Why This Matters
In a networked world, security isn't just an IT concern—it's fundamental to how digital systems function and fail. This topic tests your understanding of network vulnerabilities, attack vectors, and the relationship between system architecture, human behavior, and security outcomes. You'll need to recognize how attackers exploit both technical weaknesses and human psychology, and why certain network structures create specific vulnerabilities.
The threats covered here demonstrate core concepts you're being tested on: how information flows through networks, where trust relationships break down, and why decentralized systems face unique security challenges. Don't just memorize attack names—understand what each threat reveals about network design, the role of nodes and edges in propagation, and how defenses leverage network principles. When you can explain why a particular attack works given network structure, you've mastered the material.
Exploitation Through Network Propagation
Some attacks succeed specifically because of how networks enable rapid, decentralized spread. The same connectivity that makes networks valuable also makes them vulnerable to cascading threats.
Malware (Viruses, Worms, Trojans, Ransomware)
- Malicious software exploits network connectivity—viruses attach to programs and spread through file sharing, while worms replicate autonomously across network connections without user action
- Trojans exploit trust relationships by disguising themselves as legitimate software, demonstrating how social trust maps onto network vulnerability
- Ransomware leverages network value by encrypting files and demanding payment, targeting organizations where data connectivity creates high-value targets
Distributed Denial of Service (DDoS) Attacks
- Overwhelms targets using distributed network resources—attackers flood systems with traffic from multiple sources simultaneously, exploiting the many-to-one relationship in client-server architectures
- Botnets demonstrate compromised network scale by coordinating thousands of infected devices, turning network size into a weapon against individual nodes
- Targets network availability rather than confidentiality, showing how attacks can disrupt the fundamental function of keeping nodes connected
Packet Sniffing
- Captures data packets traversing network links—attackers intercept information as it flows between nodes, exploiting the shared nature of network transmission media
- Unsecured networks are particularly vulnerable because data travels in plaintext, making encryption essential for protecting information in transit
- Reveals the broadcast nature of many network protocols, where packets may be visible to nodes other than the intended recipient
Compare: DDoS attacks vs. Malware propagation—both exploit network scale, but DDoS weaponizes traffic volume against a single target while malware uses connectivity to spread infection across many nodes. FRQs may ask you to explain how network topology affects each threat differently.
Interception and Communication Compromise
These attacks target the edges of networks—the communication channels between nodes. When attackers position themselves along information pathways, they can observe, modify, or redirect data flows.
Man-in-the-Middle (MitM) Attacks
- Attackers intercept communication between two parties—by positioning themselves on the network path, they can eavesdrop, alter messages, or impersonate legitimate nodes
- Exploits trust assumptions in network protocols where parties assume direct communication, highlighting why authentication and encryption matter
- Public Wi-Fi creates vulnerability because attackers can easily insert themselves into network traffic flows on shared, unsecured connections
SQL Injection
- Exploits the interface between users and databases—attackers insert malicious code through input fields, manipulating how applications query backend systems
- Targets improper input validation in web applications, allowing unauthorized access to read, modify, or delete stored data
- Demonstrates application-layer vulnerability where the network itself may be secure but the endpoints processing data are compromised
Compare: MitM attacks vs. Packet sniffing—both intercept network communications, but MitM actively positions the attacker in the communication path (potentially altering data), while sniffing passively captures traffic. If asked about active vs. passive attacks, this distinction is key.
Exploiting Human Nodes
Networks aren't just technical—they include human users whose decisions affect security. Social engineering attacks recognize that humans are often the weakest link in any security system.
Phishing Attacks
- Deceptive messages impersonate trusted sources—attackers craft emails or websites mimicking legitimate entities to harvest credentials and sensitive information
- Spear phishing targets specific individuals using personal information, demonstrating how social network data increases attack effectiveness
- Exploits trust relationships in communication networks by leveraging the expectation that messages from known sources are legitimate
Social Engineering
- Manipulates human psychology rather than technical systems—techniques like impersonation, pretexting, and baiting exploit cognitive biases and social norms
- Targets the human-network interface where people make access decisions, often bypassing technical controls entirely
- Demonstrates that security is socio-technical, requiring both system hardening and user awareness to defend effectively
Password Attacks (Brute Force, Dictionary)
- Systematically attempts authentication credentials—brute force tries all combinations while dictionary attacks use common passwords, both exploiting weak credential choices
- Success probability relates to password entropy and the computational resources attackers can deploy across distributed systems
- Account lockout policies create network-level defense by limiting attempts, showing how system design can mitigate individual node vulnerability
Compare: Phishing vs. Social engineering—phishing is a specific technique within the broader social engineering category. Phishing typically operates at scale through digital channels, while social engineering can include targeted, in-person manipulation. Both exploit human trust rather than technical vulnerabilities.
Exploiting System Vulnerabilities
Some attacks target weaknesses in software and systems before defenses can be developed. The race between attackers discovering vulnerabilities and defenders patching them defines much of network security.
Zero-Day Exploits
- Attacks unknown vulnerabilities before patches exist—these exploits target flaws that developers haven't discovered or fixed, leaving no immediate defense
- High value in attacker markets because they guarantee success against unpatched systems, often sold on dark web networks
- Demonstrates the temporal dimension of security where the window between discovery and patch deployment creates critical vulnerability periods
Insider Threats
- Authorized users misuse legitimate access—employees, contractors, or partners can intentionally or accidentally compromise security from within the network perimeter
- Bypasses external security controls because insiders already have authenticated access, making detection more difficult than external attacks
- Highlights that network boundaries aren't sufficient for security when threats originate from trusted nodes inside the network
Compare: Zero-day exploits vs. Insider threats—both bypass traditional perimeter defenses, but zero-days exploit technical vulnerabilities unknown to defenders while insider threats exploit legitimate access privileges. Defense strategies differ fundamentally: patching vs. access monitoring.
Quick Reference Table
|
| Network propagation attacks | Malware (worms), DDoS, Botnets |
| Communication interception | MitM attacks, Packet sniffing |
| Human-targeted attacks | Phishing, Social engineering, Password attacks |
| Trust exploitation | Trojans, Phishing, Insider threats |
| Application-layer vulnerabilities | SQL injection, Zero-day exploits |
| Distributed attack resources | DDoS (botnets), Brute force attacks |
| Temporal security gaps | Zero-day exploits, Unpatched vulnerabilities |
Self-Check Questions
-
Which two attack types both exploit network connectivity for spread, but differ in whether they require user action to propagate? Explain the network principle each demonstrates.
-
Compare and contrast MitM attacks and packet sniffing in terms of attacker positioning and whether data can be modified. When would an FRQ ask you to distinguish between active and passive interception?
-
Why do social engineering and phishing attacks suggest that network security cannot be solved through technical measures alone? What does this reveal about modeling networks as socio-technical systems?
-
If an organization has strong perimeter security (firewalls, intrusion detection), which threats from this guide would still pose significant risk, and why?
-
Explain how the structure of botnets—as distributed networks of compromised devices—makes DDoS attacks both powerful and difficult to defend against. What network properties do attackers exploit?