2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	454/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 450 451 452 453 454 455 456 457 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Evil Twin
Evil twin
is an attack in which a hacker operates a false access point that will automatically
clone, or twin, the identity of an access point based on a client device’s request to connect.
Each time a device successfully connects to a wireless network, it retains a wireless pro-
file in its history. These wireless profiles are used to automatically reconnect to a network
whenever the device is in range of the related base station. Each time the wireless adapter is
enabled on a device, it wants to connect to a network, so it sends out reconnection requests
to each of the networks in its wireless profile history. These reconnect requests include the
original base station’s MAC address and the network’s SSID. The evil twin attack system
eavesdrops on the wireless signal for these reconnect requests. Once the evil twin sees a
reconnect request, it spoofs its identity with those parameters and offers a plaintext con-
nection to the client. The client accepts the request and establishes a connection with the
false evil twin base station. This enables the hacker to eavesdrop on communications
through a man-in-the-middle attack, which could lead to session hijacking, data manipula-
tion credential theft, and identity theft.
This attack works because authentication and encryption are managed by the base sta-
tion, not enforced by the client. Thus, even though the client’s wireless profile will include
authentication credentials and encryption information, the client will accept whatever type
of connection is offered by the base station, including plain text.
To defend against evil twin attacks, pay attention to the wireless network your devices
connect to. If you connect to a network that you know is not located nearby, it is a likely
sign that you are under attack. Disconnect and go elsewhere for internet access. You should
also prune unnecessary and old wireless profiles from your history list to give attackers
fewer options to target.

486
Chapter 11
■
Secure Network Architecture and Securing Network Components
Secure Network Components
The internet is host to countless information services and numerous applications, includ-
ing the Web, email, FTP, Telnet, newsgroups, chat, and so on. The internet is also home to
malicious people whose primary goal is to locate your computer and extract valuable data
from it, use it to launch further attacks, or damage it in some way. You should be familiar
with the internet and able to readily identify its benefits and drawbacks from your own
online experiences. Because of the success and global use of the internet, many of its tech-
nologies were adapted or integrated into the private business network. This created two
new forms of network segments: intranets and extranets.
An
intranet
is a private network that is designed to host the same information services
found on the internet. Networks that rely on external servers (in other words, ones posi-
tioned on the public internet) to provide information services internally are not considered
intranets. Intranets provide users with access to the web, email, and other services on inter-
nal servers that are not accessible to anyone outside the private network.
An
extranet
is a cross between the internet and an intranet. An extranet is a section of
an organization’s network that has been sectioned off so that it acts as an intranet for the
private network but also serves information to the public internet. An extranet is often
reserved for use by specific partners or customers. It is rarely on a public network. An
extranet for public consumption is typically labeled a
demilitarized zone (DMZ)
or perim-
eter network.
Networks are not typically configured as a single large collection of systems. Usually
networks are segmented or subdivided into smaller organizational units. These smaller
units, grouping, segments, or subnetworks (i.e., subnets) can be used to improve various
aspects of the network:

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 450 451 452 453 454 455 456 457 ... 881