Domain 4 of 5 · Chapter 2 of 3

Network Threats & Attacks

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Certified in Cybersecurity premium course — no separate purchase.

Included in this chapter:

  • Threats and attacks: classify by target
  • Virus vs worm vs Trojan: how each spreads
  • Detecting attacks: IDS, HIDS, and NIDS
  • Preventing attacks: firewalls, antivirus, scans, IPS

Malware types: how each spreads

PropertyVirusWormTrojan horse
Needs a host program/fileYes, inserts itself into oneNo, self-containedNo, is the disguised program
Self-replicatesYes, when the host runsYes, on its ownNo
Needs user action to spreadUsually, to run the hostNo, propagates over the networkYes, user installs/runs it
Defining traitInfects a host to propagateSpreads across the network aloneDisguised as useful software
Primary defenseAntivirus, scans, patchingPatching, segmentationUser awareness, app controls, antivirus

Decision tree

Stop the attack, or justbe alerted to it?Alert only: one host ora whole segment?Block traffic in transit, orfilter at the boundary?Just alertStop itHIDSone host: logs, files, localNIDSsegment: many hosts, no cryptoOne hostSegmentIPS (inline)blocks recognized attacksFirewallby rulesetIn transitBoundaryAlways: antivirus + scans clean malware already on a hostno perimeter control removes a resident infection

Cheat sheet

  • Classify a network attack by which CIA property it targets
  • DDoS uses many hosts at once to attack availability
  • A man-in-the-middle attacks confidentiality and integrity, not availability
  • Malware is the vehicle: code that runs an unauthorized process on a host
  • A virus needs a host file and a user to run it
  • A worm self-propagates over the network with no host and no user
  • A Trojan is disguised software the user installs; it does not self-replicate
  • An IDS detects and alerts; an IPS detects and blocks
  • An IPS must sit inline, so it can drop legitimate traffic
  • A NIDS watches a network segment but cannot read encrypted payloads
  • A HIDS watches one host and sees local and decrypted activity
  • Deploy HIDS and NIDS together; they are complementary
  • A firewall filters traffic at the boundary by a ruleset
  • Antivirus and scans clean malware already on a host
  • Layer prevention controls so each catches what the last one missed
  • Match the threat to the control: detect vs block vs clean
  • A stateful firewall tracks connection state; a stateless filter judges each packet alone
  • Firewalls match rules top-to-bottom, so put specific rules before general ones and deny by default
  • A volumetric DDoS saturates bandwidth; a SYN flood exhausts connection state via the TCP handshake
  • A network traffic baseline lets you spot the abnormal patterns that signal a DDoS
  • Anomaly-based detection catches zero-days; signature-based detection only catches known attacks
  • A false positive is legitimate activity wrongly flagged as an attack
  • DNS cache poisoning injects false records into a resolver's cache to redirect users
  • Packet sniffing is passive and hard to detect, so encryption is the real defense

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. https://csrc.nist.gov/glossary/term/confidentiality
  2. https://csrc.nist.gov/glossary/term/denial_of_service
  3. https://csrc.nist.gov/glossary/term/distributed_denial_of_service
  4. https://csrc.nist.gov/glossary/term/man_in_the_middle_attack
  5. https://csrc.nist.gov/glossary/term/side_channel_attack
  6. https://csrc.nist.gov/glossary/term/malware
  7. https://csrc.nist.gov/glossary/term/virus
  8. https://csrc.nist.gov/glossary/term/worm
  9. https://csrc.nist.gov/glossary/term/Trojan_horse
  10. https://csrc.nist.gov/glossary/term/intrusion_detection_system
  11. https://csrc.nist.gov/glossary/term/firewall
  12. https://csrc.nist.gov/glossary/term/intrusion_detection_and_prevention_system
  13. https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html