Knowing many types of Network Security Threats in your organization is very important to get prepared for the defense. Every singleNetwork Security Threat must be defended against it.
One of the central themes of security is controlling access to network resources. Not just controlling which users can access which files or services, access control should manage how the subject (user; program; process; files; computers and so on) interact with objects (can be a file; database; computers; etc). Before discussing the network security threats, you need to be familiar with the principle of security itself.
- Confidentiality, objects are not disclosed to unauthorized subjects
- Integrity, objects retain their veracity
- Availability, authorized users (subjects) are granted timely and uninterrupted
This principle of security is called CIA Triad. And one of the goals of access control is to prevent unauthorized access to the objects such as accessing to the system such as network; services; communication links; computers and so on by common network security threats. Before you assess the risk security in your organization, you should be familiar with many types of network security threat and attacks.
Common attacks or attack methodologies
Make sure that your Windows infrastructure systems deploy the WSUS windows management system. These are the common or well-known classes of attacks or attack methodologies that are regarded as network security threats.
Brute force and dictionary
Network security threat #1 is brute force and dictionary. Brute force and dictionary attacks are waged against the passwords database file or against an active logon prompt. A brute force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols. A dictionary attack is an attempt to discover passwords by attempting to use every possible password from a predefined list of common or expected passwords. The best practice in using A strong password is strongly recommended. The stronger and longer the password, the longer it will take for it to be discovered in a brute force attack. However, with enough time, all passwords can be discovered via brute force methods.
Denial of service
Network security threat #2 is the DoS. Denial of service (DoS) attacks are attacks that prevent the system from processing or responding to legitimate traffic or requests for resources and objects. The most common forms of denial of service attacks are transmitting so many data packets to a server that it cannot process them all. Other forms of denial of service attacks focus on the exploitation of a known fault or vulnerability in an operating system, service, or application. Exploiting the fault often results in system crash or 100 percent CPU utilization.
Not all instances of DoS are the result of a malicious attack. Errors in coding operating systems, services, and applications have resulted in DoS conditions. For example, a process failing to release control of the CPU or a service consuming system resources out of proportion to the service requests it is handling can cause DoS conditions. This simple form of DoS is easy to terminate just by blocking packets from the source IP address. There are many types of network security threats in the form of DoS attack.
- Network security threat caused by Distributed denial of service (DDoS) occurs when the attacker compromises several systems and uses them as launching platforms against one or more victims.
- Distributed reflective denial of service (DRDoS), this type of Network security threat takes advantage of the normal operation mechanisms of key Internet services, such as DNS and router update protocols. DRDoS attacks function by sending numerous update, session, or control packets to various Internet service servers or routers with a spoofed source address of the intended victim.
- SYN flood Network security threat is a type of DoS. A SYN flood attack is waged by breaking the standard three-way handshake used by TCP/IP to initiate communication sessions. Normally, a client sends a SYN packet to a server, the server responds with a SYN/ACK packet to the client, and the client then responds with an ACK packet back to the server. This three-way handshake establishes a communication session that is used for data transfer until the session is terminated (using a three-way handshake with FIN and ACK packets). A SYN flood occurs when numerous SYN packets are sent to a server, but the sender never replies to the server’s SYN/ACK packets with the final ACK.
- Smurf attack is also a DoS type Network security threat. A Smurf attack occurs when an amplifying server or network is used to flood a victim with useless data. An amplifying server or network is any system that generates multiple response packets, such as ICMP ECHO packets or special UDP packets, from a single submitted packet. One common attack is to send a message to the broadcast of a subnet or network so that every node on the network produces one or more response packets.
- A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs, causing the system to freeze, crash, or reboot. The ping of death is more of a buffer overflow attack, but because it often results in a downed server, it is considered a Network security threat in the form of DoS attack.
- A stream attack occurs when a large number of packets are sent to numerous ports on the victim system using random source and sequence numbers.
Spoofing
Network security threat #3 is Spoofing. Spoofing is the art of pretending to be something other than what you are. Spoofing attacks consist of replacing the valid source and/or destination IP address and node numbers with false ones.
Man-in-the-middle attacks
Network security threat #4 is A man-in-the-middle attack (or hijack attack) which occurs when a malicious user is able to position himself between the two endpoints of a communication’s link.
- By copying or sniffing the traffic between two parties; this is basically a sniffer attack (see the next section).
- The attackers positioning themselves in the line of communication where they act as a store-and-forward or proxy mechanism.
The attacker is invisible to both ends of the communication link and is able to alter the content or flow of traffic. Through this type of attack, the attacker can collect logon credentials or sensitive data as well as change the content of the messages exchanged between the two endpoints. See also basic understanding about static route.
Spamming
Network security threat #5 is Spamming. Spam is the term describing unwanted e-mail, newsgroup, or discussion forum messages. Spam can be as innocuous as an advertisement from a well-meaning vendor or as malignant as floods of unrequested messages with viruses or Trojan horses attached. Spam is usually not a security threat but rather a type of denial of service attack. Check out the article about anti-spam guidelines here.
Sniffers
Network security threat #6 is Sniffers. A sniffer attack (also known as a snooping attack) is any activity that results in a malicious user obtaining information about a network or the traffic over that network. A sniffer is often a packet-capturing program that duplicates the contents of packets traveling over the network medium into a file. Sniffer attacks often focus on the initial connections between clients and servers to obtain logon credentials, secret keys, and so on.
Crackers
Network security threat #7 is Crackers. Crackers are malicious users intent on waging an attack against a person or system. Crackers may be motivated by greed, power, or recognition. Their actions can result in stolen property (data, ideas, etc.), disabled systems, compromised security, negative public opinion, loss of market share, reduced profitability, and lost productivity.
Knowing the network security threats is very essential in managing the security assessment in your organization.