Network+ (N10-009) Objective 4.0: Network Security
Common Network Threats and Attacks
Understanding network security threats, attack vectors, and mitigation strategies.
Social Engineering Attacks
Attacks that manipulate people into breaking security procedures
Phishing
HighFraudulent attempts to obtain sensitive information by disguising as a trustworthy entity
Indicators:
- Emails with urgent calls to action
- Suspicious sender addresses
- Requests for personal information
- Links to misspelled domain names
Mitigation:
- Security awareness training
- Email filtering solutions
- Multi-factor authentication
- URL filtering
Exam Note: Recognize variants like spear phishing (targeted), vishing (voice), and whaling (targeting executives)
Pretexting
MediumCreating a fabricated scenario to obtain information or access
Indicators:
- Someone claiming to be IT/support requesting credentials
- Unusual requests for personal information
- Creating false urgency
- Inconsistent details in the story
Mitigation:
- Verification procedures for identity
- Security awareness training
- Clearly defined policies for information sharing
- Call-back procedures
Exam Note: Often combined with impersonation of authority figures or colleagues
Tailgating/Piggybacking
MediumUnauthorized person following an authorized person into a secured area
Indicators:
- Unknown individuals following employees through secure doors
- Someone asking to borrow access credentials
- Individuals without proper identification in secure areas
Mitigation:
- Security awareness training
- Mantrap/Security vestibules
- Visitor escort policies
- Video surveillance
- Badge identification requirements
Exam Note: Physical security is an important component of network security
Dumpster Diving
LowSearching through trash to find sensitive information
Indicators:
- Signs of trash being searched
- Missing disposed documents
- Unauthorized personnel near disposal areas
Mitigation:
- Proper document destruction (shredding)
- Secure disposal procedures
- Clean desk policies
- Security awareness training
Exam Note: Often used to gather information for more sophisticated attacks
Exam Preparation Tip
For the Network+ exam, focus on identifying attack types, their indicators, and appropriate mitigation strategies. Understanding the OSI layer at which attacks operate can help with both identification and determining proper countermeasures. Be familiar with common security tools that detect or prevent these attacks.