NETWORK SECURITY THREATS AND ATTACKS

NETWORK SECURITY THREATS AND ATTACKS

When a network is connected to the Internet to increase information sharing, communications, or productivity, the network is vulnerable to potential intrusions and attacks. Areas where potential intruders can enter may be dial-up access points, network connections, or misconfigured hosts.

Misconfigured hosts, frequently overlooked as points of network entry can be network systems that (1) use unprotected login accounts (such as guest accounts), (2) employ extensive trust in remote commands, (3) have illegal modems attached to them, or (4) use easy-to-break passwords (Cisco Systems, 1997). Security threats are classified as passive or active (Stallings & Van Slyke, 1998). Passive attacks involve eavesdropping on, or monitoring, transmissions without actually disturbing the network. The main concern of the point of vulnerability in the net-work is eavesdropping by another employee or unauthorized user. Data is transmitted in the form of frames or packets containing the source and destination address, and other related information. An eavesdropper can monitor the traffic of this information on the network. Individuals who attempt to read privileged data, perform unauthorized modification to data, or disrupt the system, on the other hand, carry out active attacks. There are many ways in which to attack the network security. These security attacks target the key elements of the network security architecture as aforementioned:



Authentication Attacks (Unauthorized access)

These types of attacks occur when a user manipulates system resources or gains access to system information without authorization by either sharing logins or passwords or using an unattended terminal with an open session. Password attack is a frequently used method of repeating attempts on a user account and/or password. These repeated attempts are called brute force attacks (Cisco Systems, 1999). They are performed using a program that runs across a network and attempts to log into a shared resource, such as a server.

Confidentiality Attacks (Network Snooping/Sniffing)

Because network computers communicate serially (even if networks communicate in parallel) and contain limited immediate buffers, information and data are transmitted in small blocks or pieces called packets. The attackers use a variety of methods known collectively as social engineering attacks (Cisco Systems, 1999). With the use of dozens of freeware and shareware packet snuffers available,

Which do not require the user to understand anything about the underlying protocols, the attackers would capture all network packets and thereby the users login names, pass-words, and even accounts. The intruders usually take advantage of human tendency, e.g. using a single, same password for multiple accounts. More often they are successful in gaining access to corporate sensitive and confidential information. Some snooping attacks place the network interface card in promiscuous mode, while other packet snuffers capture the first 300 bytes of all telnet, file transfer protocol (FTP), and login sessions.

Integrity Attacks (Message Alteration, Delay, and Denial)

In this type of attack, data or information is added, removed, or modified in transit across the network.

This requires root access to the system or a router. If a program does not check buffer limits when reading or receiving data, this opening can be exploited by an attacker to add arbitrary data into a program or system. When run, this data gives the intruder root access to the system. Integrity attacks can create a delay, causing data to be held or otherwise made unavailable for a period of time. The attackers flood the network with useless traffic, making the system extremely slow to serve the customers, and in the extreme case, causing the system to crash. They could also cause the data to be discarded before final delivery. Both delay and denial attacks can result in the denial of service to the Network users.

Access Control Attacks (Address Masquerading)

An attacker “listens” to the network traffic, finds the Internet Protocol (IP) address of a trusted host or system, configures his/her own network inter-face, and transmits the message as if from the trusted host. This is called IP address masquerading or IP spoofing. Like packet sniffers, IP address masquerading is not restricted to people who are external to the network

if u like the post just say thank u in comment box.