Pass Your Cisco SCOR 350-701 Exam Easy!

Cisco 350-701 Implementing and Operating Cisco Security Core Technologies exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Cisco 350-701 Implementing and Operating Cisco Security Core Technologies exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Cisco SCOR 350-701 certification exam dumps & Cisco SCOR 350-701 practice test questions in vce format.

Common Security Attacks – Mitigation

9. Man in the Middle Attacks –MiTM

So "man in the middle" attacks. Now, in this type of attack, the attacker actually intercepts communication between the two hosts. Like, if you take an example, there is a user who is trying to access something like a server, maybe a web server, within the network or outside the network. The communication may no longer be direct because the attacker may spoof as a web server. And you may end up communicating with an attacker, assuming that he's a Web server. And then the attacker would again pretend to be a user and send a request back to the web server. And the communication that's supposed to go directly between these two is not going directly; it's going via the attacker. There are various methods for doing so, such as an attacker spoofing ARP packets or IP packets, or even spoofing fake DHCP servers or DNS servers in the network. So there are variations on the different methods by which an attacker can do this. One of the vulnerabilities as a result of this is that the attacker can use a snippet to capture the packets and extract the contents. Because of this, that is one vulnerability because of this.And the second possibility is that an attacker can actually inject some kind of malware or some kind of malicious traffic in between whatever communication is happening, which can impact the data and other things. So to prevent this kind of attack, generally depending on the type of variation used by the attacker, we can use something called "dynamic up inspection" to prevent this ARP spoofing attack. And of course, we can use some Unicast. We discuss these things, like in the UK.

10. Password Attacks

password attacks, or the type of attack where the attacker's intention is to identify the user's password. And once he gets the user password, he cangain access to some client database which might bestored in your machine or maybe some kind ofcredit card information while you're doing some kind ofonline transactions, or get access to your other accounts,like maybe some social media accounts or email accounts,or maybe a Windows machine accounts. It can be anything. So typically there are different ways theattacker can actually introduce these attacks. like some of the common mentions here, like guessing the passwords, additional attacks, brute force, and the key locker attacks. So we'll go one by one, guessing attacks. As the name itself says, the attacker will try to get some passwords either locally or remotely, either on the local device or on the remote device, probably by using either a manual approach or by using some automated approach. He can use some tools to add all the passwords he can guess, and then this tool will assist the user in determining what the correct password is. So it's more like guessing the password either manually or automatic process.So this can be like including HTTP tablet passwords or Windows login passwords, or it can be anything. So mostly the attacker will guess if the user is using some kind of weak password, like the date of birth, pet names, or any other names that can be easily cast. So it's one of the easiest attacks, and also, in general, these weak passwords will make you vulnerable. So the other kind of attack, like there's something called a "dictionary attack," slightly advanced from the previous one, is that the attacker will use some of the common possibilities of passwords within some file, and then he will use some tools, a programme or a script, and use that file inside the program. And that programme is going to match all the combinations of the passwords. It will try login by cycling all thecombinations which are mentioned inside that file. So this will include things like common passwords that are used by organisations or the common algorithms we just type in or that you just mentioned those.So it will try with those combinations. So the other possible attack is like a brute force attack, which is more advanced than the previous ones. The brute force attacks is again, the attackerwill be using some kind of programme orthe script, some kind of tools downloaded fromthe internet or some licence tools. And this tool will actually use all the possiblecombinations, all the possible combinations with all the smallletters, capital each and every letter combinations and itwill try to match with the passwords. So generally, in this attack, it will be easier for the attacker if you're using some kind of short passwords generally.So that's the reason we say that the password should be more complex with a long password and some combinations of smaller capitals. Best practises should be followed in this regard. Now, another kind of attack is where the attacker can use something like a keylogger attack, where the attacker will install some kind of malicious code inside the machine, and once that particular code or programme is installed in that particular machine, the hacker can actually track every keystroke you are typing on the keyboard. So at the end of the day, whatever the user has typed, including all the login IDs and passwords, everything is recorded and sent to the attacker. So typically, let's say you are establishing some kind of VPN connection or trying to log in to a remote device that can be extracted by some keylogger software. Now, this keylogger software programme is installed in the computer more like a malware programme or some kind of virus program, which will get installed when you click on the link while you're accessing something on the internet. Or maybe you use a pen drive. You most likely connect a pen drive, and that pen drive contains some files that are executed as you connect and access the pen drive. So typically the attacker will install some kindof malware in the back end through thesources and your login information, the complete informationwill be compromised their taco.

11. Password Attacks – Mitigation

So, in order to overcome the password attacks, we need to follow some best practices. Some of them say that you need to use a password, which should have at least ten or more characters. So you need to enforce a policy for using more than ten characters. Directors try to use complex passwords like the combination of capitals and avoid any password based on repetition, like based on additional rewards, or using the usernames, or the relative names, or the pet names, or using some kind of database, so that should be avoided to prevent guessing password attacks, and deliberately, if you want to memorise the password, it's better to use the same thing. As in the case of some letters, such as s, which can be written as five, and i, which can be written as one, So you can misspell the password something like this, which makes it easy to memorise the password at the same time that it makes a password more complicated and makes it recommended that you change the passwords often. Also, keep in mind that you should not write passwords in multiple places and leave them, such as on paper or anywhere else. Now, there are some additional options you can use, like not storing the passwords in any of the databases or in the files in general. Now again, you need to implement some kind of security policy, like if you're using Active Directory or any other databases for authentication, then you can enforce a policy to use strong passwords, like it must be a minimum of ten characters and include one special character and one member like that. And do not leave the passwords written someplace, like on the paper or somewhere else. If possible, use multifactor authentication, like using some usernames and passwords and some digital signatures if possible. And to prevent those keylogger attacks, you can use something like on-time passwords. Like most of the banking sites, they use this while you're doing some kind of online transaction. So in order to make your transaction successful, you put a password into your mobile phone, and once you type that one-time password, your transaction will be successful. And these passwords are valid only for a specific time period or for that particular event. And some of them are like using a single password on multiple systems—you cannot use the same password on multiple systems—and also disabling unsuccessful logins. I can set up my device so that, just like at any ATM here, you can only try three times, and if you type the wrong password the next three times, your account will be blocked for almost a day. Or maybe you need to contact the bank to make sure that your account gets activated again. So we can also configure something like maximum retries. You can do it if you exceed that limit. It will automatically block the account or block the account for the next 1 hour or the next 2 hours, and you should not be able to log in again. This will prevent some brute force attacks, and we always discourage the use of plain text passwords. the simple passwords.

12. Reflector Attacks

Reflect on attacks or it'salso called as reflective attacks. This is one kind of attack where the attacker is going to spoof the victim IP addresses and send a large number of requests to the vulnerability service. Like if you take an example, this is my victimand the victim a valid user who is actually usingsome IP of ten or one or one. And generally, whenever this user wants to send any request—maybe wanting to get some DNS records—it sends a request to the DNS service. Now what attacker will do is attacker is going tospoof the victim address like he's going to spoof asif he's ten or one and he's going to sendout a request to the Denus servers. So ask for some kind of request—maybe continuous requests or thousands of requests. And the dens server, assuming that the requests are coming from ten to one, is going to reply back to the actual victim, who is also using the actual ten or one to one address. So that will initiate a large number of requests with the spoof IP addresses, spoofing the victim's IP resources, and the server will reply back to the victim, flooding all the replies to the victim and causing an additional service attack because the victim will receive a large number of replies from this, preventing that rick theme from accessing.

13. Amplification Attacks

Now for the next one, amplification attacks. Now, these amplification attacks are more similar to the reflection attacks, which I discussed in the previous video, but the only difference is that reflection attacks are initiated by the attacker from one single source, whereas the amplification attack is coded from multiple devices. Now how will this attacker try to gain access to multiple devices? Typically, this is more similar to distributed denial of service attacks, which I discussed. So probably these individual devices, which are controlled by the attacker, are typically referred to as botnets, and then the attacker wants all these devices to initiate a request to the servers, generally DNS servers, and all these devices are going to spoof the IP address of the victim. Let's say the victim's IP address is tender one or one, and they all initiate a request spoofing as if the victim's IP address is tender one or one, and the request goes to the specific DNS servers, and the DNS server, all the DNS servers probably on the internet probably reply back to the victim, and this is just a reply for the request that the attacker initiated. So the attacker will spoof the victim's IP addresses from multiple sources, which will initiate a large amount of small request packages to the server with the victim's spoof IP addresses, and the servers are going to reply back to the request, causing a distributed den lock service attack where the attacker's intention is to deny the victim access to the resources because it is busy replying because it is utilising most of the resources in processing those replies.

14. Reconnaissance Attacks

Recognizes attacks. In this kind of attack, Akirl will try to get some information about the network, typically the target networks, and he can use some kind of tool—I'll just give an overview of these tools—to gain the information about the network, so that he can use that information probably in the future to introduce some kind of attack. Like if the attacker comes to know what are the operating system and the services running in your network. So he can exploit the vulnerabilities in the operating system. Let's say the end devices issuing Windows seven operating system. Probably if he learns about the vulnerabilities. He can use those vulnerabilities to introduce some attacks, or the attacker can use.If you come to know the actual IP addressing scheme used and what the unused IP addresses are in that subnet, An attacker could most likely spoof those addresses. to introduce some kind of spoofing attack. The reconnect attacks are the most common. It's nothing but gathering information about the network. So there are different tools available on the Internet that can be used by an attacker to get information. So one of the protocols is CDP (CDP stands for Discovery Protocol), or LDP, which is a standard protocol equivalent to CDP. Now, with this protocol, you can get the neighbor device information, like what devices are connected to which port and probably the IP address or even some hardware information, like what Ibis version we are using and what the IP address is, and other stuff. So apart from that, there are some other options attackers can use, like pink speed. So it is a technique that is used by the attacker to determine which range of IP addresses are mapped to which computers. So, most likely using Spring Swift, the attacker will send some ICMP requests to the various hosts, and whichever devices are active in the network will respond. So if you just search for online for some tools,you'll find plenty of tools on the Internet which canbe used like Apping, Jeeping, Nmap, some tools works inthe Unix code and some tools works on the Windows. So, probably based on that information, the attacker can introduce some future attacks. Now, some of the other possibilities, like the packet sniffers, are also called packet analyzers or network analyzer tools. Now these are actually the programmes that can intercept and log all the traffic that is moving through the network. like an attacker. Let's say the communication is happening between A and B. So the attacker intercepts the packets and captures them andattacker can log all the traffic which is moving onthe network like using some white shock other tools. And based on that, he can get some information on whatkind of traffic is moving in the network and you canuse that information to introduce some kind of attacks. Now the other options, like port scans, are like the applications that are designed to probe a specific server. Assume you have a specific server on the internet. Many specific servers Probably attacker will use some port scan tools likein Map there are some tools and based onthat the attacker will come to know what arethe actual open ports on that particular server. The target service and the attacker canactually identify the services running on thatparticular host and it can actually exploitsome vulnerabilities if there is any. It can also be used by network administrators to perform general network administration tasks. Also, as a network administrator, you may be able to use it to verify some security policies in the network. Now there are other optionslike internet information queries. Now this is generally called a name-server lookup. So where it uses internet tools like Nslookuptools, these tools will determine the IP address assigned to that particular organisation or the network. So the attacker can probably ping those active IPs to learn more about the network and the IP rating scheme, and then use that knowledge to launch future attacks. So I got some screenshots of some of these tools. If you want to go somewhere with a more detailed explanation of the reading, such as how it is done, you can probably search the internet.

15. Reconnaissance Attacks – Mitigation

To mitigate recognition attacks, the first step is to disable unnecessary services such as CDP and LDP, most likely on border routers that connect to the internet, and deploy some firewalls such as firewall devices and IPS devices, particularly firewalls, which are an effective way to stop pink sweeps as well as port scans and other network probs. So even IPS can also detect sometimes even itcan take an action against this kind of props. Apart from that, using some strong authentication methods like two-factor authentication will defeat the password sniffer used by the attacker. So two-factor authentication like usernames and passwords, as well as some lists of certificates, still leaves the possibility that packets could be sniffed using some packet snippers. Then it's better to apply some encryption technologies like encrypting your databy using some encryption algorithms. This way we can defeat the sniffing attacks so that even if the attacker captures the traffic, he cannot see the actual contents because of the strong algorithms we use for encryption. It's also a good idea to use an anti-sniffing tool that can detect some of the packet snipper tools that are installed on the internet.

Go to testing centre with ease on our mind when you use Cisco SCOR 350-701 vce exam dumps, practice test questions and answers. Cisco 350-701 Implementing and Operating Cisco Security Core Technologies certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Cisco SCOR 350-701 exam dumps & practice test questions and answers vce from ExamCollection.