Organizations can take several steps to defend against various attacks. These include the following:
- Configure firewalls to remove any packets from outside the network that have addresses indicating that they originated from inside the network.
- Ensure patches and upgrades are current.
- Distribute workloads across multiple server systems.
- Network devices use Internet Control Message Protocol (ICMP) packets to send error and control messages, such as whether or not a device can communicate with another on the network. To prevent DoS and DDoS attacks, organizations can block external ICMP packets with their firewalls.
Check Your Understanding—Cyber Attacks (38.3.13)
Refer to the online course to complete this activity.
Wireless and Mobile Device Attacks (38.4)
Protecting wireless and mobile devices present their own challenges. This section discusses many of these attacks and how to prevent them.
Grayware and SMiShing (38.4.1)
Grayware is any unwanted application that behaves in an annoying or undesirable manner. And while grayware may not carry any recognizable malware, it may still pose a risk to the user by, for example, tracking the user’s location or delivering unwanted advertising.
Authors of grayware typically maintain legitimacy by including these “gray” capabilities in the small print of the software license agreement. This factor poses a growing threat to mobile security in particular, as many smartphone users install mobile apps without really considering this small print.
Short message service phishing, or SMiShing, is another tactic used by attackers to trick you. Fake text messages prompt you to visit a malicious website or call a fraudulent phone number, which may result in malware being downloaded onto your device or personal information being shared.
A rogue access point is a wireless access point installed on a secure network without explicit authorization. Although it could potentially be set up by a well-intentioned employee looking for a better wireless connection, it also presents an opportunity for attackers looking to gain access to an organization’s network.
An attacker will often use social engineering tactics to gain physical access to an organization’s network infrastructure and install the rogue access point.
Also known as a criminal’s access point, the access point can be set up as a MitM device to capture your login information.
This works by disconnecting the rogue access point, which triggers the network to send a deauthentication frame to disassociate the access point. This process is then exploited by spoofing your MAC address and sending a deauthentication data transmission to the wireless access point.
An evil twin attack describes a situation where the attacker’s access point is set up to look like a better connection option. Once you connect to the evil access point, the attacker can analyze your network traffic and execute MitM attacks.