The document discusses various common computer network attacks and exploits. It provides descriptions of denial of service attacks, distributed denial of service attacks, backdoors, spoofing, man-in-the-middle attacks, replay attacks, session hijacking, DNS poisoning, password guessing, software exploits, war dialing, war driving, buffer overflows, SYN floods, ICMP floods, UDP floods, smurfing, sniffing, ping of death attacks and more. It also discusses implementing network security through identifying assets, threats, risk assessment, security policies, technical implementation, auditing and continuous improvement.
1. Computer Network Security 1
Common attacks and Exploits
Denial of Service (Dos)
Distributed Denial of Service (DDoS)
Back door
Spoofing
Man in the middle
Replay
Session hijacking
DNS poisoning
Password guessing
Software exploitation
2. Computer Network Security 2
Common attacks and Exploits
War dialing
War driving
Buffer overflow
SYN flood
ICMP flood
UDP flood
Smurfing
Sniffing
Ping of death
3. Computer Network Security 3
Common attacks and Exploits
Denial of Service (DoS)
A denial of service attack causes disruption of service to
legitimate users.
For example, causing a web server to overload, due to
which browsers would be unable to view the websites on
that web server, or overloading a file server so that users
are unable to access their home folders.
Work by:
Resource exhaustion
Application or OS crash
4. Computer Network Security 4
Common attacks and Exploits
Distributed Denial of Service (DDoS)
A distributed denial of service attack is when
several machines taken over by an attacker launch
a coordinated denial of service attack against a
common target to achieve a far greater impact.
These are compromised machines.
See http://grc.com/dos/grcdos.htm for a good
example of this type of attack.
5. Computer Network Security 5
Common attacks and Exploits
Back door
A backdoor is an opening in a software which allows entry
into the system/application without the knowledge of the
owner.
Backdoors are sometimes left by the developer
intentionally, and sometimes exist by virtue of bad
programming logic and practices.
Spoofing
Some communication protocols use a host’s IP address as
a trust and authentication mechanism.
An attacker may forge the IP address of a trusted host to
fool the target into trusting the attacker’s machine
6. Computer Network Security 6
Common attacks and Exploits
Man in the middle
Man in the middle attacks are launched by placing oneself in the
middle of a communication session, so as to intercept the traffic.
The attacker may merely passively listen in on the conversation or
may introduce other information into the traffic.
Replay
The attacker uses a packet sniffer to capture packets on the wire and
extracting information from them.
For example, username and passwords, and later placing the same
information back on the wire so as to have the target believe that it is a
new legitimate session.
Session hijacking
This is when an attacker takes over a communication session between
two hosts.
7. Computer Network Security 7
Common attacks and Exploits
DNS poisoning
Wrong information may be added to your DNS files. Your host will be
directed to the wrong direction due to DNS poisoning.
Password guessing
Password guessing is an attack on the authentication credentials on
any system.
One form of password guessing is brute force attacks in which an
attacker uses every single possible key to try and crack the passwords.
In another form, known as dictionary attack, all words in a dictionary
file are tried as passwords.
Software exploitation
These are attacks against a system’s software bugs or flawed code.
8. Computer Network Security 8
Common attacks and Exploits
War dialing
In order to gain access into a network, the organization’s range of
PBX numbers is used as input to a war dialer program, which dials all
those phone numbers using a modem, and logs whether or not the call
was answered by a modem.
War driving
These are attacks against wireless networks, which work by passing
from outside the building with a wireless Ethernet card in promiscuous
mode.
Buffer overflow
Buffer overflow attacks are due to poorly written code which does not
check the length of variable arguments.
9. Computer Network Security 9
Common attacks and Exploits
SYN flood
Occurs when a network becomes so overwhelmed by SYN packets
initiating incomplete connection requests that it can no longer process
legitimate connection request causing high CPU, memory, and NIC
usage.
ICMP flood
An ICMP flood occurs when ICMP pings overload a system with so
many echo requests that the system expends all its resources
responding until it can no longer process valid network traffic.
UDP flood
Similar to the ICMP flood, UDP flooding occurs when UDP packets
are sent with the purpose of slowing down the system to the point that
it can no longer handle valid connections.
10. Computer Network Security 10
Common attacks and Exploits
Smurfing
An ICMP echo request is sent to a network’s broadcast
address with a spoofed source IP address.
The spoofed machine is then overwhelmed with a large
number of echo replies.
Sniffing
Sniffing uses protocol analyzers or packet sniffers to
capture network traffic for passwords or other data.
Ping of death
Ping of death attack uses oversized ICMP echo requests to
a hosts in an attempt to crash it.
12. Computer Network Security 12
Security implementation
Identify what you are trying to protect.
Determine what you are trying to protect them
from.
Determine how likely the threats are.
Implement steps that protect your assets in a cost
effective manner
Review the process continuously making
improvements when you find a weakness
13. Computer Network Security 13
Assets needing to be protected
Physical resources
Intellectual resources
Time resources
Perception resources
14. Computer Network Security 14
Physical resources
Anything that has a physical form
Routers, hubs, switches, servers etc
15. Computer Network Security 15
Intellectual resources
Sometimes harder to identify
Exist in electronic form only
Any information that plays a vital role in
your organization’s business
Software, financial records, database
records, schematics, emails etc
16. Computer Network Security 16
Time resources
An important resources which is overlooked
quite often in a risk analysis.
To evaluate what lost time costs your
organization, make sure to include all
consequences of lost time
17. Computer Network Security 17
Perception resources
Risk of damage to perception is the cause of
significant trouble
Following the DoS attacks of February
2000, the stock prices of the affected
companies fell
Following breach of Microsoft’s system
followed speculation about the credibility of
products
18. Computer Network Security 18
Sources to protect from
Internal network
Access from field offices
Access from WAN link to the business
partners
Access through the Internet
Access through modem pools
19. Computer Network Security 19
Internal systems
A vast majority of attacks originate from
within the organization
Using firewalls protects from external
threats, but it is still the employees that are
responsible for the greatest amount of
damage or compromise of data, because
they have the insider’s view of how your
network operates
20. Computer Network Security 20
Internal attacks
Disgruntled employee or ex-employee
Not so computer literate management with
access privileges
A company’s CEO insisted on having
administrative privileges on the NetWare
server and inadvertently deleted the cc:Mail
directory
21. Computer Network Security 21
External attacks
Competitors
Stealing designs, financial statements, making network resources
unavailable
Shorten development time
Equip their products with better features
Second lowest price website DoS
Militant viewpoints
If your organization has controversial viewpoints
High profile
An organization with high visibility is a good candidate for an attack
for merely the sake of notoriety or a wider audience
22. Computer Network Security 22
Threat assessment
Network security attacks are malicious or
unintentional attempts to use or modify
resources available through a network in a
way they were not intended to be used
The goal of network security is to protect its
assets from network attacks.
23. Computer Network Security 23
Network attack types
Unauthorized access to resources or
information through the use of a network
Unauthorized manipulation and alteration of
information on a network
Denial of service
24. Computer Network Security 24
Network security goals
Based on the three types of attacks, the
goals of network security are to:
Ascertain data confidentiality
Maintain data integrity
Maintain data availability
25. Computer Network Security 25
Risk assessment
After threat identification, the likelihood must be
determined
Security is expensive
It is not feasible to protect against all types of
attacks
It is wise to protect against the most likely threats
Two things are important in risk assessment:
The likelihood of a particular attack against the
resource.
The cost in terms of damages to the network in case of
a successful attack
26. Computer Network Security 26
Risk assessment
It is often useful to divide the risk analysis into three
categories:
Confidentiality
Integrity
Availability
If an asset’s availability is critical and the likelihood of an
attack is high, the asset’s risk level can be considered high
e.g., a high visibility web server is a high risk asset in
terms of availability
An FTP server used internally, which is not visible from
the outside has a lower risk level in terms of availability
but a high risk level in terms of confidentiality
Note that all risk assessments are relative
27. Computer Network Security 27
Network security policy
Having determined the risk level of various assets, the next
step is to formulate a security policy
A security policy must prioritize mitigation of threats
against high risk assets and then spend the rest of its
resources to protecting the lower risk assets
Defines a framework for protecting the assets connected to
a network
Defines access rules and limitations for accessing various
assets
A source of information for users and administrators as
they:
Setup, Use and Audit the network
28. Computer Network Security 28
Network security policy
Should be broad and general in scope
Provide a high level view of the principles on which
security related decisions should be taken
Should not go into the details of how security is to be
implemented
The details can change overnight, but the general
principles of what these details are trying to achieve
should remain the same
Roles played by the policy:
Clarify what is being protected and why
State who is responsible for providing the protection
Provide grounds on which to interpret and resolve any future
conflicts
29. Computer Network Security 29
Network security policy
The first point is an offshoot of the asset identification and
risk analysis
Those responsible for the protection can be one or more of
the following:
Users
Administrators and managers
Network usage auditors
Managers who have overall ownership of the network and its
associate resources
The third point places responsibility on shoulders of a
particular person to resolve any conflicts
A network policy should be such that it can be
implemented using existing technology, it shouldn’t
contain elements that are not technically enforceable
30. Computer Network Security 30
Network security policy
In terms of ease of use there are two types of
network security policies:
Permissive: that which is not expressly prohibited is
allowed
Restrictive: that which is not expressly allowed is
prohibited
It is better to have a restrictive policy and then
based on usage open it up for legitimate uses
A permissive policy will have holes in it no matter
how hard you try to plug all holes
31. Computer Network Security 31
Network security policy
A security policy must balance:
Ease of use
Network performance
Security aspects
An overly restrictive policy costs more than a
slightly more lenient one might make up for it in
terms of performance gains
Minimum security requirements as identified by
risk analysis must be met for a security policy to
be practical.
32. Computer Network Security 32
Implementation
Implementation of Network security
involves technical and non-technical
aspects
It is important to come up with a design
agreeable for all involved parties
The following points must be kept in mind
before implementation:
All stakeholders (including users and
management) must agree on the policy
33. Computer Network Security 33
Implementation
It is crucial to educate all parties including
management on why security is necessary. This
education must continue in case of newcomers
Management and financial people must be
educated about the cost and risk analysis
because security is expensive and is not a one-
time expense
Responsibilities of people and their reporting
relationship must be clearly defined
34. Computer Network Security 34
Implementation
The next step is network security design
Translate security policy into procedures
which are usually laid out tasks that must be
completed to implement the security policy
Execution of these procedures results in a
network design that can be implemented
using various devices
35. Computer Network Security 35
Implementation
The following are components of network
security design:
Device security features such as administrative
password
Firewalls
Remote access VPN concentrators
Intrusion detection
Access control and limiting mechanisms
36. Computer Network Security 36
Audit and improvement
It is important to continually analyze, test and
improve the security policy after implementation
This can be done through:
Formal security audits
Day-to-day checks based on operational measurements
Audits can also be done using automated tools
An important purpose of audits is to keep the users
aware of implications of their actions
37. Computer Network Security 37
Audit and improvement
Can help identify bad user habits
There should be schedule and random audits
A random audit will help:
Catch the organization with its guards down
Reveal weakness during maintenance etc
If the audit reveals technical issues, they can be
fixed by technical means
Other issues can be addressed by user education
programs
38. Computer Network Security 38
Audit and improvement
Education programs should not go into
minute details, but focus on the goals of the
policy and how the user can help in its
implementation
Using examples of what they did wrong
would cause the users to think that they can
not do any wrong unless they are caught
doing wrong