4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
Definition:
Dumpster diving is a type of social engineering attack where an attacker searches through an organization’s trash or discarded materials to find sensitive information that can be used to compromise systems, steal data, or gain unauthorized access.
Even though it sounds old-fashioned, in IT environments it can be surprisingly effective because people often discard information carelessly.
How it works in an IT environment:
- Searching for documents or media:
- Attackers look for printed documents, USB drives, hard drives, CDs/DVDs, or even old laptops that were thrown away.
- Example: A document containing network credentials, system architecture, or passwords is thrown in the trash without shredding. An attacker can retrieve it and use it to gain unauthorized access.
- Finding login details:
- Sometimes employees write down passwords, PINs, or usernames on sticky notes, notepads, or printouts.
- If these are thrown away improperly, an attacker can collect them and compromise accounts.
- Retrieving discarded devices:
- Old hard drives or USBs may still contain sensitive files even if the device is thought to be unused.
- If an attacker connects these devices to their system, they can recover emails, customer data, or internal reports.
- Exploiting discarded network information:
- Diagrams, IP addresses, and configuration printouts for routers, switches, or servers can be found in the trash.
- Attackers can use this to map out a network and plan further attacks, like hacking into a server or accessing sensitive systems.
Why it is dangerous:
- Dumpster diving works because humans often underestimate the value of discarded information.
- Even small pieces of information, like a note with a password or a list of internal servers, can help an attacker gain unauthorized access.
- It’s a low-tech attack that doesn’t require hacking skills; it relies on carelessness.
Prevention / Mitigation in IT environments:
To prevent dumpster diving, organizations should implement proper information disposal policies:
- Shredding documents:
- Any paper containing sensitive information should be shredded before disposal.
- Secure disposal of digital media:
- Use data wiping tools for hard drives and USB drives before throwing them away.
- Physically destroy storage media if it’s highly sensitive.
- Employee training:
- Teach employees not to write passwords or sensitive data on paper, and to follow proper disposal procedures.
- Locked disposal bins:
- Use locked bins for sensitive documents that only authorized personnel can access.
- Digital alternatives:
- Reduce paper use where possible. For example, store credentials in password managers instead of writing them down.
Exam Tip:
When asked about dumpster diving on the CompTIA Network+ exam:
- Key points to remember: it’s a social engineering attack, it involves retrieving sensitive info from discarded materials, and it can lead to data breaches.
- Prevention usually focuses on shredding, secure disposal, and employee awareness.
✅ Summary in Simple Words:
Dumpster diving is when someone goes through your trash to find IT-related secrets like passwords, USB drives, old laptops, or network diagrams. Even one small piece of information can let an attacker break into systems. You prevent it by shredding papers, wiping old devices, using locked bins, and training staff to handle sensitive info properly.
