Types of Network Attacks 1

There are four primary classes of attacks.
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Reconnaissance is similar to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.
System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
Denial of Service
Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.
Worms, Viruses, and Trojan Horses
Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.
Reconaissance Attacks
Reconnaissance attacks can consist of the following:
Internet information queries
Ping sweeps
Port scans
Packet sniffers
External attackers can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active. To help automate this step, an attacker may use a ping sweep tool, such as fping or gping, which systematically pings all network addresses in a given range or subnet. This is similar to going through a section of a telephone book and calling each number to see who answers.
When the active IP addresses are identified, the intruder uses a port scanner to determine which network services or ports are active on the live IP addresses. A port scanner is software, such as Nmap or Superscan, that is designed to search a network host for open ports. The port scanner queries the ports to determine the application type and version, as well as the type and version of operating system (OS) running on the target host. Based on this information, the intruder can determine if a possible vulnerability that can be exploited exists. As shown in the figure, a network exploration tool such as Nmap can be used to conduct host discovery, port scanning, version detection, and OS detection. Many of these tools are available and easy to use.
Internal attackers may attempt to "eavesdrop" on network traffic.
Network snooping and packet sniffing are common terms for eavesdropping. The information gathered by eavesdropping can be used to pose other attacks to the network.
Two common uses of eavesdropping are as follows:
Information gathering-Network intruders can identify usernames, passwords, or information carried in a packet.
Information theft-The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers.
An example of data susceptible to eavesdropping is SNMP version 1 community strings, which are sent in clear text. SNMP is a management protocol that provides a means for network devices to collect information about their status and to send it to an administrator. An intruder could eavesdrop on SNMP queries and gather valuable data on network equipment configuration. Another example is the capture of usernames and passwords as they cross a network.
A common method for eavesdropping on communications is to capture TCP/IP or other protocol packets and decode the contents using a protocol analyzer or similar utility. An example of such a program is Wireshark, which you have been using extensively throughout the Exploration courses. After packets are captured, they can be examined for vulnerable information.
Three of the most effective methods for counteracting eavesdropping are as follows:
Using switched networks instead of hubs so that traffic is not broadcast to all endpoints or network hosts.
Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users.
Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping. For example, SNMP version 3 can encrypt community strings, so a company could forbid using SNMP version 1, but permit SNMP version 3.
Encryption provides protection for data susceptible to eavesdropping attacks, password crackers, or manipulation. Almost every company has transactions that could have negative consequences if viewed by an eavesdropper. Encryption ensures that when sensitive data passes over a medium susceptible to eavesdropping, it cannot be altered or observed. Decryption is necessary when the data reaches the destination host.
One method of encryption is called payload-only encryption. This method encrypts the payload section (data section) after a User Datagram Protocol (UDP) or TCP header. This enables Cisco IOS routers and switches to read the network layer information and forward the traffic as any other IP packet. Payload-only encryption allows flow switching and all access-list features to work with the encrypted traffic just as they would with plain text traffic, thereby preserving desired quality of service (QoS) for all data.


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog