A Look At Network Attacks
Definition
Network security refers to policies and provisions which are adopted by the network administrator for the purpose of monitoring and preventing misuse, unauthorized access, denial of and modification of services of network-accessible resources and/or computer network.
Which Networks Need Network Security
Different types of computer networks are covered under network security. The network can be private or public. Any network that is used for conducting everyday jobs like communications and transactions will need network security. These communications and transactions can be among individuals, government agencies and business. An example of a private network will be company network while there are other networks which are accessible by general public and are referred to a public network. Network security can be found in different types of institutions, enterprises and organizations. Thus, network security secures a network and oversees the operations taking place within the network and protects those operations. A very common form of protecting network resources is assigning of unique user identification (user ID) and password to individual users.
Common Forms of Attacks
Any network can be under attack. There are two broad categories of attack, which in turn have several sub-categories of attack. These are briefly discussed below:
Passive Attack
Passive attack is a form of attack in which the data that travels through a network is intercepted by an intruder. The sub-categories of this form of attack includes:
- Idle Scan: Also referred to as TCP Port Scan or Zombie Scan, Idle Scan is a method used by hackers to scan TCP or Transmission Control Protocol ports and then map the system of the victim and find out its weak point or vulnerabilities. A hacker using this method cannot be identified easily because the hacker impersonates another computer, which is called the Zombie computer. This hides the digital location of the hacker.
- Port Scanner: This is nothing but a software application which is generally used by the hackers for probing the server and opening the ports, which will then allow the hacker to find the list of running services and then compromise the same.
- Wiretapping: This actually refers to the process used by the attacker to monitor internet or telephone conversation. This is done by covert means and when used by attackers or hackers, it is illegal.
Active Attack
Active attack is a form of attack in which the normal network operations are disrupted by the intruder using several commands. The sub-categories of this form of attack include:
- ARP Spoofing: A hacker will send spoofed ARP or Address Resolution Protocol messages to a LAN or Local Area Network and associate his or her own MAC address with another host’s IP address. This will send all traffic to the hacker instead of the host.
- Buffer Overflow: It is a process where a program overruns buffer boundary while writing data and overwrites in memory adjacent to the buffer. This can lead to security breach, crash, incorrect results and memory access errors. Hacker exploit this maliciously.
- Cyber-Attack: Deliberately exploiting networks, computer systems and technology-dependent enterprises using malicious code capable of altering data, logic or computer code that results is data compromise is called cyber-attack. The consequences of cyber-attack include:
- Extortion, Fraud, Identity Theft.
- Denial-of-Service and Distributed Denial-of-Service attack.
- Viruses, Trojan Horse, Spyware, Spoofing, Spamming, Phishing, Pharming and Malware.
- Password Sniffing.
- Breach of Access.
- System Infiltration.
- Intellectual Property Theft.
- Website Defacement.
- Denial-of-Service: Hackers send huge amount of data to the server causing overload and then the server reject authentic data transfer requests.
- Format String Attack: A software vulnerability discovered in 1999 was uncontrolled format string which was exploited by attackers for executing harmful codes and for crashing software programs. Format String Attack was thought to be harmless and experts were soon proven wrong by the attackers.
- Man-in-the-Middle: This is a form of attack in which the attacker independently connects with the victims and starts relaying messages between them making the victims believe that they are talking to each other using a private connection while the truth is that the entire conversation is controlled by the attacker. This form of attack can have very straightforward and drastic consequences.
- SQL Injection: Applications that are data driven are attacked using this technique. The attacker generally embeds a malicious code into the application that is poorly designed. This code then passes back into the backend database of the application and leads to query actions that are not supposed to be executed.
Attack Prevention and Network Security
We just read about the different types of security threats. Unfortunately, there is no single universal solution that can protect a network from all types of threats.
There has to be multi-layered network security is place so that if one is breached, the others stand. Some of the possible network security methods include:
- Installing anti-spyware and antivirus programs on the computers.
- Setting up firewall to ensure that unauthorized network access is prevented.
- Installing Intrusion Prevention System for identifying threats that spread fast. These threats include zero-hour or zero-day attacks.
- Regularly upgrading software to close all vulnerabilities.
- Encrypting data so that it can be read only by authorized recipient. Encrypting data can be a strong security measure against passive attacks.
- Providing secure remote access using Virtual Private Networks or VPN.
- Using digital certificates, password authentication, digital authentication keys and similar identity services.
Individually, none of them are strong enough to prevent intruders or hackers from unauthorized access but together they can put up a very strong defense.