Network Security (Vulnerability, Threats, Attacks)

Network Security: 

                         Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. An example of network security is an anti virus system. Now a days Security is the first priority in any services.

Network Security

 

Introduction to Vulnerabilities, Threats, and Attacks

Vulnerability—A weakness that is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices themselves.

Threats—the people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.

Attacks—the threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.

Vulnerabilities:

Vulnerabilities in network security can be summed up as the “soft spots” that are present in every network. The vulnerabilities are present in the network and individual devices that make up the network.

Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses:

§  Technology weaknesses

§  Configuration weaknesses

§  Security policy weaknesses

a)     Technological Weaknesses: Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses.

Weakness

I)                    TCP/IP protocol weaknesses

                                         (HTTP, FTP, and ICMP are inherently insecure)

II)                  Operating system weaknesses

                                        (The UNIX, Linux, Macintosh, Windows NT, 9x, 2K, XP, and OS/2 operating systems all have security problems that must be addressed.)

III)                Network equipment weaknesses

                                        (Password protection, Lack of authentication,

 Routing protocols, Firewall holes.)

b)    Configuration Weaknesses:  Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.

Weakness

i)                    Unsecured user account

ii)                  System accounts with easily guessed password

iii)                Misconfigured Internet service

iv)                Unsecured default settings within products

v)                  Misconfigured network equipment

c)     Security Policy Weaknesses: Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy

Weakness

i)                    Lack of written security policy

ii)                  Politic

iii)                Lack of continuity

iv)                Logical access controls not applied

v)                  Software and hardware installation of installation and changes do not follow policy.

Threats

“A threat is an event that can take advantage of vulnerability and cause a negative impact on the network.”

“A context of computer security, refers to anything that has the potential to cause several harm to a computer system.”

There are the following type of Threat:

§  Unstructured threats

§  Structured threats

§  2External threats

§  Internal threats

a)      Unstructured threats: 

Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company. For example, if an external company website is hacked, the integrity of the company is damaged. Even if the external website is separate from the internal information that sits behind a protective firewall, the public does not know that.

b)    Structured threats:

                                   Structured threats come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.

c)     External threats:

                                    External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.

d)    Internal threats:

Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network. According to the FBI, internal access and misuse account for 60 percent to 80 percent of reported incidents.

Attacks

“An action taken against a target with the intention of doing harm.”

Four primary classes of attacks exist:

§  Reconnaissance

§  Access Attack

§  Denial of service

§  Worms, viruses, and Trojan horses

a)     Reconnaissance:

                               Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities (see Figure 1-13). It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack. Reconnaissance is somewhat analogous to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.

b)    Denial of Service (DoS):

                                           Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.

c)     Worms, Viruses, and Trojan Horses:

                                                                  Viruses are malicious software that is attached to another program to execute a particular unwanted function on a user’s workstation. An e example of example of a virus is a program that is attached to command.com (the primary interpreter for Windows systems) that deletes certain files and infects any other versions of command.com that it can find.

 Malicious software is inserted onto a host to damage a system; corrupt a system; replicate itself; or deny services or access to networks, systems or services. They can also allow sensitive information to be copied or echoed to other systems.

Trojan horses can be used to ask the user to enter sensitive information in a commonly trusted screen. For example, an attacker might log in to a Windows box and run a program that looks like the true Windows logon screen, prompting a user to type his username and password. The program would then send the information to the attacker and then give the Windows error for bad password. The user would then log out, and the correct Windows logon screen would appear; the user is none the wiser that his password has just been stolen.

d)    Access Attacks:

                                  Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. Access attacks can consist of the following:

§  Password attacks

§  Man-in-the-middle attacks

§  Phishing

i)                    Password Attacks:

                                Password attacks can be implemented using several methods, including brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers. Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks usually refer to repeated attempts to identify a user account, password, or both (see Figure 1-17 for an illustration of an attempt to attack using the administrator’s profile). These repeated attempts are called brute-force attacks.

The following are the two methods for computing passwords:

Dictionary cracking—All of the words in a dictionary file are computed and compared against the possible users’ password. This method is extremely fast and finds simple passwords.

 Brute-force computation—This method uses a particular character set, such as A to Z, or A to Z plus 0 to 9, and computes the hash for every possible password made up of those characters. It always computes the password if that password is made up of the character set you have selected to test. The downside is that time is required for completion of this type of attack.

ii)                  Man-in-the-Middle Attacks

                                                 A man-in-the-middle attack requires that the hacker have access to network packets that come across a network. An example could be someone who is working for an Internet service provider (ISP) and has access to all network packets transferred between the ISP network and any other network.

Such attacks are often implemented using network packet sniffers and routing and transport protocols. The possible uses of such attacks are theft of information, hijacking of an ongoing session to gain access to private network resources, traffic analysis to derive information about a network and its users, denial of service, corruption of transmitted data, and introduction of new information into network sessions.

iii)                Phishing:

                 Phishing is a type of social-engineering attack that involves using e-mail or other types of messages in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher masquerades as a trusted party that has a seemingly legitimate need for the sensitive information. Frequent phishing scams involve sending out spam e-mails that appear to be from common online banking or auction sites. These e-mails contain hyperlinks that appear to be legitimate but actually cause users to visit a phony site set up by the phisher to capture their information. The site appears to belong to the party that was faked in the e-mail, and when users enter their information it is recorded for the phisher to use.