progress through our topics. So.

Pay a fraction of the cost to study with Exam-Labs 350-701: Implementing and Operating Cisco Security Core Technologies certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including 350-701: Implementing and Operating Cisco Security Core Technologies certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.

Hide