SBN

CySA+ domain #2: Network-based attacks

Introduction

Hosted by CompTIA and currently on its first exam version, the Cyber Security Analyst + certification (or CySA+) is new among the forefront of cybersecurity certifications available. One of the most prevalent, real-world examples of cybersecurity issues organizations encounter is network-based attacks, so it should come as no surprise that this material will be covered on the CySA+ certification exam. 

This article will detail detecting scans and probes, DoS and DDoS attacks, mitigating denial of service attacks, detecting other network-based attacks, and rogue network devices. If you are taking the CySA+ certification exam, or simply want a concise refresher on network-based attacks, this article is for you. 

Please note that this article is only a general guide and should not be used as your sole method of exam preparation.

Network-based attacks defined

In its simplest form, the term “network-based attacks” can be defined as attacks that are launched and controlled from a device other than the device that is under attack. To further explain the different nuances and common strategies for how to respond to said attacks, don’t worry — this article won’t let you down. 

Detecting scans and probes

Cybersecurity analysts would quickly become bogged down by examining all of the traffic coming into a network that may be a potential attack or is conducting information gathering. This can be easily avoided by setting up a solid detection system for your organization. 

In and of themselves, scans and probes do not pose much risk to a network. However, they are often harbingers of future attacks. While simpler network scans are easily detectable — such as by connecting to multiple IP addresses within a network and sequential service port testing — others are stealthier and can be difficult to detect over general network noise. 

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/sK5ZlGVvdDc/