Comparison should include the following:
- Attacks/threats
- Denial of Service (DoS)
- Distributed DoS
- Botnet
- Traffic spike
- Coordinated attack
- Reflective/amplified
- DNS
- Network Time Protocol (NTP)
- Smurfing
- Friendly/unintentional DoS
- Physical attack
- Address Resolution Protocol (ARP) cache poisoning
- Packet/protocol abuse
- Spoofing
- Wireless
- Evil twin
- Rogue AP
- War driving
- War chalking
- Bluejacking
- Bluesnarfing
- WiFi Protected Access/Wired Equivalent Privacy/WiFi Protected Setup (WPA/WEP/WPS) attacks
- Brute force
- Session hijacking
- Social engineering
- Man-in-the-middle
- VLAN hopping
- Compromised system
- Effect of malware on the network
- Insider threat/malicious employee
- Zero-day attacks
- Vulnerabilities
- Unnecessary running services
- Open ports
- Unpatched/legacy systems
- Unencrypted channels
- Clear text credentials
- Unsecure protocols
- Telnet
- HyperText Transfer Protocol (HTTP)
- Serial Line Internet Protocol (SLIP)
- FTP
- Trivial File Transfer Protocol (TFTP)
- SNMPv1 and SNMPv2
- TEMPEST/Radio Frequency (RF) emanation
Process/Skill Questions:
- What is a rogue AP?
- What can be done to minimize the effect of a zero-day attack?
- What are some unsecure protocols?
- What are some examples of software that allow a cyber security analyst to inspect network packets?