Layer 2 attacks refer to cyber attacks that target layers 1 and 2 of the OSI Model (the Physical and Data Link Layers). These types of attacks are often focused on gathering information by gaining information from, or about, a network.
The OSI layers include: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
MAC Cloning (MAC Spoofing) is an attack in which an attacker fakes the factory-assigned MAC address of a device’s factory interface.
A Media Access Control (MAC) Flooding attack is a variation on a Address Resolution Protocol (ARP) Poisoning attack in which the attacker instead floods a switch’s cache table with frames from a random source MAC addresses.
A Media Access Control (MAC) address is a unique hardware identification number given to network interfaces.
Address Resolution Protocol (ARP) is a broadcast mechanism where Media Access Control (MAC) addresses are matched to an Internet Protocol (IP) address on a local network segment.
Address Resolution Protocol (ARP) Poisoning attacks are when an attacker with access to a local network segment is able to redirect an IP address to a new MAC address.
This results in the attacker being able to receive traffic intended for someone else. This can allow the attacker to look at or modify the traffic, and it can be used to perform DoS, spoofing, MitM, and other attacks.
In Cybersecurity, skimming refers to a physical attack technique which uses a fake card reader in order to skim, or copy, a smart card’s data. This can include ID cards, credit cards, and other smart cards.
Skimming is an example of a physical attack because skimmers rely on proximity to smart cards or installation on public card readers like ATMs.
An Evil Twin Attack is a wireless attack in which an attacker sets up a fake Wi-Fi network that looks legitimate in order to steal victims’ information.
This attack is sometimes performed as part of a Man-in-the-Middle Attack.
In a Wi-Fi Disassociation Attack an attacker breaks the wireless connection between the victim and the access point. This is a type of Denial of Service (DoS) attack.
A Rogue Access Point is any network device (typically wireless) operating on a network that has not been approved by an administrator and is granting unauthorized access to the network.
This term applies to innocent devices perhaps added by an employee, as well as malicious devices added by an attacker.
Jamming refers to a wireless attack in which an attacker attempts to interfere with or “jam” a victim’s connection to a wireless channel by sending a conflicting frequency.
These attacks are dangerous because they’re relatively easy to carry out and they can effectively halt all communication on a channel.
Bluesnarfing is a wireless attack that occurs when a Bluetooth-capable device is set to “discoverable” and able to be located by other devices. Utilizing the Bluetooth connection, an attacker can steal data from this “discoverable” device, often without the user’s knowledge.
Bluejacking is when someone uses a Bluetooth connection to send unauthorized messages to a Bluetooth-capable device.
Bluetooth is a technology used for short-range wireless communication. It is commonly used by wireless peripherals such as headphones or computer mice to connect to smartphones and computers.
Bluetooth is defined by the IEEE (Institute for Electrical and Electronics Engineering) standard 802.15.1.
Radio Frequency Identifiers (RFIDs) use electromagnetic fields as a way of encoding information into passive tags that can be easily attached to any sort of physical object or device. They can then be used to track or identify objects.
Near-Field Communication (NFC) is a wireless communication system that can be between two devices that are four centimeters apart. It is used for things like secure transactions or transferring files between devices.
Near-Field Communication (NFC) is vulnerable to skimming attacks, as well as Denial-of-Service (DoS)-style attacks in which an attacker floods the device with RF signals corrupting data as it is being transferred.
The OSI Model is a conceptual, implementation-neutral model that describes networking in seven separate layers, where each layer covers a set of functions and tasks.
This model helps us communicate while we do network troubleshooting and architecture.
The TCP/IP Model is an implementation-specific networking model that revolves around the TCP protocol and IP addressing which anchor the Internet as we know it.
Its layers include:
Three broad categories of networks include:
The Internet is technically a WAN.
A network is two or more computers or devices that are linked in order to share information.
Networking refers to a large set of standards and protocols that organize and regulate the sharing of information.
A network protocol is a set of standards for Internet traffic.
Among them are the big transport protocols:
Uniform Resource Locator (URL) Redirection is when Hypertext Transfer Protocol (HTTP) redirects are used to open a page that is different from the one the user intended to access. Redirects can be used for innocent purposes, such as to redirect users to a login page, but this method can also be used for malicious purposes. Attackers often use this in conjunction with phishing techniques or by adding redirects to .htaccess files.
A URL (Universal Resource Locator) is a string that represent an address that points to a resource on the internet. An example of a URL is: https://www.codecademy.com
DNS (Domain Name System) poisoning is a type of attack in which an attacker interferes with the resolution of domain names, therefore diverting legitimate traffic from victim domains.
The Domain Name System (DNS) protocol is used to figure out what IP address is associated with a given domain name, so that we can connect to websites by Uniform Resource Locator (URL) rather than having to remember a list of IP addresses ourselves.
Domain Reputation refers to the view the public has of a domain. If a domain is hijacked, it will likely be used for spam or nefarious purposes. This could lead to complaints or the domain being denylisted or blacklisted.
Domain Hijacking is a cyber attack in which an attacker takes control of a registered domain name without the owners consent. This can be done via hacking, social engineering, or snagging a domain name that wasn’t renewed on time.