1.1 Explain common threats against on-premises, hybrid, and cloud environments
📘CCNP security (350-701)
An on-premises environment means that all your computers, servers, applications, and data are located inside your organization’s physical location—like your company’s office or data center. Since everything is hosted locally, it is susceptible to several cyber threats. Let’s explore the main ones.
1. Viruses
- Definition: A virus is a type of malicious software (malware) that attaches itself to files or programs. When the infected file runs, the virus spreads to other files or computers.
- How it works in IT:
- You download a program or file from the network.
- The virus attaches itself to your system files or applications.
- It can corrupt files, slow down servers, or delete data.
- Exam Tip: Remember, viruses need a host file to spread. They don’t run by themselves.
2. Trojans
- Definition: Trojan horses (or Trojans) are malware disguised as legitimate software. Unlike viruses, they do not replicate themselves.
- How it works in IT:
- A user downloads software thinking it is legitimate (e.g., a patch or tool).
- Once installed, it may open a backdoor for attackers to access servers, steal credentials, or deploy more malware.
- Key Point: Trojans trick users into installing them; they rely on social engineering.
3. Denial of Service (DoS) and Distributed Denial of Service (DDoS)
- Definition:
- DoS: Overloads a server or network device to make it unavailable.
- DDoS: The same attack but launched from multiple devices at once.
- How it works in IT:
- A server receives too many requests from one or more sources.
- Legitimate users cannot access services (websites, applications, VPNs).
- Exam Tip: DoS is single-source, DDoS is multi-source.
4. Phishing
- Definition: Phishing is an attack where attackers trick users into revealing sensitive information like passwords, credit card numbers, or security keys.
- How it works in IT:
- An attacker sends an email that looks like it comes from IT support.
- The user clicks a link and enters login credentials on a fake website.
- The attacker now has access to the organization’s internal systems.
- Key Point: Phishing exploits human behavior, not just software vulnerabilities.
5. Rootkits
- Definition: A rootkit is malware that hides deep inside the system to avoid detection. It allows attackers to maintain access without being noticed.
- How it works in IT:
- The attacker installs a rootkit on a server.
- It modifies system processes and logs so the malware is invisible to admins.
- The attacker can then steal data, manipulate files, or install other malware.
- Exam Tip: Rootkits are hard to detect because they operate at the system level.
6. Man-in-the-Middle (MITM)
- Definition: MITM attacks happen when an attacker intercepts communication between two systems to eavesdrop or alter data.
- How it works in IT:
- An attacker places themselves between a user and a server.
- They can capture usernames, passwords, or sensitive files.
- Example in IT: Intercepting login credentials during an internal web portal access if traffic is unencrypted.
- Key Point: Encryption (like TLS/SSL) helps prevent MITM attacks.
7. SQL Injection
- Definition: SQL injection is an attack where malicious SQL code is inserted into input fields of a database-driven application to access or manipulate data.
- How it works in IT:
- A user enters malicious SQL into a login field (
' OR '1'='1), bypassing authentication. - The attacker can read, modify, or delete data in databases.
- A user enters malicious SQL into a login field (
- Exam Tip: Always relate SQL injection to database-driven applications.
8. Cross-Site Scripting (XSS)
- Definition: XSS is a vulnerability in web applications where attackers inject malicious scripts into webpages viewed by other users.
- How it works in IT:
- A user posts a comment with JavaScript code.
- Other users visiting the page execute that code unknowingly.
- This can steal session cookies, redirect users, or deface the site.
- Key Point: XSS is a web application attack, unlike SQL injection, which targets databases.
9. Malware (General)
- Definition: Malware is any software designed to harm, exploit, or steal information from systems.
- Types include: viruses, worms, Trojans, ransomware, spyware, adware, and rootkits.
- How it works in IT:
- Malware can encrypt files (ransomware), log keystrokes (spyware), or use system resources for attacks.
- Exam Tip: Think of malware as the umbrella term covering all malicious software.
Summary Table for Exam Preparation
| Threat | Key Point | IT Focus |
|---|---|---|
| Virus | Needs host file to spread | Infected apps, system files |
| Trojan | Disguised as legit software | Backdoors, credential theft |
| DoS/DDoS | Overload servers/network | Service unavailability |
| Phishing | Tricks users | Credential theft |
| Rootkit | Hides in system | Persistent unauthorized access |
| MITM | Intercepts communication | Sniffing/modifying data |
| SQL Injection | Malicious SQL in apps | Database access/manipulation |
| XSS | Malicious scripts in web apps | Session hijacking, page defacement |
| Malware | Umbrella term | Any harmful software |
✅ Exam Tips for On-Premises Threats:
- Understand the difference between viruses, Trojans, and malware.
- Focus on DoS vs DDoS—how many sources are involved.
- Know that MITM attacks are stopped by encryption.
- Remember SQLi and XSS are different layers—database vs web applications.
- Rootkits are hard to detect, so think “hidden attacker access.”
