>

Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Understanding Network Security Attacks

The private or internal computer networks are vulnerable to the network security attacks either from internal or external attacks. Internal attacks generally come from the insiders who do something stupid that threaten the network resources such as introducing virus via a USB flash disks which are infected by viruses. External attacks are typically introduced via network entry point from the internet.

Unlike computer networking in the past that were isolated from other parts of networks in the world, business networks today allow employee to exchange messages and inter-connect with other parts of the world with the wild internet in which the corporate networks have the entry point with the internet. Via the internet, Tele-workers can connect to their corporate networks from other parts of the world via the public internet via a VPN tunneling. These entry points of the corporate networks are vulnerable to any types of network security attacks from the wild internet.

What are common network security attacks that corporate networks should get shields to prevent their threats? The following are common security threats that must be watched carefully by corporate security engineers by implementing any types of hardened security systems and enforcements of the security policies to the entire employee.

DoS

Denial of Service is one of the network security attacks that will prevent the legitimate traffics or requests for network resources from being processed or responded by the system. This type of attack usually transmits so many data traffic to the network resources that they cannot process them all to cause the system to be out of service. Sometimes the DoS attacks also exploit known system vulnerability in the OS, services, or applications that cause the system to crash and result full CPU utilization.

Basically there are many variants of DoS attacks including the following:

  • DDoS (Distributed denial of service) attacks – these types of network security attacks are the result of system compromise by the intruders and use the system as the launching platforms to other victims.
  • DRDoS (Distributed reflective denial of service) – attacks key internet services such as DNS and router update protocols by sending numerous update, session, or control packets to the servers. The attack mechanism is done by spoofing the source address of the intended victim.
  • Sync Flood manipulates the standard three-way handshake in TCP/IP that initiate the communication sessions. In three-way handshake, client sends SYN packet to the server, the server responds with the SYN/ACK packet to the client, and the client responds back to the server with the ACK packet. The attacker sends numerous SYN packets to the server but never responds to the SYN/ACK packet with the final ACK packets. This looping process will flood the system to cause no response to the services requests.
  • Smurf attack is one of DoS network security attacks that generate multiple response packets such as ICMP ECHO packets to flood the victim with these useless data.
  • Ping of death attacks send numerous oversized ping packets to a victim that causes the system to be buffer overflow and ultimately cause the system to freeze, crash, and reboot.
  • A stream attack occurs when a large number of packets are sent to numerous ports on the victim system using random source and sequence numbers.

Spoofing

Spoofing is one of network security attacks by pretending to be something other than what you are. The attacks consist of replacing the valid source and/or destination IP address and node numbers with false ones.

Man-in-the-middle attacks

Man-in-the-middle attacks are malicious users who position themselves between the two endpoints of a communication’s link either by copying or sniffing the traffic between two parties, or positioning themselves in the line of communication where they act as a store-and-forward or proxy mechanism. These network security attacks can collect logon credentials or sensitive data as well as change the content of the messages exchanged between the two endpoints.

Brute force and dictionary

Passwords database file or an active logon prompt can be the targets of the Brute force and dictionary attacks. Passwords can be discovered by systematically attempting every possible combination of letters, numbers, and symbols by brute force attacks. While the dictionary attacks discover the passwords by using predefined dictionary of expected passwords.

Brute force attack will take longer time if the passwords are made strong and long enough. It is therefore implementing strong passwords are highly recommended such as minimum 8 characters, combinations of upper and lower case and symbols and can also use the matrix passwords. See also the password security guidelines here.

Crackers

Crackers are malicious users which attack users or system with the motivation of power, recognition, or greed that generally result in stolen data, ideas, compromising security, lost productivity and so on.

Sniffers

Sniffers are network security attacks that attempt to obtain information about the network or the traffic over that network. Typically the sniffer attacks are in the form of packet-capturing programs that focus on the initial connections (when the two parties create connections) to obtain logon credentials, secret keys, and so on.

Spamming

Spamming can also be categorized as the network security attacks in the form of unwanted email messages that contain viruses or Trojan horse files. Usually spamming is not regarded as the security threats but rather a type of DoS attacks. Check out the article about anti-spam guidelines here.

How to protect the network against any types of network security attacks?

Firewalls protection

The first line of defense in protecting the corporate network is by deploying a secured firewall in each of the entry point of the internet with strong security policy and must be configured to deny all traffic which is not explicitly permitted. Networks must be segmented if distinct security boundaries are to be enforced such as creating DMZ network and hosting public resources in DMZ.

Antivirus Software

Besides securing firewalls, a corporate network antivirus must also be deployed centrally where all the clients update their data signature from the antivirus-server, not download direct from the internet. The server is responsible for the data update by downloading from the vendor website and notifies the clients to update the data automatically. Corporate version of the anti-virus software can be configured to work as the server agent of the corporate client computers within the local networks.

Security Policy

Lastly, to support the protection of the corporate network against any types of network security attacks, the development of the security policies is very essential and also enforcement the policies to the entire employee as the way the employee work is also important. See also the management of information security here.

By having the secured firewalls with strong policies in each of the entry point of the internet, the deployment of the corporate antivirus and the security policies enforced to the entire employee, the corporate networks will be well protected against any types of network security attacks.

By Ki Grinsing

See also:

Share
April 1st, 2010 | Tags: | Category: Network Security

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>