Please enable JavaScript.

Coggle requires JavaScript to display documents.

Network Threats - Coggle Diagram

- - - - Risk management strategies
        
        Risk acceptance
        
        Cost of management options outweight cost of risk itself. Risk accepted and no action taken
        
        Risk avoidance
        
        Avoiding exposure to the risk by eliminating activity or devices.
        
        Risk reduction
        
        Reduce impact by decreasing risk.
        
        Risk transfer
        
        Some of the risk is transferred to a willing third party.
  - - - Ethical hacker who use their programming skills for good, ethical and legal purposes.
    - - Hackers who comit crimes and do arguably unethical things, but not for personal gain or to cause damage.
    - - Unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks.
    - - Script kiddies
      - Vulnerability brokers
      - Hacktivists
      - Cybercriminals
        
        These are threat actors who are motivated to make money using any means necessary
      - State-sponsored
  - - - Cybersecurity tasks
  - - - Evidence that an attack has ocurred. Can be features that identify malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software, among others.
    - - Focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets
- - - - Wireless hacking tools
        
        Network scanning and hacking tools
        
        Packet crafting tools
        
        Packet sniffers
        
        Rootkit detectors
        
        Fuzzers to search vulnerabilities
        
        2 more items...
        
        Used to detect installed root kits
        
        3 more items...
        
        Used to capture and analyze packets within traditional Ethernet LANs or WLANs
        
        SSLstrip
        
        Ratproxy
        
        Fiddler
        
        Paros
        
        EtherApe
        
        Dsniff
        
        Ettercap
        
        Tcpdump
        
        Wireshark
        
        Used to probe and test a firewall's robustness using specially crafted forged packets
        
        Nemesis
        
        Nping
        
        Netcat
        
        Yersinia
        
        Socat
        
        Scapy
        
        Hping
        
        Used to probe network devices, servers, and hosts for open TCP or UDP ports.
        
        NetScanTools
        
        Angry IP Scanner
        
        SuperScan
        
        Nmap
        
        Used to intentionally hack into a wireless network to detect security vulnerabilities
        
        NetStumbler
        
        Firesheep
        
        KisMAC
        
        InSSIDer
        
        Kismet
        
        Aircrack-ng
      - Used to crack or recover password by removing original password, bypassing data encryption or outright discovery of the password
        
        John the Ripper
        
        Ophcrack
        
        L0phtCrack
        
        THC Hydra
        
        RainbowCrack
        
        Medusa
  - - - Is when a threat actor captures and listens to network traffic. Also referred as sniffing or snooping
    - - Occur when a threat actor has captured enterprise traffic and has altered the data in the packets without knowledge of the sender or receiver.
    - - Is when a threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet
    - - Occur when a threat actor obtains the credentials for a valid user account to obtain lists of other users and network information
    - - Can crash applications or network services also flood a computer or the entire network with traffic until a shutdown occurs because of overload
    - - Occurs when threat actors have positioned themselves between a source and destination. They can actively monitor, capture, adn control the communication transparently
    - - Occurs when a threat actor obtains a secret key that can be used to gain access to a secured communication without the sender or receiver being aware
    - - Is an application or device that can read, monitor, and capture network data exchages and read network packets.
- - - - Spreads by insterting a copy of itself into another program. After the program is run, viruses spread from one computer to another.
        
        Spread by
        
        USB memory drivers
        
        CDs
        
        DVDs
        
        Network shares
        
        Email
    - - They replicate themselves by independently exploiting vulnerabilities in networks.
        
        Famous examples
        
        Code Red Infection
        
        Initial
        
        19 hours later
        
        SQL Slammer Infection
        
        Initial
        
        30 minutes later
        
        Components
        
        Common Worm Pattern
        
        Enabling vulnerability
        
        Propagation mechanism
        
        Payload
        
        Code Red Worm Propagation
    - - Is a software that appers to be legitimate, but it contains malicious code which exploits the privileges of the user that runs it
        
        Types of Trojan Horses
        
        Remote-access
        
        Data-sending
        
        Destructive
        
        Proxy
        
        FTP
        
        Security software disabler
        
        Denial of Service (DoS)
        
        Keylogger
    - - Renies access to the infected computer system or its data. Then cybercriminals demand payment to release the computer system
    - - Spyware
      - Adware
      - Scareware
      - Phishing
      - Rootkits
- - - - Information gathering using techniques
        
        Perform an information query of a target
        
        Initiate a ping sweep of the target network
        
        Iniate a port scan of active IP addresses
        
        Run vulnerability scanners
        
        Run exploitation tools
    - - Exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information
        
        Passwork attacks
        
        Spoofing attacks
        
        Trust exploitations
        
        Port redirections
        
        Man-in-the-middle attacks
        
        Buffer overflow attacks
  - - - Pretexting
      - Phishing
      - Spear phishing
      - Spam
      - Something for something
      - Baiting
      - Impersonation
      - Tailgating
      - Shoulder surfing
      - Dumpster diving
- - - - They interrupt communication and cause significant loss of time and money
    - - It originates from multiple, coordinated sources. A thread actor builds a network of infected hosts, known as zombies.
      - Components of DDoS attacks
        
        Zombies
        
        Bots
        
        Botnet
        
        Handlers
        
        Botmaster