| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 12.15 - Prevent or Mitigate Network Attacks
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series tackles the attacks aimed at your communication channels and how to stop them, part of Domain 4. It explains why the data crossing your network is a target the moment it leaves a machine, and how you anticipate interception threats and build the controls that make listening or tampering useless.
What this episode covers
- A broad view of harm — disclosure, delay, denial, fraud, waste, abuse, and loss, not just outright destruction.
- The common threats — denial of service, impersonation, replay, address and domain poisoning, eavesdropping, and modification.
- Every threat has a countermeasure — the recurring cast of attacks each maps to a defense.
- Eavesdropping — passive listening that copies traffic to mine credentials and data, needing a tap or sniffer.
- Passive vs active — pure listening leaves almost no trace, while injecting or altering traffic becomes active.
- Eavesdropping defenses — physical access security, encryption, onetime authentication, and application allow listing.
- Modification attacks — captured packets altered and replayed, countered by digital signatures and packet checksums.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What does harm to a communication system really include?
More than most people assume. It is easy to picture harm as pure destruction, but the list is much broader. It includes disclosure of secrets, delayed or denied access, fraud, wasted or abused resources, and outright loss. Any activity or condition that can hurt your data, your systems, or your people belongs on this list and deserves mitigation. Framing harm this widely keeps you from fixating on one dramatic failure while quieter damage slips past.
Which common threats target communication systems?
A recurring cast of attacks. Denial of service and its amplified cousin, distributed denial of service, flood a system until legitimate users cannot get in. Impersonation pretends to be a trusted party, and replay captures valid traffic and sends it again to trick a system. Address resolution and domain name poisoning corrupt the lookups that steer traffic, while eavesdropping and transmission modification target the data in transit directly. Every one has a countermeasure, which is exactly the point.
What is eavesdropping and why is it so hard to catch?
Eavesdropping is simply listening to traffic in order to copy it, then mining that copy for usernames, passwords, procedures, and sensitive data. It usually needs some access to your infrastructure, tapping an open port or cable or planting capture software like a sniffer. The danger is that pure listening is a passive attack, which leaves almost no trace and is very hard to detect. The moment listening turns into altering or injecting traffic, it becomes an active attack.
How do you defend against eavesdropping?
With layers that make listening pointless. Start with physical access security so unauthorized people cannot reach your cabling to plant a tap. For traffic that leaves your network, or to blunt an insider, encryption is your workhorse, wrapping the data so a captured copy is unreadable. Onetime authentication methods ensure that even sniffed credentials cannot be reused, and application allow listing helps prevent unapproved tools like sniffers from ever running.
What is a modification attack and how do you counter it?
In a modification attack, an attacker captures packets, alters them, and replays the changed versions against a system, crafting the doctored packets to slip past authentication and session-sequencing protections. The defense is integrity checking. Digital signature verification confirms a message truly came from its claimed sender and was not touched, and packet checksum verification catches any tampering with the contents, much like a tamper-evident seal you reject when it is broken.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 12.15 - Prevent or Mitigate Network Attacks.