Vulnerability: The term "vulnerability" represents security flaws in hardware, software, or configuration of a device or process. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities.
Risk: The term "risk" refers to the likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat. As can be seen, risk occurs when both the threat and vulnerability are present.
Threats: The term "threat" refers to the source and means of a particular type of attack. A threat assessment is performed to determine the best approaches to securing a system against a particular threat, or class of threat.
Exploit: An exploit is the way or tool by which an attacker uses a vulnerability to cause damage to the target system.
Some of the threats which are specific to the wireless networks
1. War driving: Wardriving is the act of searching for Wi-Fi wireless networks by a person usually in a moving vehicle, using a laptop or smartphone.
2. Warchalking: Warchalking refers to drawing symbols in public spaces to denote an open Wi-Fi wireless network in a public space.
3. WEP cracking: The wireless network, which is protected by the WEP is not secure as per today's technology. All the attackers have to determine a WEP key and it can be done in a fraction of a second. Once the attacker determines the key, then he can get into the system and also monitor the traffic or can take the administrator's role and change the settings.
4. WPA cracking: The WPA is the one which uses the security mechanism is known as temporal key integrity protocol. There are ways that the experienced and determined attacker can also decrypt the incoming traffic to the computers using WPA with the TKIP. It is not a secure option anymore and make use of the WPA2 with the AES for the secure network.
5. Evil twin: An evil twin is the bogus type Wi-Fi connection which fools users that believing that it is the legitimate connections to phishing attacks as well as exploitation of the data transaction purposes. These kinds of attacks are more common, it is necessary to aware of it and guard against it. It will affect it professionally and personally. Protect computer or network against the evil twin attacks by learning about such attacks. Make use of the VPN with TLS or SSL to ensure that the all passwords, emails and all sensitive information are encrypted while transmission. It is better to avoid sending highly sensitive and important information through wireless networks, which is not safe. An evil twin is a rogue access point set up by an attacker that produces a stronger signal than the legitimate access point. Therefore, by virtue of stronger signal, the users are attracted to the rogue accesspoint.
Rogue accesspoint: A Rogue Access Point is a Wi-Fi Access Point which is setup by an attacker for the purpose of sniffing wireless network traffic. 802.11 (Wi-Fi) utilizes SSIDs (Service Set Identifiers) to authenticate NICs to wireless access points. There is no similar protocol for authenticating wireless access points. It is possible to place a rogue wireless access point into an 802.11 network. This rogue wireless access point can then be used to hijack the connections of legitimate network users.
Network attacks:
1. Dos(Denial-of-service): DoS attacks, are explicit attempts to block legitimate users system access by reducing system availability. DoS attacks exploit this to target mission-critical services. Any physical or host-based intrusions are generally addressed through hardened security policies and authentication mechanisms. Although software patching defends against some attacks, it fails to safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet packets. The Internet architecture provides an unregulated network path to attack innocent hosts.
2. Social engineering: Social engineering is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a favor. For example, the attacker may hold packages with both the hands and request a person with appropriate permission to enter a building to open the door. Social Engineering is considered to be the most successful tool that hackers use.
3. Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect. A worm can spread itself (without the help of any other program) over the network from one computer to another. Worms replicate without any user intervention, whereas viruses are known to spread through a user. The replication is based on a security flaw in the Operation System or any other applications running on a system.
ICMP Attack: There are several types of ICMP attacks.
1. ICMP tunnel attack: This is a form of covert channel that is created wherein the information flow is not controlled by any security mechanism. An ICMP tunnel establishes a channel between the client and server, forcing a firewall not to trigger an alarm if data are sent via ICMP.
2. Smurf attack: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
3. DoS attack: DoS and DDoS attacks are form of attacks wherein the attacker spoofs the source address and attack the victims computer. DDoS, the attack is distributed. Several computers are compromised in DDoS attack and the attacker may plan to carry out the attack in a co-ordinated way to impart maximum damage to the the network availability. The main damage caused by DoS and DDoS is that they severely limit the access to network resources to the victim computers by spreading fake IP packets.
ARP Poisoning: The Address Resolution Protocol (ARP) is used to resolve IP addresses into MAC addresses (hardware addresses). Computers in a network send messages to each other through MAC addresses. ARP cache poisoning involves poisoning the ARP cache of a victim user by flooding it with ARP replies containing MAC addresses to a proxy host.
DHCP Spoofing attack: In DHCP Spoofing attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. DHCP snooping is a mechanism that provides protection to clients from DHCP spoofing attack.
ARP Poisoning and DHCP snooping are the layer-2 attacks, where as IP Snooping, ICMP attack, and DoS attack with fake IPs are layer-3 attacks.
