Deck 4: Secure Networks

ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN.

A DoS attack makes a server or network unavailable by flooding it with attack packets.

"Breadth of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is possible.

DoS network attacks are fairly uncommon.

SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN.

Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her IP address.

"Death of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is impossible.

An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.

One problem with ARP requests and replies is that they do not require authentication of verification.

In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is the same.

Most DoS attacks are difficult to detect.

Once established, botnets can be leased to other criminals for DoS attacks.

In a reflected DoS attack, attackers send spoofed requests to legitimate servers. The servers then send all responses to the victim.

ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.

In a smurf flood DoS attack, attackers can benefit from a multiplier effect because multiple ICMP requests are responded to by a single host.

In a P2P attack, there is a change in the overall volume of traffic but the traffic pattern is the same.

ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.

A firewall does note set aside resources for a connection when a SYN segment arrives, so handling a large number of false SYN segments is only a small burden.

In normal ARP traffic, every host can make ARP requests.

In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a single ICMP request is responded to by multiple hosts.

In normal ARP traffic, generally an attacker on the same network cannot see traffic between two hosts.

In a MITM attack, access to the local network is not required in order to work.

Access control is more of a problem for wired LANs than for wireless LANs.

EAP uses RADIUS for authentication.

The main access threat to 802.11 wireless LANs is an attacker plugging into a wall jack.

The 802.1X protocol created for wired LANs can work in wireless LANs without significant modification.

The 802.11 standards were developed by the IEEE 802.11 Working Group.

Traditionally, Ethernet LANs offered no access security.

Rogue access points are unauthorized access points set up by individuals or departments.

Open networks can be legally accessed by anyone and are frequently posted as such.

Flooding the frequency of a wireless network is one method attackers use to affect the network.

The most common attack against a wireless network is a wireless DoS attack.

In a man-in-the-middle attack, an evil twin sends own attacks, impersonating the victim.

Wireless attacks avoid the access points to limit detection.

Secure wireless networks can be legally accessed by anyone and are frequently posted as such.

Rogue access points are authorized access points set up by individuals or departments.

Focusing electronic attacks on specific high-value targets is known as whaling.

Focusing electronic attacks on specific high-value targets is known as promiscuous attacks.

By giving unauthorized users access to a local WLAN means that they are on the local network.