Network Attacks

Loading...

From the course by Google

IT Security: Defense against the digital dark arts

719 оценки

Google

IT Security: Defense against the digital dark arts

719 оценки

Course 5 of 5 in the Specialization Google IT Support Professional Certificate

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.

From the lesson

Understanding Security Threats

Welcome to the IT Security course of the IT Support Professional Certificate! In the first week of this course, we will cover the basics of security in an IT environment. We will learn how to define and recognize security risks, vulnerabilities and threats. We'll identify the most common security attacks in an organization and understand how security revolves around the "CIA" principle. By the end of this module, you will know the types of malicious software, network attacks, client-side attacks, and the essential security terms you'll see in the workplace.

Network Attacks3:41

Denial-of-Service3:21

Meet the Instructors

Google

A network attack that is simple in concept,

but can cause a lot of damage is a DNS Cache Poisoning attack.

You probably remember from the bits and bytes of computer networking course,

that DNS works by getting information about

IP addresses and names to make it easier for you to find a website.

A DNS Cache Poisoning attack works by tricking a DNS server into

accepting a fake DNS record that will point you to a compromised DNS server.

It then feeds you fake DNS addresses when you try to access legitimate websites.

Not only that, DNS Cache Poisoning can spread to other networks too.

If other DNS servers are getting their DNS information from a compromised server,

they'll serve those bad DNS entries to other hosts.

Several years ago, there was a large scale DNS Cache Poisoning attack in Brazil.

It appeared that attackers managed to poison the DNS cache of some local ISPs,

by inserting fake DNS records for

various popular websites like Google, Gmail, or Hotmail.

When someone attempted to visit one of those sites,

they were served a fake DNS record and were

sent to a server that the attacker controlled,

which hosted a small java applet.

The user would then be tricked into installing the applet,

which was actually a malicious banking trojan designed to steal banking credentials.

This is an example of the real world damage DNS Cache Poisoning attacks can pose.

You can learn more about it in the next supplementary reading.

A man-in-the-middle attack, is an attack that places the attacker in

the middle of two hosts that think they're communicating directly with each other.

It's clearly a name that needs some updating,

men aren't the only hackers out there.

The attack will monitor the information going to and from these hosts,

and potentially modify it in transit.

A common man-in-the-middle attack is a session hijacking or cookie hijacking.

Let's say you log into a website and forget to log out.

Now, you've already authenticated yourself to the website and

generated a session token that grants you access to that website.

If someone was performing a session hijacking,

they could steal that token and impersonate you on the website,

and no one wants that.

This is another reason to think about the CIA's of security,

you always want to make sure that the data that you are sending

or receiving has integrity and isn't being tampered with.

Another way a man-in-the-middle attack can be established is a rogue access point attack.

A rogue AP is an access point that is

installed on the network without the network administrator's knowledge.

Sometimes, in corporate environments,

someone may plug a router into their corporate network to

create a simple wireless network. Innocent enough, right?

Wrong. This can actually be pretty dangerous,

and could grant unauthorized access to an authorized secure network.

Instead of an attacker having to gain access to

a network by plugging directly into a network port,

they can just stand outside the building and hop onto this wireless network.

A final man-in-the-middle method will cover is called an evil twin.

It's similar to the rogue AP example but has a small but important difference.

The premise of an evil twin attack is for you

to connect to a network that is identical to yours.

This identical network is our networks evil twin and is controlled by our attacker.

Once we connect to it,

they will be able to monitor our traffic.

I wonder if Fred Weasley ever did this to George,

probably not, they were wizards.

They could just magic their way out of problems. Must be nice.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play