Network Security and Modern Day Attacks
This paper discusses the vulnerability of computer networks and the difference between the various types of modern day network attacks. In the modern times, network security has increasingly become an essential issue to personal computer users, the military and various other organizations. Considering the current technological advancements especially in respect to internet related applications, network security continues being vulnerable despite the emergence of network security technology. The structure of the internet is the greatest platform that enhances the occurrence of numerous security threats (Bejtlich, 2013).
Modern networking technology and the internet have made the world to become more interconnected than it was in the past. Global networking infrastructures contain huge amounts of government, military, commercial and personal information. Besides, considering the intellectual property, which people can easily obtain via the internet, network security, undoubtedly, has become an issue of great concern. It is also worth noting that there are basically two types of networks; synchronous network and data networks (Maiwald, 2012). Synchronous network is not easily threatened by attacks especially when it comprises of the switches that do not buffer data. On the other hand, the internet operates on data network that comprises computer-based routers. This increases the possibility of obtaining information through special programs like ‘Trojan horses’ that can easily be planted in those routers making the internet vulnerable to attacks. This is why there is more emphasis on the security of data networks.
To show that computer networks are increasingly becoming vulnerable to attacks at all time, the following chart is an illustration of computer network incident statistics between 1988 and 2003 as indicated by the Software Engineering Institute (Carnegie Mellon University).
Looking at the chat, it is interesting to see how the number of incidents increases as time progresses. The incidents appearing in the chart are an indication of vulnerabilities that common computing platforms continue suffering. It is, therefore, significant to place more emphasis on vulnerability analysis in order to address and decrease security risks that are influenced by software vulnerabilities. This can be accomplished by addressing the weaknesses in the software that is under development as well as that which is already in use (Fichera & Bolt, 2012).
Read also Network Infrastructure and Security
It is worth noting that there are various types of modern day networks. The most common ones include malware, privilege escalation, social engineering, denial of service (DoS), password cracking, and phishing. It is also significant to note that these modern day attacks are different from each other.
Malware is a computer program usually used by cybercriminals to accomplish malicious actions. Any software can bear the consideration of malware depending on what its creator wants to do with it. Malware includes a number of programs such as Trojan horses, worms, computer viruses, scareware, crimeware, dishonest adware, spyware, rootkits and many other malicious computer programs (Kim, 2014). Malware is created for accomplishing goals such as harvesting passwords and logins, stealing confidential data, launching attacks that effect denial of service, sending spam emails, identity theft or extortion. In this case, the greatest objective of most cybercriminals is to get malware installed on computers as well as mobile devices so that they can gain the potential of controlling them. For a long time there has been a misconception among many people that malware can only affect Windows computers. Even though Windows has a wide application making it the main target, attackers can install malware on any other computing device such as tablets and smartphones. Besides, it is worth noting that every person is a target when it comes to malware considerations. This is because the attackers have an intention of attacking and infecting as many computing and mobile devices as possible so that they can achieve their objective of making the amount of money they want.
It is worth noting that malware appears on computing and mobile devices in various forms. It can appear in form of an advertising-supported software i.e. adware, which displays, plays or automatically downloads advertisements on the computer of the user so long as the installation process of the software has been completed (Kim, 2014). Following their privacy invasion characteristics, most adware are similar to spyware. Malware can also appear on a user’s computing device in form of backdoor. On the user’s device, it looks an installed program or an improvement to an already installed program. This program is used by attackers to avoid regular authentication. Malware can also reach the computing device of a user through baiting. This approach entails use of tangible media that can capture the attention of the victim. In this case, an attacker loads malware on USB drive, or CD ROM and places it where it can easily be found. Malware can then be installed upon inserting the tangible media into a computer thereby enabling the attacker to access the user’s information. Malware can also be used in form of crimeware especially where attackers intend to automate a financial crime. They accomplish this by performing theft of identity in order to access users’ online accounts. Attackers, therefore, use crimeware as a platform for exporting private or personal information from a given network for the purpose of financial exploitation. Generally, malware portrays characteristics such as propagation, infection, stealth and capabilities.
Virus is described as a computer program designed and directed to alter the normal function as well as perform malicious acts to the application or operating system. Some of the common types of viruses include: Boot sector viruses, File viruses or program viruses or parasitic viruses, multipartite viruses, Macro viruses and Polymorphic viruses. These viruses get into the system through various methods including infected floppy disks, an e-mail attachment infected with the virus and downloading software infected with virus(Meier, et al., 2006). These methods facilitate the entry of viruses into the system and network. Recommended methods of protecting system against virus attack
- Periodic scanning of the system to determine whether the infrastructure is affected and gauge the extent of the attack.
- In order to prevent the virus from spreading into unaffected files, it is recommended to disconnect all the infected folders and files from the system.
- Install the infected system from a clean back up that was created when the system was clean.
- Alert the anti-virus vendor so that the virus signature database is updated accordingly.
- It is important to ensure that the system is installed with anti-virus protection software to protect the system from the virus attacks.
- Regularly update the installed anti-virus databases in order to ensure that the system is protected from the latest virus attacks.
- Regularly scan the system for viruses and subsequently back up the system when all the folders and files are clean from virus infections.
- Educating the users of the system not to open emails with dubious attachment or from individuals they do not know.
This are autonomous codes that infects the network with processor cycle and hard drive space being the major targets. The worm does not infect one file in the system like the virus, it spread to other files and folders in the network. The objectives of the worm is to deplete the available storage space in the system thus duplicating or replicating itself until the space in the system is completely depleted(Singhal, 2007). Worms are known to replicate until the bandwidth in the network is depleted and other users are unable to access the resources or services in the network. The recommended measures to counter worm infection in the system and the entire network include making sure that:
- System and network operate in the latest operating system service packs and software patches and that all updates should come from authorized vendors.
- All unnecessary ports are blocked at the firewall and host.
- Unused functionality are disable including the services and protocols.
- Weak default configuration setting are harden.
This is a modern day attack that intrudes or disrupts the network by taking advantage of errors that arise as a result of programming (Andress & Winterfeld, 2013). Privilege escalation is a design flaw that enables the attacker to have exclusive rights to access the network as well as its applications and associated data. Locally, privilege escalation occurs by one user or an attacker acquiring another user’s system access rights. The moment network intruders gain access to the system, they use various techniques to enhance privileges. For this modern day attack, it is essential to note that intrusion can begin from anywhere. Typically, the privilege level of everyday users is relatively low purposely to inhibit others from obtaining credentials that may allow them control the system. Hackers cannot gain control of the system without employing privilege escalation techniques. It is significant to note that there are two types of privilege escalation. The first one is vertical privilege escalation in which an attacker requires granting himself higher privileges. To achieve this, the attacker has to perform kernel-level operations to enable him run unauthorized code (Andress & Winterfeld, 2013). The second type is horizontal privilege escalation in which an attacker requires assuming the identity of a different user. He then effects disruption using same level privileges that have been granted.
It is also significant to note that there are five techniques that attackers use to escalate privileges. The first technique is where attackers dump the SAM file. This technique enables an attacker to reclaim LM hashes especially from a system in which domain credentials are included. The second technique is password file retrieval. Retrieving a password file enables an attacker to easily enumerate usernames of a particular system. The third technique is called weak permissions on processes (Kim, 2014). This technique enables an attacker to infect a computer process with a malicious code in order to retrieve certain privileges like domain administration from the owner of the process. The fourth technique is where attackers accessing shared folders that might contain sensitive information. This applies to cases where shared folders have limited restrictions. The fifth technique is DLL preloading where attackers capitalize on the most utilized shared folder mostly by users while executing particular applications.
This is a method of network intrusion that attackers use without involving technological techniques. It is simply the art of manipulating the minds of people with the intention of making them reveal their confidential information (Fichera & Bolt, 2012). Criminals use social engineering to obtain varying types of information; mainly, they seek to achieve various things such as obtaining bank information, personal passwords, or gaining access to the computer and install malicious software in order gain control. The underlying principle behind social engineering is the possibility of exploiting the natural inclination of people to trust as compared to inventing techniques to hack their software. There are a lot of “con games” that social engineers involve in their operations. For them to gain entry into other people’s computers, they trick them, raise their confidence and make them reveal sensitive information, which can compromise the security of the network. In a situation where attackers intend to access a company’s system, they can make a call to an authorized employee and communicate urgent information that demands accessing the network immediately.
Besides making calls, there are, also, various common social engineering techniques that attackers use. For instance, they can socially engineer the email password of a person and gain access to his/her list of contacts. And in a case where a person may be using a single password all over, attackers can possibly access the entire social networking information of a person. Once they gain full control of the email account, they can freely send emails to all contacts of the person (Fichera & Bolt, 2012). The messages contained in the emails may attract the attention of the recipients and finally gain their trust.
Denial of Service (DoS)
This is a modern day network security intrusion in which an attacker tries to stop legitimate users so that they do not access the information or services that they need (Kim, 2014). For instance, an attacker may target a computer together with its network connection in order to prevent users from accessing their websites, emails, or online banking details. Attacks resulting from DoS do not usually end up in information loss or any other loss of security; however, they can cause the target company or person to lose a lot of money and time. Such attacks also can lead to disrupted programming as well as files contained in the disrupted computer systems. In most cases, Denial of Service attacks occur in cases where attackers understand the weakness of the target system. It is, however, essential to note that not all service disruptions result from Denial of Service attacks; some of them could be as a result of technical problem specific to a particular network. According to Andress and Winterfeld (2013), there are a number of reliable signs that can indicate the presence of a Denial of Service attack. First, impossible access to any website on the computer; second, complete unavailability of a website of interest; third, abnormal increase in the volume of spam emails received in a person’s account; and fourth, unusual decrease in network performance especially when it comes to website access or opening files.
This is a network attack that lead to code injection or denial of service attacks which necessitate the crash of the system or program. Code injection allows the attackers’ injected code to be executed hence completely altering the normal functioning of the program(Singhal, 2007). Some of the recommended countermeasures of buffer overflow include:
- The first line of defense against buffer overflows is to carry out comprehensive input validation. It is important to limit input through validating it for range, format, length and type.
- Limiting the applications’ use of unmanaged codes by thoroughly inspecting the unmanaged APIs to make sure that input is properly validated.
- Inspecting the managed code that calls the unmanaged API to ensure that only appropriate values can be passed as parameter to unmanaged API.
Man-in-the middle attacks
This is a network attack that form active eavesdropping or monitoring on victims connection and communication between victims hosts. This attack facilitate the interaction between the attacker and the victim parties of the communication(Meier, et al., 2006). The objectives of the attacker is to intercept all parts of the communication, alter the contents and convey the communication as a legitimate results. The recommended countermeasures of man-in-the middle attack include:
- End-to-end encryption and authentication of all wireless communication using Wired Equivalent Privacy (WEP)and Wi-Fi Protected Access (WPA).
- Avoid the use of shared key encryption since it can lead to the compromise of the WEP keys.
- Disabling SSID broadcasts in order to protect the network from survey mechanism.
This is a modern day attack that entails recovery or guessing of a password either from a data transmission system or stored location. Through password cracking, attackers can obtain passwords to enable them gain illegitimate access to a particular network. During penetration testing, password cracking is used for verifying an applications’ security. There are a number of password cracking tools such as Brutus, rainbow-crack, wfuzz, Cain and Abel, John the Ripper, THC Hydra, medusa, ophcrack, aircrack-NG, and many others (Fichera & Bolt, 2012). Each of these tools has unique features; for instance, Wfuzz is characterized by cookies fuzzing, multi-threading, output in colored HTML, SOCK and Proxy support, and periodic delay between requests (Fichera & Bolt, 2012).
This is a modern day attack that entails attackers making illegal attempts to obtain sensitive or secret information like credit card details, usernames, and passwords by pretending to be a trustworthy or reliable entity through an electronic communication (Andress & Winterfeld, 2013). Through phishing email for instance, an attacker can direct users to a particular website and ask them to update certain personal information like bank account numbers, social security, credit card, or passwords, which have already been given to a legitimate organization. Such a website, in most cases, is bogus and is only used by an attacker to steal the information entered on the page by the user. Phishing, as also known as carding or brand spoofing, is a method that attackers use to “fish” ideas from users by sending them huge volumes of emails; in this case, some people read them while others ignore. Some cybercriminals make phishing phone calls and offer to sell a software license or to provide assistance in solving computer problems. They then proceed to ask for confidential information.
In conclusion, network security has increasingly become an essential issue to personal computer users, the military and various other organizations. There are different types of modern day attacks. Malware is a computer program usually used by cybercriminals to accomplish malicious actions. It includes a number of programs such as Trojan horses, worms, computer viruses, scareware, crimeware, dishonest adware, spyware, rootkits and many other malicious computer programs. Privilege escalation is a modern day attack that intrudes or disrupts the network by taking advantage of errors that arise as a result of programming. Social engineering is a modern day attack that entails manipulating the minds of people with the intention of making them reveal their confidential information. Denial of Service (DoS) is a modern day attack where an attacker tries to stop legitimate users so that they do not access the information or services that they need. Password cracking is a modern day attack that entails recovery or guessing of a password either from a data transmission system or stored location. Phishing is a modern day attack that entails attackers making illegal attempts to obtain sensitive or secret information like credit card details, usernames, and passwords by pretending to be a trustworthy or reliable entity through an electronic communication.
You can order a unique paper at an affordable price