Social Engineering Attacks
There are many types of attacks and social engineering attacks are most common. These include phishing, pretexting, baiting, quid pro quo, tailgating, and dumpster diving. The commonly used phishing techniques include phishing, spear phishing, whaling, vishing and smishing. When using these techniques an attacker can do business email comprise attacks which is more of a secondary type of social engineering attack.
Some of the best defenses for social engineering attacks are a layered approach with Verification, Technology and Policy. For the verification domain, trust but verify, be skeptical of any urgency and watch out for red flags. In the technology domain, use things like Multifactor Authentication (MFA), email filtering and endpoint protection. Using the principle of least privilege, awareness training and clear reporting channels are done for the Policy domain.
Phishing
By using mass phishing, the attacker tries to get sensitive information about the victims. When spear phishing, an attacker tries to target specific individuals like a middle manager while whaling is a phishing technique to target the CEO or other C-Suite officers. Vishing attacks are phishing attempts by voice messages or by phone with smishing there is an attack by text messages.
Social Engineering
Pretexting is a social engineering technique to get a sense of trust from the attacker, and the victim is tricked into revealing sensitive information. Baiting is where there is something that is for free if they tell the attacker their information. Quid pro quo or something for something is an attack where the attacker gives a service or benefit for information.
Physical Attacks
Tailgating or piggybacking is where an unauthorized person enters areas where they follow behind someone that has access. Another physical social engineering attack is dumpster diving where an attacker gains information that comes from a dumpster. In order to prevent tailgating and piggybacking there are some things that can deter these attacks which are mantraps or card access and security guards.
Conclusion
The types of attacks that occur with social engineering are mainly done by phishing and some other kind of social engineering attack. This information is something that needs to be learned so that as a defender you can understand attacks as they happen and quickly respond to them. Working with social engineering attacks has been something to learn from the CCST Cybersecurity exam that I have currently.
There are more social engineering attacks that are used more in types of phishing attacks, but they are easier to understand with things like vishing that is over voice and smishing is over text messages. Doing the CCST Cybersecurity has prepared me in my cybersecurity knowledge by being tested on these social engineering attacks.
Attack Attribution Models
There are three attack attribution models. These are the Cyber Kill Chain, MITRE ATT&CK Matrix, and the Diamond Model. The Cyber Kill Chain is Lockheed Martin’s seven steps of a cyber-attack model. The MITRE ATT&CK Matrix is a knowledge base designed to categorize adversary tactics, techniques and procedures. The TTP’s are a way to categorize the type of attack, the attack patterns and how malicious actors use them to commit crimes.
Along with the Cyber Kill Chain and the MITRE ATT&CK Matrix the Diamond Model is a way to analyze events according to the relationship between the adversary, capability, infrastructure, and victim. These are the main three attack attribution models. The CCST Cybersecurity exam covers these and other cybersecurity concepts. In the Diamond Model, there are some individual events that happen in an attack which are analyzed by the relationships between events and attributing them to certain adversaries.
Cyber Kill Chain
The Cyber Kill Chain has seven steps in the process. These are Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives. Reconnaissance is where the attacker gets information about a target network and looks for vulnerabilities. The Weaponization step is where the attacker makes an exploit for the Delivery step which is next.
The trigger is used in the Exploitation step to trigger the exploit and move into the Installation step that includes planting the backdoor. The Command-and-Control step is next that allows for a way to exfiltrate data and remotely control the device. The last step is the Actions on Objectives step which is where there are objectives being met.
MITRE ATT&CK Matrix and Diamond Model
The MITRE ATT&CK Matrix is something that is tested on the CCST Cybersecurity exam by application. This is essentially the identifying organizational defense and weaknesses in addition to attack attribution and understanding how a red team or a blue team interprets the attacks. The Diamond Model goes over the adversary, the how, the what, and the target of the attack.
Conclusion
These attack attribution models are something that the CCST Cybersecurity goes over in the Incident Handling domain. The three models are covered in some detail, but the exam covers the basics of these models. Further study is needed if you want to go for additional certifications or job skills. I do have the CCST Cybersecurity certification and will be doing the CCNA Cybersecurity exam later this year.
Azure Virtual Networks are used in conjunction with Network Security Groups to effectively handle the networking side of Azure which is a Microsoft cloud solution. The NSGs are more like the firewalls where they allow or deny traffic based on rules for that subnet or specific IP address. Azure VNets on the other hand are something that groups resources into essentially blocks of cloud application services that can be interconnected.
Azure Virtual Networks (VNets)
Azure VNets are a type of grouping in Azure to segment parts of your network and assign IP addresses. These VNets can allow for VNet peering or even connect to an on-premises network through a VPN. It is a fundamental building block of Azure Networks that allows for private, secure, and public networks. VNets also allow for segmentation through subnets and can allow for assignment of IP addresses.
Allowing for Hybrid Connectivity ensures that a VPN or ExpressRoute can connect on-premises data centers. VNets also allow for VNet peering to connect networks with a scalable solution for complex topologies. You can also use Azure Virtual Network Manager to oversee networks at scale in a cross-subscription manner. VNets are different than the subnets and are more like VLANs in computer networking.
Azure Network Security Groups (NSGs)
The Network Security Groups in Azure allow for the filtering of a VNet when it is in place to allow or deny a specific IP or a group of IP addresses. They can work with route tables to do things like flow control. There are also capabilities like allowing or denying access to certain ports or protocols in addition to subnets and specific IP addresses.
Having some capabilities of a layer 3 and 4 firewall helps NSGs attach to subnets or Network Interface Cards (NICs) in Azure. Attaching them to subnets is more in line with best practices and allows for more simplicity of management. If the NSG is attached to a subnet it will be effective via inheritance for that subnet associated with the NSG.
Conclusion
Understanding more about VNets and NSGs will allow you to know more about the security side of Azure. For me this understanding is more of an extension of the SC-900 that I have and delves into more of the networking side of Azure which is the AZ-700 training materials. In order to truly understand something, you need to learn it and teach someone else the material.
Network Automation
Network automation is something that is in the CCNA v1.1 exam and is 10% of that exam. Network automation covers topics like AI and machine learning, Ansible and Terraform, REST API’s and API’s in general along with JSON. Automation replaces manual processes to improve the speed, efficiency, and helps reduce human error. This is using software to configure and manage the network infrastructure. It can also operate both physical and virtual devices along with helping to test the infrastructure.
Artificial Intelligence and Machine Learning
This deals with the differences of generative AI, agentic AI, and machine learning. Generative AI is something that creates something new like new data or images. Agentic AI is more for autonomous actions to achieve something. There is also predictive AI that can predict variances in network baselines over time or something to predict future trends.
Machine learning is something that is used mainly for pattern detection and learning from the data. Machine learning is something that can analyze data flows to detect anomalies and variance from a network baseline. Generative AI can help with creating scripts or generating CLI commands for a given task. Agentic AI is where the AI can remediate issues with the network devices like isolation of an existing system due to an attack.
Ansible and Terraform
Ansible and Terraform both accomplish certain roles in network automation. Terraform is something that is more of infrastructure as code and is used for a desired end-state. Terraform does better at provisioning infrastructure and sets up the containers whereas Ansible is more for setting up the configuration of the network devices or the servers. Terraform works with HashiCorp Configuration Language (HCL) and Ansible uses YAML mainly for its configurations.
APIs, REST APIs, and JSON
APIs allow the software of one application to work with the software of another application. A REST API is something that is a structured way to talk to an API that acts as more of a style that works over HTTP. JSON is the language that is used to carry the data over the API using a REST API format.
Conclusion
I have the current CCNA v1.1 exam that I passed in December 2024. This exam covers Network Automation, AI/ML, Ansible and Terraform, REST APIs, APIs, and JSON. This information can help on the exam, which was in my opinion one of the exams that took longer to complete out of the time available. There are more technologies associated with network automation like Python, NAPALM and NETCONF APIs.
Network automation can provide enhanced network security, improve compliance, increase visibility and provide faster troubleshooting. This also provides the ability to automate VLAN changes, provide configuration backups and even software updates. Network automation lowers operational costs and provides faster provisioning of network services.