As the internet evolves and computer networks become bigger and bigger, network security has become one of the most important factors for companies to consider. Big enterprises like Microsoft are designing and building software products that need to be protected against foreign attacks.
By increasing network security, you decrease the chance of privacy spoofing, identity or information theft and so on. Piracy is a big concern to enterprises that are victims of its effects.
Anything from software, music and movies to books, games, etc. are stolen and copied because security is breached by malicious individuals.
Because hacker tools have become more and more sophisticated, super-intelligence is no longer a requirement to hack someone’s computer or server. Of course, there are individuals that have developed sophisticated skills and know how to breach into a user’s privacy in several ways, but these types of individuals are less common than in the past.
Today, most malicious users do not possess a high level of programming skills and instead make use of tools available on the Internet. There are several stages that an attacker has to pass through to successfully carry out an attack.
What is a Hacker?
Originally, the term hacker defined an individual who possessed strong programing skills and was involved in developing new ways to protect networks against attacks. These days, a hacker is more commonly known as someone that uses computing skills to break into someone’s account or computer and compromise their private information. You’ve probably heard other terms that define such individuals like cracker, black hat, phreaker, spammer or phisher.
All these terms define a person that uses his or her computing skills to steal important data. These individuals use different techniques that define them as a malicious user. For example, a spammer is someone who uses email services to send malicious emails that often carry viruses. A phisher is an individual who’s specialized in duplicating real content like emails, websites or services, in order to trick a user into providing confidential information.
How Do Security Breaches Happen?
If someone can gain enough information and holds the necessary computing skills, he/she can compromise a company’s network security somewhat easily. Because network security is mitigated by humans, it is also often susceptible to human mistakes. Anything from misconfigured equipment or services to unsecured usernames and passwords can pose a real threat to network security. Some default security holes of Operating Systems, network devices or TCP/IP protocols can be used by hackers to gain access to network resources.
There are known attacks in which protocol’s weaknesses are exploited by attackers. Some of these protocols include SNMP, SMTP, HTTP, FTP or ICMP. It is important to update device’s firmware, install the latest OS security updates and change the default settings. Every company should implement a security policy where potential vulnerabilities are addressed and treated.
Network attacks are often caused by direct or indirect interaction of humans. There are many situations in which employees themselves pose the biggest threat to enterprises. Many times, employees will unintentionally install piracy software that is infected with viruses, worms or trojans. Other times, users may forget to secure their workstations, leaving them open as an easy target to potential attackers. And yet others may give sensitive information to outsiders, or even play a role in an important part of an attack. (Power Admin’s PA File Sight can help identify when sensitive or secure files have been accessed, deleted or copied to other drives.)
This is why a security policy should include internal and external threats. By gaining physical access to network devices, a user can extract important information from the company’s servers or storage devices. Such attacks depend on the hacker’s skills because without the proper tools, the success percentage is low. External attackers gain access to network resources through the internet, which is a very common way network security is compromised.
Types of Network Security Attacks
We can group network attacks by the skills possessed by the attacker. Based on these criteria we can divide attacks in two categories:
Unstructured – attacks made by unskilled hackers. Individuals behind these attacks use hacking tools available on the Internet and are often not aware of the environment they are attacking. These threats should not be neglected because they can expose precious information to malicious users.
Structured – attacks made by individuals who possess advanced computing skills. Such hackers are experts in exploiting system vulnerabilities. By gaining enough information about a company’s network, these individuals can create custom hacking tools to breach network security. Most structured attacks are done by individuals with good programming skills and a good understanding of operating systems, networking and so on.
Social engineering – another type of network attack. Malicious users take advantage of human’s credibility and often gain important information directly from their victims. They often call or send fraudulent emails to their victims pretending to be some other person entirely.
Phishing is a method that is pretty easy to implement by hackers. This paragraph from Wikipedia describes phishing attacks: “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. Entire sites are known to be duplicated by hackers in an attempt to steal precious information from users.
In today’s data networks there are many different types of attacks and each one requires special skills that hackers must poses in order to successfully crack into someone’s privacy:
Eavesdropping – is one of the common types of attacks. A malicious user can gain critical information from “listening” to network traffic. Because most communications are sent unencrypted, there are many cases in which traffic is susceptible to interception. The traffic can be analyzed using sniffing tools (also known as snooping) to read information as it is sent into the network. Wireless networks are more susceptible to interception than wired ones. Eavesdropping can be prevented by using encryption algorithms.
Dos and DDoS attacks (Denial of Service and Distributed Denial of Service attacks) – these attacks take advantage of network traffic to create abnormal behavior to network services or applications. Servers are often targeted and flooded with data until they become unreachable. Core network equipment can be blocked and thus prevent normal traffic from flowing into the network. Distributed denial of service attacks are more dangerous because attacks are made from multiple sources.
Password attacks – these attacks are based on cracking user or equipment passwords. They are one of the most feared network attacks because once a user is compromised, the whole network can be damaged, especially if we are talking about a domain user or network administrator.
Dictionary attacks use patterns to guess passwords in multiple attempts. Critical information can be gained by using a compromised username. This is one of the main reasons companies use strong passwords that are changed frequently.
Compromised-Key attack – by obtaining the private key of a sender, an attacker can decipher secured network traffic. This kind of attack is often hard to be carried out successfully because it requires good computing resources and skills.
Man-in-the-Middle attack – as the name implies, this attack is based on intercepting and modifying information between two transmitting nodes. A hacker can modify network routes to redirect traffic to its machine before it is carried out to the destination.
IP address spoofing – in this scenario hackers use spoofed IPs to impersonate a legitimate machine. The attacker can then modify packets making them look like legitimate traffic to the receiving network device.
Application-layer attacks – these attacks are based on cracking applications that run on servers or workstations. These types of attacks are common because there are many different applications that run on machines and are susceptible to attacks. Hackers use viruses, Trojans and worms to infect devices and gain important information.
Exploit attacks – these are usually made by individuals who possess strong computing skills and can take advantage of software bugs or misconfigurations. By having enough information of a specific software, hackers can “exploit” a particular problem and use it to gain access to private data.
These are the types of attacks that came to mind at the time of writing this blog post. If you think there are others that need to be mentioned here, don’t hesitate to leave a comment and share with us your knowledge. If you have enjoyed this article don’t forget to rate & share it to others. Enjoy your day and stay tuned for the following articles from PowerAdmin’s blog, Network Wrangler.
Author: Popescu Dan-Alexandru