Lisa Bock discusses common network attacks, such as passive attacks that include traffic sniffing reconnaissance, along with active attacks such as releasing malware or creating a denial of service.
- [Narrator] The two main types of attacks in a computer system, are passive, such as sniffing traffic, and active, such as releasing malware or creating a denial of service. An attack can be against any of the security services such as confidentiality, integrity, availability, or authentication. Let's look at these. Confidentiality is the protection of data against unauthorized disclosure.
For example, if you're in a medical facility you wouldn't want unauthorized individuals looking at patient information. Integrity is protection of data from unauthorized modification. For example, if someone changed his or her salary from $12 an hour to $20 an hour, that would be a violation of integrity. Availability is ensuring data and services are available to authorized users.
A denial of service attack locks out legitimate users, and it's an attack against availability. Authentication is assurance that the communicating entity is who they say they are, by verifying the identity of a user or device. Hackers use various spoofing methods to gain access to privileged information. Defend against spoofing attacks by using authentication techniques.
Passive attacks include something that you might not think is dangerous, such as eavesdropping using traffic analysis or tapping, which uses a network adapter card in promiscuous mode to capture all network packets on the local area network and examine the contents. Passive attacks include a more aggressive form of an attack called a reconnaissance attack. In this case an attacker is trying to find out information about the network.
Scanning techniques can vary, but there are some common scans, and each has a different objective. Most likely an attacker will do a ping sweep, which is a set of ICMP echo packets that are sent to a network of machines that are usually specified within a range of IP addresses to see which ones will respond and are alive. After the attacker determines which ones are alive and responding, the attacker will then do a port scan which identifies TCP and UDP ports on a live target system looking for services along with potential vulnerabilities.
Once identified, the intruder can plan an attack on any weak services that he or she finds. Passive attacks are hard to detect. Someone may be monitoring transmissions and possibly capturing authentication information such as user names and passwords or router advertisements. This can result in the disclosure of information to an attacker without the consent or knowledge of the user.
Active attacks include when an attacker tries to break in and possibly alter the integrity of the system by stealing or modifying information, or introducing malicious code such as viruses, worms or Trojan horse. Denial of service is an attack against availability which sends out multiple requests to a system in an effort to interrupt or suspend services to legitimate users. A simple denial of service attack is not effective.
A distributed denial of service attack is more effective as it uses armies or botnets to launch a more effective attack. Both can result in the system being overwhelmed and crashing, or consuming all resources such as processing, memory or bandwidth. In a buffer overflow, the attacker sends out more information to an application than is expected. Buffers can hold a finite amount of data.
The extra information can overflow and overwrite into adjacent buffers. Buffer overflows are common, as programmers fail to check and validate his or her source code. And damage can range from unexpected errors to very bad results such as a hacker gaining administrative access to the system and executing malicious code. In a password attack, this is where an attacker tries to obtain the password stored in a network account database or password-protected file.
Password attacks can use brute-force attack methods, rainbow table attacks or packet sniffers. With passive attacks, use prevention and detection. In the case of prevention, we'd want to use encryption. By using encryption, if someone were to capture the data, they couldn't read it unless they had a key. And detection, use intrusion detection systems to monitor for ping sweeps and port scans.
With active attacks, defend against active attacks by using encryption whether the data is at rest or in motion. If someone were able to obtain the data, they couldn't read it unless they had a key. And policies, this may be as simple as frequent changes of passwords and strength of passwords. Physical controls, these may be the most overlooked forms of security.
Controls include locks and smart cards. And device security such as intrusion detection systems, intrusion prevention systems, firewalls, and switch port security. To reduce the overall risk to a network, security specialists should not only understand vulnerability scanning, but ethical hacking skills as well. On any network, there are passive and active attacks.
We see on a daily basis there are many active attacks as we can see in this live attack map. Here you can see by going to each country some information. Stats where we can see some infecting malware types, and average infection rate. Attacks are a possible threat against your security's infrastructure. Monitor and defend against attacks in a layered approach with various methods.
- Security principles and terms
- SIEM technology
- Common security threats
- Social engineering
- Data loss prevention
- Cryptographic concepts
- Symmetric and asymmetric encryption
- Hash algorithms
- Network topologies, CAN, WAN, and SOHO
- Securing a virtual environment