Types of Security Threats and Network Attacks and their Counter Measures

A security breaching attempt and network attack is defined as a threat. Most of the attacks including intrusion, denial of service or other on a network infrastructure analyze the entire network in order to gain the information. After gaining the required information, such attacks eventually cause your network to corrupt or crash. Different attackers may different types of network attacks as they might not be interested only in ‘exploiting software applications, but also get unauthorised access of your network and the devices connected to the same network.

Types of Security Threats and Network Attacks

Within an organization or at home also, unmonitored network devices are targeted by the attackers as the primary source of information leakage and breach. If your organizational network is not secure, the risk factor increases by multi-folds as every email message, user logon, web page request, and every transmittable file is handled by a network device. Under some setups, network devices also handle telephone service and voice messaging. It becomes very risky once the attacker is able of owning your network devices, as it allows them owning your entire network.

There are multiple types of network attacks cut across all platform types and categories of software and most of the common ones are as follows:

Spoofing

Hijacking

Trojans

DoS and DDoS

Sniffing

Mapping

Social engineering

Spoofing (Identity or IP Address Spoofing)

Any internet connected device sends IP datagrams which are internet data packets into the network. These datagrams carry application layer data and the sender’s IP address and if the attacker is able of getting the control over the software running on a network device, it gets easy for them to alter the device’s protocols and putting an arbitrary IP address into the data packet’s source address field. Spoofers do it so that it becomes difficult to find the actual host who sent the datagram.

Ingress filtering is the countermeasure of spoofing and routers usually perform this. Routers perform ingress filtering to check the IP address of incoming datagrams and try to find out if the source addresses which are to be known, to be reachable via that interface. Router discards the source address of the packets which are not in the valid range.

Hijacking (man-in-the-middle attack)

Hijacking is an attack technique where man-in-the-middle takes advantage of the way headers are constructed in a weakness in the TCP/IP protocol stack. Hijackers perform hijacking by actively monitoring capturing, and controlling your communication transparently when you are communicating with another person. The attacker may re-route a data exchange and while your computers are communicating at low levels of the network layer, they might not be able to find with whom they are exchanging data. Man-in-middle attacks takes the advantage of this technique as the person with whom you communicate will think that it is you (actual user) who has sent a message whereas the fact is, it is the hacker who actively responding on your behalf using your identity. So if you find anything unusual while having conversation with your friend of receiving any message from the unauthorized contact, avoid any kind of communication as this may be either a hacking attempt or hacker.

Trojans

These are malicious programs that seem like legitimate software, but actually they when launched, they perform unintended or malicious activities behind the scenes. Most of the remote control spyware programs are of this type. A Trojan program file will look, operate, and appear to be the same size as the compromised system file.

To avoid the effects of such attacks, early use of a cryptographic checksum or binary digital signature procedure is the only protection.

Sniffing

Packet sniffing is a way of intercepting data packets travelling to a network. To capture all traffic travelling to and from internet host site, a sniffer program executes its functions at the Ethernet layer in combination with network interface cards (NIC). The sniffer program will collect all communication packets floating by anywhere near the internet host site if any of the Ethernet NIC cards are in promiscuous mode.

A sniffer placed on any inter-network link or backbone device or network aggregation point will therefore be in a state of monitoring the entire lot of traffic. There are multiple sniffers programs on the internet that are free and most of them are passive. Packet sniffers listen all data link layer frames passing by the device’s network interface and among them which are more sophisticated ones allow more active intrusion.

It is required to detect network interfaces that are running in promiscuous mode in order to detect packet sniffing. There are two ways of detecting sniffing:

Host-based: If the NIC is running in promiscuous mode, several software commands exist that can be run on individual host machines to tell the same.

Network-based: Sniffer programs consume a lot of running processed and log files, but there are solutions which tend to check for the presence of log files and running processes. However, sophisticated intruders almost always are able of hiding tracks by disguising the process and cleaning up the log files.

End-to-end or user-to-user encryption is the best countermeasure against sniffing.

Mapping (Eavesdropping)

Before attacking a network, attackers try to find out some important information like IP address of machines on the network, the operating systems that machines are using connected to a network, and the services that they offer. Using this information, attackers can be more focused on their attacks and it is less likely to cause alarm. The process of gathering all the information is known as mapping.

Strong encryption services that are based on cryptography only are its counter measures. Otherwise, it gets easy for attackers and others to read your data as it traverses the network.

Denial-of-Service attack (DoS) and Distributed-Denial-of-Service (DDoS)

A denial of service attack is a special kind of Internet attack on a network that is carried out at large websites. This attack is designed to perform on the network in order to bring it down to its knees by flooding it with useless traffic. Denial of Service can result if a system (like web server) if flooded with a huge number of illegitimate requests. This act makes the web server unable to respond on legitimate and real requests or tasks.

A Dos attack can be executed in a number of ways, but its three basic types of attacks are:

  • Consumption of computational resources, such as disk space, CPU time, and band width.
  • Disruption of configuration details, such as routing information.
  • Disruption of physical network components.

DoS attack may bring the following consequences:

  • Slow network performance.
  • Unavailability of a particular web site.
  • Inability to access a particular web site.
  • Dramatic increase of spam in your account.

Common forms of denial of service attacks are,

  1. a) Buffer Overflow Attacks simply send more traffic to a network address than the programmer’s expectation on size of buffers.
  2. b) In Smurf Attack, the perpetrator sends an IP ping request to a receiving site.
  3. c) SYN floods are a type of attack when a computer tries to make a TCP/IP connection to another computer.

To control DoS attack, only ingress filtering is the only counter measure and that too to a small extent.

Social Engineering

For attackers, social engineering is a way of deception in order to gain access to information systems. Attackers usually use a telephone or e-mail message medium for the same purpose.

The attacker usually pretends to be an authorised person of the company and pressure the help desk to give the toll-free number of the RAS server to dial. Sometimes, they use the same trick to get their password reset. The main aim behind social engineering is to sport the human element in the network-breaching loop and using it as a tool to perform breaching and hacking attempts.

Faked email sent by fake administrator to one or more users in a domain about resetting the password for a limited period of time. When user try to do so, hackers who keep on monitoring users activities exploit the user’s system.  Or the social engineer traps the users in a fictitious competition and tries to manipulate a group of users for participating in some fake competition to win a jackpot prize.

Another trick that social engineers play is they impersonate a user and pretend to forget their password and ask the helpful helpdesk to reset the password. In many cases the help desk change the user’s password over the phone and now when the hacker now a legitimate user name and password to work with, they misuse it.

If you are also victim of any such attempt and still haven’t applied counter measures, it’s high time to do that. Otherwise, you will repent for such a long delay. In case you are not sure what to do to stay safe and avoid any kind of infection and attack, comprehensive protection is required for your device as well as network. For the same purpose, you can hire tech experts who are experienced in handling all tech issues and provide tech support for Trend Micro.