A plus 1002 Sub-objective 2.5 – Dumps4shared

A plus 1002 Sub-objective 2.5

A plus 1002 Sub-objective 2.5 – Compare and contrast social engineering, threats, and vulnerabilities.

Go back to A+ 220-1002 Domain 2.0 table of content

Welcome to ExamNotes for Dumps4shared! This edition will examine the topics covered in A plus 1002 sub-objective 2.5 which discusses social engineering. Have fun!

Social engineering

Social engineering can be best described as influencing the actions of others by gaining their confidence and trust. Once trust has been gained, the attacker (or your new friend) gets the target to disclose information or provide access to a network or a computer. It is widely known that in the security world, a human can always be considered the weakest link in any defense.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Whether it is an email or a phone call, it is imperative that any user reconsider any invitations by thinking, taking their time, and by trusting no one. The user may have a friend whose email has been hijacked. An email from anyone, known or unknown, needs to be examined with the same level of care.

Phishing

Phishing is an overt attempt to trick a user into doing
something stupid that
will compromise their personal information. A form of social engineering, phishing
works by sending an email containing a malicious attachment or hyperlink.

A typical phishing email will contain malicious content.
However, a phishing email can be easily recognizable if the end user notices
typographical errors and bad grammar in the message. Furthermore if an email is
received that contains a hyperlink, hover over the link with the mouse cursor
in order to confirm the URL instead of blindly trusting the benign text label
of the link.

Always report phishing attacks to the appropriate party. For
example, if a phishing (spoof) email is received from a seemingly known entity,
look carefully at the email and examine the grammar and spelling. Also check
the general appearance of the email. A phishing email will look less than
perfect in several ways, especially the graphics/logos which will look fuzzy
and less crisp. Stop and Think before You Click. If you suspect an email as a
phishing attempt, send it to the party being spoofed. Phishing and Spear
phishing are prime vehicles for assorted malware.

Spear phishing

Spear phishing targets specific groups for attack based on
things they have in common, e.g. where specific people work in addition to
where they shop or where they do their banking. This specific piece of
information adds trust to the phishing communication if the user is not
careful. In the example shown below, Charles Schwab is the entity that
“legitimizes” the message. If you look at the message carefully, scan the
header information for irregularities which are definitely present. The
sender’s return address has very little to do with the reported company. Always
look past the name and check the actual sender’s address. The recipient is
incorrect since you (probably) don’t work for Charles Schwab. Also, the message
body begins with an image. Images in the message body can be hyperlinks to
malicious sites.

This particular email client is set to block imbedded images and to display them on demand, giving the user a chance to analyze the message. The email asks to the user to log in through a link in order to verify recent activity information. Finally, the hyperlink address is anything but legitimate. The link will go to or through a middle-man (see below) that will capture all the data that is being entered. This holds true for both phishing attack types, however, the spear phishing attack targets a more specific group of users.

Schwab Phish

Impersonation

Impersonation is the practice of misrepresenting oneself by using a false IP address or more commonly, a false email address. The person being spoofed does not realize immediately that the email address is fake. For any impersonation email, always read the email carefully and think about what you are being asked to do. Is the request legitimate? Would your employer really need your social security number or is it more likely to be on your job application? Microsoft does not email or call you. The FBI does not call you. They will knock if you are lucky. Consider the source and think before you click.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Shoulder
surfing

Shoulder surfing is the time-honored method of capturing
usernames and/or passwords by simply looking over a person’s shoulder. This is
a surprisingly effective technique and can also be used at ATM’s.

Tailgating

Tailgating occurs when an unauthorized party closely follows the
secure access of an authorized party enough in order to appear as a single
entity to security systems. This attack is seemingly innocent, even courteous to
a point since the authorized party holds the door open. This term also covers when
an unauthorized party commandeers an authorized party’s workstation while they
are away from it.

Dumpster Diving

This is the process of examining a company’s bulk trash for confidential data. Interestingly, this is legal for the most part. A carelessly discarded hard disk may contain financial data or business plans, yet is treated the same as a discarded table lamp! Shred documents and destroy physical storage before discarding.

DoS

Denial of Service (DoS) is an attack on a server, disrupting normal traffic by flooding the server with more TCP/UDP requests than it can process. There are several DoS attack types:

Buffer overflow

In this case, the attacker overwhelms a network address with traffic until it fails.

ICMP flood

In this case, network devices are compromised and are used to send ICMP ping packets throughout the network, flooding it with traffic. This is also called The Ping of Death.

SYN flood

In this attack, multiple connection requests are sent to a server. However, the attacker does not complete the handshake and eventually overloads the server, preventing legitimate connections from happening.

DDoS

Distributed Denial of Service (DDoS) attacks use the same methods as DoS. Multiple locations are used to attack, making it difficult to pinpoint the attacker due to the large number of systems at their disposal. Often, these attacks use computers that have been compromised with malware and are controlled by the attacker without the user’s knowledge. These compromised systems are called Zombies.

Zero day attack

A Zero day attack is an exploit of an operating system or
software vulnerability that is unknown to and unpatched by the author of the
product. The name of this attack comes from the fact that there is no warning
of the attack. This is compounded by the fact that the attack will be
successful until it is discovered and patched by the vendor. It does not take
long for a zero day attack to be effective considering the time it takes to
program a patch and get it distributed to the public. These attacks can take
place between the time they are discovered and when the patch is issued. 

Man-in-the-middle

A Man-in-the-middle (MitM) attack uses a webserver that is in
the path between the client and its destination. All client Internet activity
is processed through the malicious server while it quickly skims the personal
data for anything of value. Man-in-the-middle attacks are generally transparent
to the client and the server. If you feel like you are a victim of MitM, look
at the lag time between a page request and its delivery. Also, compare the
displayed content on a frequently used site with another PC running the same
software. Any loss of image quality or access speed are signs of possible MitM.
When removing, treat this as any other malware. Many AV packages offer a “Real
Site” or similar mode where links can be checked for their validity.

Brute forcing

Brute forcing (Brute Force Cracking) can be best described as
cracking a username, password, or even a Wi-Fi encryption protocol or
decryption key by trial and error. This results in repeated evaluation through
the use of a pre-defined set of values. Use long and complex passwords to
defend against this attack. 

Dictionary
attacks

Dictionary attacks are a form of brute force attack that uses
words found in the dictionary in order to discover passwords and decryption
keys. In this case, avoid using words found in the dictionary for security. It
is helpful to use a mix of upper and lower case letters along with numbers and
special characters (!@#$%). 

Rainbow table

This attack uses a list of plaintext passwords along with the
encrypted hash list. Most organizations store only the hashed passwords while
the attacker needs a stolen hashed password list. When the attacker has a hash
to plaintext match, the attacker is free to attack. 

Non-compliant systems

In order to protect their assets, businesses set system compliance standards and monitor host configurations. This assures that all attached systems meet a certain pre-defined level of antivirus updates, system and application security patches, along with up-to-date drivers for the hardware. Monitoring is performed by a configuration reporting tool installed on the host. The configuration report is sent to the configuration monitor and scanned for compliance. Any system reporting missing or out of date software, antivirus, or old drivers is considered to be a non-compliant system and is therefore determined to be in violation of best security practices.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

And with this, we will wrap up 220-1002 sub-objective 2.5 “Compare and contrast social engineering, threats, and vulnerabilities.” Hopefully, this post will add to your A+ skills and will provide you with additional insights you can use to protect yourself and your clients against omnipresent threats. Good luck on the test!

Pass Your IT Certification Exams With Free Real Exam Dumps and Questions

Full Version 220-1002 Dumps

Tagged ,