Whenever you are connected to internet or to a network, you are always at the risk to be attacked beacuse of your weak security policies. Every year companies spent lot to keep there network safe from crackers. Some of the main attacks that are noticed in the recent past are:
Unauthorized Access
The ultimate aim of any network security attack is to either deprive you of use of your system or more commonly to give at least partial control of your system to the cracker. Most systems rely on a very simple mechanism to keep intruders at bay. The good old username & password are used very widely. The main problem with passwords is that we’re only human. We like nice, easy to understand passwords we won’t forget. As the number of passwords we are expected to remember rises (I’ve never counted, but I bet I need to remember at least 30 passwords) the human desire to have memorable passwords becomes even more imperative. That’s all well and good except for the fact that what is easy to remember for us is also easy to crack.
There are loads of programs that have been produced to crack passwords using the ’brute force’ method. A bad password on a Microsoft Windows system can be cracked in less than a second. Worse still, some systems send passwords over the network as clear text. There are plenty of tools available to collect those too. Once a user name & password have been obtained the system treats the cracker just like an authorized user would be.
Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.
The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).
The new version of DoS attacks is called distributed denial-of-service (DDoS). This attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
Worms & Trojans
One of the main aims of an unauthorized access attack is to install a software program on the target system. The worm will then hide its presence from the administrator of the system for as long as possible. The worm will perform whatever instructions given to it by the cracker. Some worms can even be connected to after installation and given new instructions. Generally, a worm is used during DoS attacks targeting a system of the crackers choosing. Sometimes groups of crackers will cooperate to target a common enemy.
A person has found a worm on his machine at home. He had a firewall installed and anti-virus software and yet the worm somehow went undetected. For a less technical user the worm may well have gone undetected for some time. A common method of infection is visiting websites that are, how can I put this subtly, places you wouldn’t care to show your mother. Another common method is via an infected email. There are vast databases of email addresses shared by crackers, many are scraped from websites. Others are generated by sending semi-random emails to services like hotmail. When an email hits a real inbox the spammers or crackers can detect it and add it to their email list.
Email Based Network Security Attacks
Email has been broken pretty much from the beginning of the commercial Internet. That we have gone for more than a decade with such a broken system at the core of the Internet I find quite baffling. But, whatever the whys and wherefores, it is a fact. As a network manager you’ve got to deal with the world as it exists now, not how it should be. Of all the network security attacks I deal with, email is by far the biggest time waster. I suspect that I am far from alone.
The main network security attack that can be perpetrated via email is to use email as a vehicle by which worms can be carried into the very heart of your network. How else can a cracker have their software executed on, potentially, thousands of machines behind all of the perimeter defences erected by a company?
The fact that email is used as a means to access the very heart of a network explains why it is so popular as a means for network security attacks.
No comments:
Post a Comment