Security + Network Security and Host Security
Studying for this Security + is interesting. A lot of these concepts I’ve been exposed to or heard of before, but I feel like this time they’re really sinking in. I’m a firm believer in repetition being the mother of all learning, and this is at least the second time I’ve heard most of this stuff so I feel a lot better about it. The chapter I just finished was on network security which I will fully admit is one of my weaknesses (along with some parts of cryptography), but this this time a couple of concepts really stuck with me as particularly interesting.
A Man in the Middle (MiTM) attack is when an attacker sits in between a victim and their network traffic. An Evil Twin attack is when a malicious actor copies the SSID of a legitimate access point. If an attacker’s signal is stronger than the legitimate AP, the victim’s device will connect to the malicious AP, which the attacker has full control over. From here the attacker could do something like setup DNS that resolves to a malicious facebook homepage clone that they control and grab the victim’s creds when they unknowingly type them in. Or they could simply sit with wireshark fired up and search for http packets that have creds in clear text or just monitor what sites you visit.
I’ve actually experienced the idea behind an Evil Twin attack first hand. My wife and I were on a road trip and I decided to use her travel cellular router to do get some work done. Her router had the same name as our home router and because of that my laptop tried to connect to the travel router thinking it was the home router. I got denied because the passwords were different, but the concept there is the same as in an Evil Twin attack. It’s interesting how something as simple as an SSID can put you at risk.
Another concept that I thought was cool, in the realm of host security, is virtualization escape. I love virtualization. My homelab is basically all virtual machines. VMs can help you get the most out of your hardware, simplify backup strategies, and is easier to administrate than if you just had all physical machines. However, one of the (mild) risks of running virtual infrastructure is VM escaping. VM escaping is when an attacker is able to compromise a virtual machine, escape out of it and gain access to the hypervisor that’s hosting the VMs. These kinds of vulnerabilities appear to be rare, and it’s a good thing they are. If attackers gain access to your hypervisor, then it could be game over. They would have total access to potentially your entire virtual infrastructure.