Cisco Security: What You Need to Know About Network Attacks
I’ve already introduced you to some of the most common network attacks like the IP address sweep, port scanning, and IP spoofing.
I have also recently covered the ping of death and other network attacks, including the SYN flood, UDP flood, ICMP flood and the teardrop attack.
Now that we have the basic Denial of Service Attacks (aka DoS attacks) and the Reconnaissance Attacks out of the way, let’s talk about other types of network attacks.
Today I’ll focus on:
- Access Attacks
- Worms, Viruses and Trojan Horse attacks
- Application Layer Attacks
I hope that this article, along with my previous ones, will shed some light on vulnerabilities in security and help you with your concerns regarding your network’s security needs. It may even inspire you to get your CCNA Security Certification.
Access attacks are performed by intruders that illegally gain access to account databases and any other type of personal and confidential information. In order to achieve their destructive intentions, access attackers try to “dig” in well known “holes” of all basic text messages that might occur during an FTP or web service.
Keep in mind that not all attackers originate from the outside world. A lot of intrusion incidents have been reported as jobs from within the organization. So don’t think that all attackers have to first overcome the constraints of accessing the system’s boundary.
They may already be logged into the system. They may be the people sitting right next to you, sharing the same resources, asking you for advice.
The main types of access attacks are:
- Password attacks
- Port redirection
- Man-in-the-middle attacks
Let’s examine each one of these malicious attacks in more detail.
• Brute-Force Attacks
The attacker is repeatedly trying to guess the administrator’s password with the help of sophisticated software that uses time-consuming, advanced computational methods to compute the encrypted password.
The end result is that the attacker equipped with the decrypted administrator password is now capable of fulfilling all of his malicious plans.
• Port Redirection
IP redirected traffic has been always a security headache. An attacker that is familiar with the network of the victim could install a special application on a user’s computer that could redirect traffic towards a specific user via the hacked user. This is accomplished without violating firewall rules in the network.
• Man-In-The-Middle Attack
This type of attack can be implemented when someone working for your ISP gains access to all the traffic that originated from your network towards any other network. And if you didn’t implement security protocols, then the attacker could examine and analyze your traffic in order to obtain information regarding your network and users in it.
But that’s not all the attacker is capable of. Corruption of transmitted data is something even worst, and the attacker can even alter your data.
In my opinion, password attacks are extremely dangerous. They’re all about obtaining a user account password, and having the password at hand the attacker can invade the system pretending to be an authorized user and cause catastrophic effects on the system’s operations.
I have a few suggestions for minimizing the chances of being exposed to these types of attackers. But before we move on to that, let’s take a look at more network attacks — worms, viruses and Trojan horse attacks.
Worms, Viruses and Trojan Horse Attacks
Last year I wrote an article on the best ways to battle viruses, worms and Trojan horse attacks so if you’re not familiar with these types of network attacks, take a look at the article now.
What you need to remember about viruses and Trojan horses is that they can be effectively eliminated with the use of an up-to-date antivirus system, or even better by implementing a host-based intrusion prevention system (HIPS) like Cisco’s Security Agents (CSAs). CSAs is a specialized software that monitors all kinds of activity performed on a given host and protects the host by implementing a state of the art antivirus and network firewall.
Application Layer Attacks
Unfortunately, application layer attacks cannot be completely eliminated. More and more application vulnerabilities are constantly being discovered, which in turn provides more and more harmful capabilities to attackers.
Application layer attacks are actually like any other attack on your network. The purpose of this attack does not differ from others; it’s nothing more than exploiting the network of the victim, acquiring access and performing malicious plans on the system.
What actually differs is the method of performing the attack. Attackers try to take advantage of well-known application vulnerabilities like for example sendmail or FTP.
More and more software weaknesses are discovered. The software production companies take correction measures against these weaknesses but unfortunately the evil mind of an attacker is always capable of discovering fresh new software malfunctions.
5 Network Security Tips To Live By
Do you think that danger is all around your network? Do you feel that you are about to be the next victim of an attackers malicious plot? Do you fully understand the consequences of overlooking your network’s security needs?
I hope you will take this article along with all other security related articles really seriously for the sake of your network and your career. I would like to close this article with a quick reminder about all those little things that MUST be followed if you want to be able to sleep peacefully at night and your network to operate safely.
- ALWAYS keep your operating system and antivirus software up-to-date
- Keep your eyes open — make sure that you’re aware of the newly discovered vulnerabilities and don’t hesitate to request advice and guidance from others
- Pay attention to your system — observe and analyze your system’s log files (operating system logs, network device logs etc) on a daily basis
- Don’t use plain text passwords — encrypt your passwords where possible using strong encryption algorithms and keep your passwords safe. If you need to have them in an electronic file or even on a piece of paper make sure you keep them in a safe place, somewhere where only you have access to.
- Set appropriate policies to both host computers and network devices to lock login accounts after 3 consecutive unsuccessful login attempts. This way you eliminate the chance of having someone continuously try to resolve the password.
If you have any good tips for securing your network share them in the comments.