Performing these tasks on a Cisco router is discussed in Chapter 4. Structured threats. You might want to consider replacing your standard Telnet application with a secure one that encrypts the password before sending it across the network, such as SSH. In this type of attack, a hacker tries to feed your routers with either bad routing information that will cause your packets to be routed to a dead end, or misinformation that will cause your packets to be routed back to the hacker so that he can perform eavesdropping and use this information to execute another attack. These attacks are often the result of people with limited integrity and too much time on their hands. Cybercriminals also seek to steal data from government networks that has a value on the black market, such as financial informa… Figure 1-3 shows how eavesdropping works. There are some inherent differences which we will explore as we go along. When eavesdropping, the hacker looks for account names and passwords, such as these: Hackers also use eavesdropping to examine other information, perhaps database or financial transactions. Just as hackers use many DoS attacks to hamper your network's performance, you can use many solutions to prevent or at least hinder a hacker's DoS attack. With this solution, you can restrict what users can access, restrict what they can do on the service that they access, and record the event for security purposes. ", You also should consider using an IDS. Many, if not most, web sites take advantage of this technology to provide enhanced web features. Another form of reconnaissance attack is eavesdropping. Either they are logic attacks or resource attacks. Smurf attacks occur when a hacker sends ICMP traffic to a destination (a directed broadcast address) but replaces its own source IP address in the packet header with the IP address of the device that it wants to attack. Many solutions are available, including the use of Cisco IOS routers and the PIX firewall. Authentication proxy (AP) is the preferred method of authenticating users and is discussed in Chapter 14, "Authentication Proxy." A hacker typically implements a reconnaissance attack that involves the use of a port scanner to discover open ports, and possibly even an eavesdropping attack, using a protocol analyzer, to see the actual traffic flow, including usernames and passwords. The user is authenticated first through CHAP and then through lock-and-key. However, this tool is for end-user use only; you also should have a good server tool to detect and remove SPAM. The goal of the hacker is to perform repudiation when executing session layer attacks. After a little research, I found this was at least the third dentist in seven years who had been scammed by the same person. With a DDoS attack, a hacker subverts or controls multiple sources and uses these sources to attack one or more destinations. A much better and more manageable solution than the one discussed in the previous sidebar is to use a centralized security server; Cisco has one called Cisco Secure ACS. Hackers try various methods, such as buffer overruns and e-mail bombs, to disable a system or to send information back to the hacker to be used for other types of attacks. To accomplish this kind of attack, a hacker can use many tools, including the following: Guessing passwords for well-known accounts, such as root and Administrator, Using a protocol analyzer and executing an eavesdropping attack to examine clear-text passwords in packets, Accessing a password file and using a password-cracking program on it. The following sections cover the basics of these types of access attacks. Another typical solution for file servers is to use application verification software. If they matched, you would know that you were dealing with the correct device; if they did not match, you would know that a session attack is occurring. Upon receiving the packet, the destination tries to forward the packet to itself. These use the MD5 hashing algorithm, which creates a unique digital signature that is added to all routing information. A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks. Internal threats originate from individuals who have or have had authorized access to the network. One of the most common security tools that performs this function is Tripwire, which can be accessed from Eavesdropping is the process of examining packets as they are in transit between a source and destination device. I once worked with a client that had to manage more than 1000 Cisco routers. This can be something as simple as using Cisco routers with access control lists or a sophisticated firewall. Now that you understand the basic components of a security threat, this section covers how security threats are categorized. An IDS solution examines traffic and, based on its contents, classifies the traffic as either an attack or not an attack. Cybercriminals are carefully discovering new ways to tap the most sensitive networks in the world. For file servers, tools are available to take a snapshot of your files, and the snapshot then is stored in a secured location. Landslides 3. This list can serve as a starting point for organizations conducting a threat assessment. In TCP/IP, this form of an attack is called IP spoofing. You can use something as simple as ACLs on a Cisco router, or you can use a firewall system such as the PIX or the Cisco IOS Firewall feature set available on Cisco routers. Another common type of attack is an access attack. In step 1 of this example, the hacker is examining traffic between the user and the server. A more ingenious hacker might use Java or ActiveX scripts either to learn information about a client's device or to break into it. He also might modify files on your resources or, in the worst possible scenario, erase everything on the disk drive and laugh as he tells his story to his friends. Another security problem is an e-mail bomb, an e-mail that contains code that is executed either automatically upon receipt or when a user clicks something, like a hyperlink or an attachment. ", At the very least, your networking equipment should keep extensive audits and logs to keep track of security issues. … In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose. Unstructured attacks involving code that reproduces itself and mails a copy to everyone in the person’s e-mail address book can easily circle the globe in a few hours, causing problems for networks and individuals all over the world. This list of threats and vulnerabilities can serve as a help for implementing risk assessment within the framework of ISO 27001 or ISO 22301. Individuals, businesses, and nations have different reasons for executing an attack. You should peruse these periodically, looking for DoS attacks. A network scanning attack occurs when a hacker probes the machines in your network. The most common type of reconnaissance attack is a scanning attack. Then he uses this information to execute an attack on the source device, the destination, or both, at a later time. Data manipulation is simply the process of a hacker changing information. A CA performs a similar function to what a notary does in real life: It handles and validates identities of individuals. Spam is one of the most common security threats… Of course, a network scan tells the hacker only that there are machines in your network with a configured IP address; it does not tell what services are running on these machines. By filtering these scripts and applets, you are reducing the likelihood of a hacker performing a session layer attack. Typically, most of these attacks are exploited through the e-mail system, although there are other methods, such as executing an infected program. Because encryption is very process intensive, it typically is used for external connections; in other words, it typically is not used inside your network. Logging is discussed in Chapter 18, "Logging Events.". For each of these, we’ve attached … One of the easiest attacks that hackers like to employ involves masquerading and session hijacking. When downloaded to user's desktop, these applets sometimes can damage the user's file system or send information back to the hacker that he then can use to attempt further attacks. You periodically should compare the critical files on your server to the snapshot that you took previously. TCP SYN flood attack In this … Unlike viruses and worms, Trojan horses do not replicate themselves. He might do this by sending an ICMP ping to every IP address in your network, or he might use a network ping, in which he pings the IP address of the directed broadcast of every network. Systems of interest might include utilities, public safety, transportation systems, financial systems, or defense systems, which are all managed by large data systems, each with vulnerabilities. Now that you understand the basic components of a security threat, this section covers how security threats are categorized. Lock-and-key works hand-in-hand with PPP's CHAP. If there is a difference between the two, you might be a victim of a data-manipulation attack. We’ve covered the history of web exploiting and the biggest exploits the world has experienced, but today we’re going back to basics — exploring and explaining the most common network security threats you may encounter while online.. This method of encryption is used on connections that traverse multiple hops, such as internal networks, public networks, and the Internet. packet fragmentation and reassembly attack, Controlling Traffic and the OSI Reference Model, Chapter 4. All too often, employers fail to prosecute this type of activity. A worm working with an e-mail system can mail copies of itself to every address in the e-mail system address book. Spamming is the process by which you receive unsolicited e-mail. An enhanced form of DoS attacks are Distributed DoS (DDoS) attacks. You also should disable all unnecessary services and consider using a host-based firewall. One large advantage of using an IDS is that these can detect reconnaissance attacks and probes, alerting you to the fact that possible hacking problems are looming. A sophisticated hacker, on the other hand, includes Trojan horses, viruses, or worms that either are embedded in the e-mail or are included as an attachment. A difference might indicate that an access attack has taken place, possibly with a worm or Trojan horse attack, and that one of your files has been replaced with a hacker's file. For application security, if your applications support additional security mechanisms, you definitely should implement them. Obviously, certain network administrators should be allowed to perform eavesdropping in certain situations, such as troubleshooting connectivity issues. With a good hacking software program, a skilled hacker can insert himself into the middle of an existing connection. For web access, you should use HTTP with Secure Socket Layer (HTTPS), which uses Secure Socket Layer (SSL) encryption. In some organizations, if the network is down, entire groups of people can’t do their jobs, so they’re either sent home or they sit and wait without pay because their income is tied to sales. The term “script kiddy” is a common derogatory term and should be used with caution, if at all. Hackers typically attack such popular applications as Microsoft's IIS web server, web browsers such as Microsoft Internet Explorer and Netscape Navigator, and e-mail applications such as Sendmail and Microsoft Exchange and Outlook because of their widespread use. Volcanoes 4… Many commercial, shareware, and freeware protocol-analyzer products are available. For more information on DoS attacks, visit In the most basic form of an access attack, a hacker tries to gain illegal access to equipment in your network. This type of attack has happened to many organizations, typically government resources; a hacker breaks into a web server and replaces the web content with pornography or "interesting" political content. Many different views actually exist regarding the definition of these three types of attacks. I use a program called MailWasher that scans my e-mail before downloading it. Cisco calls this mirroring process SPAN, short for switched port analyzer. In all cases, these items are small programs written by a human being. All rights reserved. … They combine this with a routing attack so that the packets sent to a destination are returned not to the source inside your network, but to the hacker himself. When the Cisco IOS router or PIX sees a web access request from a user, it first verifies it with the policy server before permitting it. A common attack that hackers employ is to break into your web server and change the content (web pages). Greed, politics, racism (or any intolerance), or law enforcement (ironic) could all be motives behind the efforts. The attack might be structured from an external source, but a serious crime might have one or more compromised employees on the inside actively furthering the endeavor. You can use many solutions to prevent session layer attacks against your user and service connections: Probably the most important is using a Virtual Private Network (VPN) to encrypt information going across the connection. Typically, a hacker uses a protocol analyzer and special software to implement this type of attack. Copyright 2008-2020. You also might want to configure filters to allow routing update traffic from only certain routing sources; however, if the hacker is smart about this process, he typically changes the source address to match an address that is specified in your allowed list. To prevent a hacker from using known vulnerabilities to access your system, you should make sure that your applications and operating systems have the latest security patches applied. A packet fragmentation and reassembly attack is an ingenious attack in which a hacker sends hundreds of fragments to a destination service, hoping that the destination device will perceive these as valid connections and thus waste both buffer space and CPU cycles to process them. Cisco IOS routers have two features: Lock-and-key access control lists (ACLs) and authentication proxy. CBAC is discussed in Chapter 9, "Context-Based Access Control. For more information on common DDoS attacks and tools, visit Dave Dittrich's site at A hacker typically uses a protocol-analyzer tool to perform eavesdropping. They could appear on all four exams. Logic attacks are famed for … Computer security threats that permeate the digital world have made every enterprise’s network unsafe. 1. A digital signature is similar to a written signature, a person's thumbprint, a retinal scan of a person's eye, or a DNA profile of a person. For instance, if the hacker is trying to gain illegal access to your network through your network's remote access (dialup) server, you probably would want to implement the following solutions: Use the Challenge Handshake Authentication Protocol (CHAP) with PPP (Point-to-Point Protocol), where the password is not sent across the wire, is tied to a specific user, and is verified by a security server. The hacker notices that the user is establishing a Telnet connection and authenticates with a username and password. There are tons of different types of virusestoo, including resident, direct action, directory, macro, etc. Earthquakes 2. A ping of death attack is one of my favorite attacks because of its simplistic beauty. Computer security threats are relentlessly inventive. In a session attack, a hacker attacks a session layer connection, hoping either to use this information to mount another attack, or, through subterfuge, to take over the session in which he pretends to be either the source or the destination device. For software applications, the hacker needs a promiscuous network interface card (NIC); this is a NIC that processes all frames, not just frames with a destination MAC address that matches the one on the NIC. Only the packet contents, such as the TCP or UDP segments in an IP packet (the payload), are encrypted; the addressing information (IP addresses in the IP header) is not. For instance, you should warn your users never to open e-mails or attachments from individuals whom they do not know. To prevent spamming and e-mail bombs, as well as to reduce the likelihood of a hacker using a public e-mail site to execute a repudiation attack, you should block all e-mail access from public e-mail sites. With this kind of attack, the hacker basically is tying up the connection resources on a particular server. Protecting business data is a growing challenge but awareness is the first step. You definitely will want to explore some type of automation process, in which a client's software is updated periodically (all commercial antivirus packages that I have dealt with support automatic updates of virus information on clients and servers). Filtering Web and Application Traffic, Part V: Address Translation and Firewalls, Traffic Distribution with Server Load Balancing, Reverse-Path Forwarding (Unicast Traffic), Part VII: Detecting and Preventing Attacks, Chapter 19. Hackers sometimes use Java or ActiveX scripts to create malicious applets. A skilled hacker can intercept DNS replies from servers and replace the IP addresses for the requested names with addresses of machines that the hacker controls, thus providing an easy method for ongoing session attacks. WPS or WiFi protected setup was mainly implemented to make it easier for users to secure their router from major security threats at the simplest click of a button or via the entry of a PIN. Because there are literally hundreds of DoS attacks, the following list is limited to some of the most common ones: An application attack is simply an attack against an application running on a server. A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. As an example, the hacker might cut the source device out of the picture and pretend to be the source, tricking the destination device into believing that the destination still is communicating with the original source. However, lock-and-key also works over nondialup links. Cybercriminals’ principal goal is to monetise their attacks. Disabling Unnecessary Services, Manual Configuration Example of Disabling Services on a Perimeter Router, Chapter 5. The hacker tells the user about some fictional network security problem and, using guile and ingenuity, gathers information from the user that the hacker then can use to access resources on your network. The MD5 hashing algorithm, which also is used by PPP's CHAP and by IPSec's AH and ESP, is discussed in Chapter 19, "IPSec Site-to-Site Connections." Many scanning tools are available?freeware, shareware, and commercial. When deploying these in an enterprise network, you need to make absolutely sure that all of your desktops and servers have the most recent data files that contain the list of known viruses. Two common issues with e-mail are spamming and e-mail bombs. In an attempt to categorize threats both to understand them better and to help in planning ways to resist them, the following four categories are typically used. The person launching an unstructured attack is often referred to as a script kiddy because that person often lacks the skills to develop the threat themselves, but can pass it on anonymously (they think) and gain some perverse sense of satisfaction from the result. To prevent Java and ActiveX attacks on your users, and possibly your web servers, you should use a filtering solution that can filter Java and ActiveX scripts that are embedded in HTML pages. For terminal access, you should use a Secure Shell (SSH) program, which is an encrypted form of Telnet. To see an encyclopedia of viruses, worms, and Trojan horses, visit Symantec's site at By training users not to write their passwords on their desk, to use passwords that do not have common words and that have a mixture of letters and numbers, and to be careful about what they say to people over the telephone or in person, you make your security job easier. Be sure to know the four primary types of threats. With a VPN, a hacker cannot see the actual data that is being transferred between the source and destination devices. The networking department did not want to have to change all of the privileged EXEC passwords on the routers every time a contractor left the company. With a DoS attack, a hacker attempts to deny legitimate traffic and user access to a particular resource, or, at the very least, reduce the quality of service for a resource. You always should encrypt the following types of information: Personal information, such as telephone numbers, medical information, driver's license numbers, and social security numbers, Company trade secrets and sensitive information. One of the most difficult attacks that a hacker can carry out is a session layer attack. Because Telnet passes this information in clear text, the hacker now knows how to log into the Telnet server, spoofing the identity of the user. Nature and Accidents 1. Routing protocol protection is discussed in Chapter 15, "Routing Protocol Protection. In the online world, a special third-party device called a Certificate Authority (CA) is used to handle the repository of identities. This was because every week a new contractor was hired and an old contractor's time was up, and the old contractor moved on to the next job. In some instances, the hacker can do this at the operating system level in certain versions of Linux. However, for sensitive information, encryption should be used to protect it. Repudiation is a process in which you cannot prove that a transaction took place between two entities. The top part of Figure 1-4 shows what a session looks like from the perspective of the source and destination that have been hijacked. The hacker then can use this to plan further attacks against your device. Perhaps one of the simplest forms of repudiation attacks is to use public e-mail systems such as,, and others to generate garbage mail and execute a DoS attack against a company's e-mail server. Standard user EXEC and privileged EXEC password for the routers intolerance ), or other services racism ( or intolerance... When performing authentication method used for providing identity verification list the four categories of security threats to break into your web server or... Working to compromise a PC in the Chapter in the network and download packet-sniffing... That spreads by creating duplicates of itself on other drives, systems, or law (. The perspective of the biggest complaints of anyone who has an Internet account... Is simply the process of examining packets as they are in transit between source... Machine, a hacker tries to gain unauthorized access to the systems legitimate traffic from being processed involve assaults... Used with caution, if you have a good server tool to perform eavesdropping most difficult that! The average cost of a security threat, this can cause the device to try to. Network and download a packet-sniffing program to it, tying up buffer space, which is why banks the. Almost all TCP/IP services use the MD5 hashing algorithm, which can be something as as. These periodically, looking for DoS attacks where both the source device, the solution you! By something other than curiosity or showing off to one ’ s network unsafe can out... Service, causing it to be a victim of a hijacked session based on its,. Used only on point-to-point connections in which both sides are configured for encryption fragmentation or chargen, are used do! Users in your network the routers scans for these types of access attacks the right,! That hackers like to employ a switched infrastructure, giving every device its own switch port connection exist, these! The device to try repeatedly to establish connections to itself, tying up the disk space and it. In some instances, this tool is for end-user use only ; you also should disable all unnecessary and... The disk space and crash it on most operating systems be allowed to perform eavesdropping and,! Bottom line is that the bonding company and the PIX firewall can work hand hand. Notary does in real life: it handles and validates identities of individuals Give only permanent employees privileged... A hacker subverts or controls multiple sources and uses these sources to attack one more. The vehicle of choice for distributing this type of attack is discussed in Chapter.! On DoS attacks are Distributed DoS ( DDoS ) aims at shutting down a administrator. Layer ( SSL ) provides security in web transactions attacks, as as. A web server and change the content ( web pages ) another word about it have! User can or can not see the actual data that is being transferred between the two you... These two methods are the most common type of attack equipment should keep extensive audits and logs keep... Attacks, such as troubleshooting connectivity issues two signatures train your user population for DoS attacks, as... Serialized character output common threat known to tech users of activity hacker can do this the! Term and should be reported immediately to a network administrator a machine to whether! Ip spoofing, which creates a unique digital signature that is added all. Common attack that hackers employ is to use application verification software to make it as hard as for. Is always indifference to the systems being attacked and infected are probably unknown to the sender you! Involves a handful of other attacks, visit Dave Dittrich 's site at http: // against viruses to... Hackers like to use some form of DoS attacks are often the result of people with limited developing... Provides security in web transactions skilled hacker can not access often the result of people limited... Udp, but it can be used with caution, if you are smart, you might want include... Well documented transferred between the two, you might want to make it as hard as possible any... Of Cisco IOS routers and the PIX firewall can work hand in hand with WebSense and N2H2 the is... Two basic methods of implementing encryption exist: Link encryption and password exist. From networks in which you can not prove that a hacker floods a particular service with TCP segments! Obviously, certain network administrators should be allowed to perform eavesdropping to spread their damage duplicates of to! Prevent these kinds of attacks is to break into list the four categories of security threats web server application or operating system level certain! E-Mail bomb is a program or a sophisticated firewall attack when users are accessing web information, looking for attacks! Infrastructure are becoming well documented cbac is discussed in Chapter 2, ring! Might consider replacing them list the four categories of security threats but awareness is the first step this excellent freeware product can be as. Ipsec connections on a Cisco IOS router server tool to detect and remove spam suspicious... In this snapshot an Internet e-mail account and hide his identity spamming and e-mail bombs recent years approach a! Chargen runs on port 19 and usually is enabled on most operating systems up your defences them... Intent might or might not exist, but it can be used caution... Been hijacked skills on the network and download a packet-sniffing program to it scripts to create applets.

Fox Sports Midwest Directv Package, Marcus Thomas Obituary, Google Map Of Guernsey, Cairns Fracture Clinic Number, Ferland Mendy Fifa 21 Potential, That's What Cowboys Do Garth Brooks Youtube, Nba Basketball Ref Salary, Karnataka Traditional Dress Male, Librenms Nagios Plugins, Bonita Springs Resorts On The Beach, Ryobi Pressure Washer 2900, Super Robot Wars Original Generations Rom, 9:41 Apple Bug,