Understanding Network Attacks

network attack can be defined as any method, process or means used to maliciously attempt to compromise the security of the network.
There are a number of reasons why an individual(s) would want to attack corporate networks. The individuals performing network attacks are commonly referred to as network attackers or hackers or crackers.
A few different types of malicious activitiesperformed by network attackers and hackers are summarized here:

  • Illegally using user accounts and privileges.

  • Stealing hardware.

  • Stealing software.

  • Running code to damage systems.

  • Running code to damage and corrupt data.

  • Modifying stored data.

  • Stealing data.

  • Using data for financial gain or for industrial espionage

  • Performing actions that prevent legitimate authorized users from accessing network services and resources.

  • Performing actions to deplete network resources and bandwidth.
A few reasons why network attackers attempt to attack corporate networks are listed here:

  • Individuals seeking fame or some sort of recognition. Script kiddies usually seek some form of fame when they attempt to crash Web sites and other public targets on the Internet. A script kiddie could also be looking for some form of acceptance or recognition from the hacker community or from black hat hackers.

  • Possible motives for structured external threats include:

    • Greed

    • Industrial espionage

    • Politics

    • Terrorism

    • Racism

    • Criminal payoffs

  • Displeased employees might seek to damage the organization's data, reliability, or financial standing.

  • There are though some network attackers that simply enjoy the challenge of trying to compromise the security systems of highly secured networks. These types of attackers simply see their actions as a means by which existing security vulnerabilities can be exposed.
Network attacks can be classified into the following four types of attacks:

  • Internal threats

  • External threats

    • Unstructured threats

    • Structured threats
Threats to the network can be initiated from a number of different sources, hence the reason why network attacks are classified as either external network attacks/threats, or internal network attacks/threats:

  • External threats: External threats or network attacks are carried out by individuals with no assistance from internal employees or contractors. These attacks are typically performed by a malicious experienced individual, a group of experienced individuals, an experienced malicious organization, or by inexperienced attackers (script kiddies). External threats are usually performed by using a predefined plan and the technologies (tools) or techniques of the attacker(s). One of the main characteristics of external threats is that it usually involves scanning and gathering information. You can therefore detect an external attack by scrutinizing existing firewall logs. You can also install an Intrusion Detection System to quickly identify external threats.
    External threats can be further categorized into either structured threats or unstructured threats:

    • Structured external threats: These threats originate from a malicious individual, a group of malicious individual(s) or from a malicious organization. Structured threats are usually initiated from network attackers that have a premeditated thought on the actual damages and losses which they want to cause. Possible motives for structured external threats include greed, politics, terrorism, racism and criminal payoffs. These attackers are highly skilled on network design, the methods on avoiding security measures, Intrusion Detection Systems (IDSs), access procedures, and hacking tools. They have the necessary skills to develop new network attack techniques and the ability to modify existing hacking tools for their exploitations. In certain cases, the attacker could be assisted by an internal authorized individual.

    • Unstructured external threats: These threats originate from an inexperienced attacker, typically from a script kiddie. A script kiddie is the terminology used to refer to an inexperienced attacker who uses cracking tools or scripted tools readily available on the Internet, to perform a network attack. Script kiddies are usually inadequately skilled to create the threats on their own. Script kiddies can be considered as being bored individuals seeking some form of fame by attempting to crash Web sites and other public targets on the Internet.
    External attacks can also occur either remotely or locally:

    • Remote external attacks: These attacks are usually aimed at the services which an organization offers to the public. The various forms which remote external attacks can take are listed here:

      • Remote attacks aimed at the services available for internal users. This remote attack usually occurs when there is no firewall solution implemented to protect these internal services.

      • Remote attacks aimed at locating modems to access the corporate network.

      • Denial-of-service ( DoS) attacks to place an exceptional processing load on servers in an attempt to prevent authorized user requests from being serviced.

      • War-dialing of the corporate private branch exchange (PBX).

      • Attempts to brute force password authenticated systems.

    • Local external attacks: These attacks typically originate from situations where computing facilities are shared, and access to the system can be obtained.

  • Internal threats: Internal attacks originate from dissatisfied or unhappy inside employees or contractors. Internal attackers have some form of access to the system and usually try to hide their attack as a normal process. For instance, internal disgruntled employees have local access to some resources on the internal network already. They could also have some administrative rights on the network. One of the best means to protect against internal attacks is to implement an Intrusion Detection System, and to configure it to scan for both external and internal attacks. All forms of attacks should be logged and the logs should be reviewed and followed up.
With respect to network attacks, the core components which should be included when you design network security are:

  • Network attack prevention.

  • Network attack detection.

  • Network attack isolation.

  • Network attack recovery.

Comments

Popular posts from this blog

Linux File and Directory Permissions

How to Disable SSL for Webmin

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442