In other words, it is used to uniquely identify the user. One often-neglected prevention method, but one that is easy to implement, is user training. packet fragmentation and reassembly attack, Controlling Traffic and the OSI Reference Model, Chapter 4. For internal security, you might want to include in your security policy a statement that prohibits eavesdropping, with severe penalties applied. A common attack that hackers employ is to break into your web server and change the content (web pages). VPNs, which are discussed in Part VIII, "Virtual Private Networks," allow you to use Data Encryption Standard (DES), 3DES, and AES encryption algorithms to protect your data. This client was using the standard user EXEC and privileged EXEC passwords on these devices for authentication. A sophisticated hacker even might be able to insert himself into the middle of the session, pretending to be the source to the real destination, and pretending to be the destination to the real source device. To find out what services are running on a machine, a hacker uses a port-scanning utility. A sophisticated hacker, on the other hand, includes Trojan horses, viruses, or worms that either are embedded in the e-mail or are included as an attachment. The attack might be structured from an external source, but a serious crime might have one or more compromised employees on the inside actively furthering the endeavor. Copyright eTutorials.org 2008-2020. Many different views actually exist regarding the definition of these three types of attacks. He might do this by sending an ICMP ping to every IP address in your network, or he might use a network ping, in which he pings the IP address of the directed broadcast of every network. Any suspicious e-mail should be reported immediately to a network administrator. All rights reserved. They aren’t alive and they can’t evolve spontaneously from nothing. This can be something as simple as using Cisco routers with access control lists or a sophisticated firewall. Of course, one of the most popular methods of dealing with these kinds of attacks is to deploy antivirus software. Spam is one of the most common security threats… Then he uses this information to execute an attack on the source device, the destination, or both, at a later time. CBAC is discussed in Chapter 9, "Context-Based Access Control. Data manipulation is simply the process of a hacker changing information. Cybercriminals also seek to steal data from government networks that has a value on the black market, such as financial informa… If there is a difference, the application alerts you to this. To carry out an IP spoofing attack, a hacker typically uses a software program that changes the source address of packets (and even the TCP sequence numbers for TCP segments). With a VPN, a hacker cannot see the actual data that is being transferred between the source and destination devices. According to the FBI guidelines for workplace security, you should always take special care to address any vulnerabilities pertaining to the internal as well as external threats to save millions of dollars as a business loss. A digital signature is similar to a written signature, a person's thumbprint, a retinal scan of a person's eye, or a DNA profile of a person. The most common type of reconnaissance attack is a scanning attack. They combine this with a routing attack so that the packets sent to a destination are returned not to the source inside your network, but to the hacker himself. The reasons range from fear of the activity becoming public knowledge to knowing that, quite often, record-keeping systems haven’t been developed either to provide adequate evidence or to prove that the transactions, no matter how ludicrous, weren’t authorized. An apparently useful or amusing program, possibly a game or screensaver, but in the background it could be performing other tasks, such as deleting or changing data, or capturing passwords or keystrokes. To see an encyclopedia of viruses, worms, and Trojan horses, visit Symantec's site at http://securityresponse.symantec.com/avcenter/vinfodb.html. The UK government, for example, estimates that as many as four out of ten firms in the country came under attack in 2018. The first step in any information security threat assessment is to brainstorm a list of threats. Threat can be anything that can take advantage of a vulnerability to breach security … Getting a free e-mail account from these systems is usually a simple process, with little identity proof required. So even if the hacker “thought” no one would be hurt, the result is often that they just beat some single parent or new hire out of a day’s pay. Another typical solution for file servers is to use application verification software. Cyberes… The uptake in online services means this form of crime can now be done on a much larger scale and foreign nationals as well as onshore criminals can defraud local authorities from outside the UK. Computer security threats are relentlessly inventive. A difference might indicate that an access attack has taken place, possibly with a worm or Trojan horse attack, and that one of your files has been replaced with a hacker's file. Many packages are available on the market, with the most popular being antivirus software packages from Network Associates and Norton (I use Norton on my PC). Chargen is a character generator that produces serialized character output. Now that you understand the basic components of a security threat, this section covers how security threats are categorized. Only the packet contents, such as the TCP or UDP segments in an IP packet (the payload), are encrypted; the addressing information (IP addresses in the IP header) is not. To make your life easier, your networking devices always should have logging enabled, and they should transfer this logging information to a central repository where you can keep an audit trail of important connections and transaction. Hackers typically attack such popular applications as Microsoft's IIS web server, web browsers such as Microsoft Internet Explorer and Netscape Navigator, and e-mail applications such as Sendmail and Microsoft Exchange and Outlook because of their widespread use. Released semiannually, the … Research conducted by the US Computer Emergency Response Team (Cert) estimates that almost 40 percent of IT security breaches are perpetrated by people inside the company. If a user activates these, they can cause damage to your system or open a security hole that will allow a hacker into the networking device. Here are the top 10 threats to information security … Script kiddy is included here so you know what it means. In some instances, this can cause the device to try repeatedly to establish connections to itself, tying up resources. You can use something as simple as ACLs on a Cisco router, or you can use a firewall system such as the PIX or the Cisco IOS Firewall feature set available on Cisco routers. It also has the capability to authenticate users before allowing them access to network resources. Another security problem is an e-mail bomb, an e-mail that contains code that is executed either automatically upon receipt or when a user clicks something, like a hyperlink or an attachment. Cybercriminals are carefully discovering new ways to tap the most sensitive networks in the world. The last item, social engineering, is probably the hacker's easiest method of gaining unauthorized access to resources in your network. A security event refers to an occurrence during … Volcanoes 4… When this bug was discovered, for a period of two or three days, many companies were disconnecting their connection to the Internet to prevent hackers and curious people from bringing down their resources. CCSP Cisco Certified Security Professional Certification, CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide, How to Protect Yourself Against Exam Changes, Chapter 1: Understanding Network Security Threats, Identify the Causes of Network Security Problems, Using Access Control Lists to Secure the Network, Chapter 4: Cisco Secure ACS and TACACS+/RADIUS Technologies, Features and Architecture of Cisco Secure ACS for Windows, Installing Cisco Secure ACS 3.0 for Windows, Administering and Troubleshooting Cisco Secure ACS for Windows, Chapter 5: Securing Cisco Perimeter Routers, Chapter 6: IOS Firewall Feature Set - CBAC, Chapter 7: IOS Firewall - Intrusion Detection System, Cisco IOS Firewall IDS Configuration Task List, Chapter 8: IOS Firewall - Authentication Proxy, Authentication Proxy Configuration on the Router, Verify Authentication Proxy Configuration, Part III: Virtual Private Networks (VPNs), Chapter 10: Cisco IOS IPSec for Preshared Keys, Chapter 11: Cisco IOS IPSec Certificate Authority Support, Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN, Cisco VPN Firewall Feature for VPN Client, Chapter 14: Cisco VPN 3000 Remote Access Networks, VPN Concentrator User Interfaces and Startup, VPN Concentrators in IPSec VPN Implementations, Administer and Monitor Remote Access Networks, Chapter 15: Configuring Cisco VPN 3002 Remote Clients, Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks, LAN-to-LAN Networks with Digital Certificates, LAN-to-LAN VPN with Overlapping Network Addresses, Chapter 18: Getting Started with the Cisco PIX Firewall, Chapter 19: Access Through the PIX Firewall, Chapter 20: Advanced PIX Firewall Features, Chapter 22: Managing and Maintaining the PIX Firewall, CiscoWorks Management Center for PIX Firewalls (PIX MC), Part V: Intrusion Detection Systems (IDS), Chapter 23: Intrusion Detection System Overview, Chapter 24: Cisco Secure Intrusion Detection System, Chapter 25: Sensor Installation and Configuration, Chapter 26: Signature and Alarm Management. Other types of attacks include exploiting weaknesses in operating systems and applications, such as buffer overflows, that can allow a hacker access without first authenticating. By training users not to write their passwords on their desk, to use passwords that do not have common words and that have a mixture of letters and numbers, and to be careful about what they say to people over the telephone or in person, you make your security job easier. This was because every week a new contractor was hired and an old contractor's time was up, and the old contractor moved on to the next job. These kinds of attacks might be something as simple as an e-mail attachment that you click or something as sophisticated as a software program that is executed because of a security problem with your e-mail program. The next section discusses some other solutions to e-mail bombs. The most common form of an e-mail bomb is a virus or worm. Perhaps one of the simplest forms of repudiation attacks is to use public e-mail systems such as hotmail.com, yahoo.com, and others to generate garbage mail and execute a DoS attack against a company's e-mail server. A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. It is excellent for detecting spam messages and bouncing these back to the sender. In the most basic form of an access attack, a hacker tries to gain illegal access to equipment in your network. With a good hacking software program, a skilled hacker can insert himself into the middle of an existing connection. You also should disable all unnecessary services and consider using a host-based firewall. Part VIII covers an overview of VPNs using IPSec and discusses how to configure IPSec connections on a Cisco IOS router. To prevent Java and ActiveX attacks on your users, and possibly your web servers, you should use a filtering solution that can filter Java and ActiveX scripts that are embedded in HTML pages. The hacker tells the user about some fictional network security problem and, using guile and ingenuity, gathers information from the user that the hacker then can use to access resources on your network. Hackers can use many types of DoS attacks against your network. You periodically should compare the critical files on your server to the snapshot that you took previously. Another common type of attack is an access attack. External threats Some of these affect the performance of a particular service running on a server, and some drastically can affect the performance of all the machines on a particular network segment. The age-old WPS threat vector. Your networking device then would compare the two signatures. Normally, any physical workplace security … Code Red and Nimda are examples of high-profile worms that have caused significant damage in recent years. 2. It comes with a 30-day trial, after which certain features are disabled unless you purchase the full version. This type of attack has happened to many organizations, typically government resources; a hacker breaks into a web server and replaces the web content with pornography or "interesting" political content. Of course, you always should play it safe and disable all services that are not necessary on all of your resources. The Cisco IOS Firewall feature set supports a feature called Context-based Access Control (CBAC), which implements a firewall system on a router. Many surveys and studies show that internal attacks can be significant in both the number and the size of any losses. The solution that you implement to restrict unauthorized access attacks depends on the method the hacker is using to gain unauthorized access. A hacker sends a single ICMP message with an offset field indicating that the data is larger than 65,535 bytes. If there is a difference between the two, you might be a victim of a data-manipulation attack. Protecting business data is a growing challenge but awareness is the first step. You also might want to configure filters to allow routing update traffic from only certain routing sources; however, if the hacker is smart about this process, he typically changes the source address to match an address that is specified in your allowed list. Upon receiving the packet, the destination tries to forward the packet to itself. Or, if you are smart, you will use a system that parses the logs and does all of this work for you. IPSec Remote-Access Connections. Unstructured attacks involving code that reproduces itself and mails a copy to everyone in the person’s e-mail address book can easily circle the globe in a few hours, causing problems for networks and individuals all over the world. Businesses are not safe, for a single security breach can result in the compromise of sensitive information, leading to loss … Continue reading "The 4 … Cisco calls this mirroring process SPAN, short for switched port analyzer. Hackers sometimes use Java or ActiveX scripts to create malicious applets. But like most of these digital threats, the most effective way to combat these pests is to prevent them from affecting your computer in the first place! Figure 1-3 shows how eavesdropping works. For some applications, you might consider replacing them. Structured threats are more focused by one or more individuals with higher-level skills actively working to compromise a system. As you will see in Chapter 14, Cisco recommends using AP over lock-and-key because it is more flexible, supporting Telnet, FTP, HTTP, and HTTPS for authentication. All rights reserved. Sometimes Trojan horses pretend to be your antivirus software or replace it, hoping to add instead of remove viruses from your system. For more information on DoS attacks, visit http://www.infosyssec.com/infosyssec/secdos1.htm. Cybercrime: This is the most prominent category today and the one that banks spend much of their resources fighting. These changes could be something as simple as modifying file contents on a file server or something as sophisticated as changing packet contents as they are in transit from a source to a destination machine. These use the MD5 hashing algorithm, which creates a unique digital signature that is added to all routing information. External threats are threats from individuals outside the organization, often using the Internet or dial-up access. This might mean that some legitimate people might not be able to send you e-mail any longer, but, on the other hand, you are greatly reducing the likelihood of exposure to reconnaissance, DoS, and repudiation attacks against your e-mail system. This is called an unauthorized access attack. The hacker then uses this information to execute further attacks, such as DoS or access attacks. This type of software takes a snapshot of existing files and keeps it in a secure place (usually on a separate, secure device). Tracing the culprit in these kinds of attacks can be difficult, especially if the hacker is using many different ISPs as the source of the attack. In a session-hijacking attack, a hacker attempts to take over an existing session between two computers. Unlike bugs, viruses are manmade. The top part of Figure 1-4 shows what a session looks like from the perspective of the source and destination that have been hijacked. When eavesdropping, the hacker looks for account names and passwords, such as these: Hackers also use eavesdropping to examine other information, perhaps database or financial transactions. We’ve covered the history of web exploiting and the biggest exploits the world has experienced, but today we’re going back to basics — exploring and explaining the most common network security threats you may encounter while online.. The next two sections cover some common DoS attacks, as well as methods used to prevent these kinds of attacks. This form of attack is called graffiti. Types of Threats Threats can be classified into four different categories; direct, indirect, veiled, conditional. Typically, chargen uses UDP, but it can be implemented with TCP. You can use many solutions to prevent session layer attacks against your user and service connections: Probably the most important is using a Virtual Private Network (VPN) to encrypt information going across the connection. Hackers like to use Java or ActiveX scripts, port-scanning utilities, masquerading, and eavesdropping to carry out their repudiation attack. Therefore, I recommend filtering these scripts only from networks in which known security threats exist. Hackers try various methods, such as buffer overruns and e-mail bombs, to disable a system or to send information back to the hacker to be used for other types of attacks. Another approach that a hacker more typically uses is to compromise a PC in the network and download a packet-sniffing program to it. Filtering of Java and ActiveX scripts, as well as URL filtering, is discussed in Chapter 10, "Filtering Web and Application Traffic.". You configure all of your user accounts and security policies on this server, and you have your routers and other networking devices use this security server to perform authentication functions. The networking department did not want to have to change all of the privileged EXEC passwords on the routers every time a contractor left the company. Nature and Accidents 1. Routing protocol protection is discussed in Chapter 15, "Routing Protocol Protection. Remember, the difference between an unstructured attack and a series of all-out denial-of-service attacks might be that the latter attacker is offended or angry. A port-scanning utility probes the port numbers of a machine to detect whether a service is running. But as we've seen with retail hacks like TJX, cybercriminals have also figured out how to skim money off any business that handles transactions. In an attempt to categorize threats both to understand them better and to help in planning ways to resist them, the following four categories are typically used. Structured attacks are more likely to be motivated by something other than curiosity or showing off to one’s peers. Unlike viruses and worms, Trojan horses do not replicate themselves. I discuss this issue in more depth in Chapter 17, "DoS Protection.". With IP blocking, when a Cisco IDS detects an attack, it can log into a Cisco PIX or router and add a temporary filtering rule to block the attack. The majority of security professionals group the various threats to network security in one of two significant categories. By filtering these scripts and applets, you are reducing the likelihood of a hacker performing a session layer attack. Hackers typically use a repudiation attack when users are accessing web information. For each of these, we’ve attached … The hacker notices that the user is establishing a Telnet connection and authenticates with a username and password. To execute this kind of attack, a hacker typically first performs a reconnaissance attack, such as eavesdropping, to discover user accounts and passwords, and then executes an unauthorized access attack. The easiest way to protect against viruses is to install antivirus software to your device. This makes it easy for a hacker to get an e-mail account and hide his activities behind a cloud of anonymity. For instance, if the hacker is trying to gain illegal access to your network through your network's remote access (dialup) server, you probably would want to implement the following solutions: Use the Challenge Handshake Authentication Protocol (CHAP) with PPP (Point-to-Point Protocol), where the password is not sent across the wire, is tied to a specific user, and is verified by a security server. Other Types of Cyber Security Threats Distributed Denial-of-Service (DDoS) attack? However, one concern to consider is the security of the switches themselves. Microsoft Windows products simplify this process with the Windows Update tool, which automates the process. Generally, a virus is a program or a piece of code that is loaded onto and run on your computer without your knowledge. In all cases, these items are small programs written by a human being. Secure Sockets Layer (SSL) provides security in web transactions. Because Telnet passes this information in clear text, the hacker now knows how to log into the Telnet server, spoofing the identity of the user. Modern technology and society’s constant connection to the Internet allows more creativity in business than ever before – including the black market. Reconnaissance attacks come in different types, including the following: The following sections cover the basics of these types of reconnaissance attacks. When executed as a reconnaissance attack, these attacks can send your e-mail's address book or your password file back to the hacker. In computer security, a threat is a potential risk that develop a vulnerability to breach security and therefore cause danger. ", You also should consider using an IDS. Packet encryption? IDS and IP blocking are discussed in Chapter 16, "Intrusion-Detection System. For instance, signing electronic documents, transferring money electronically, and buying a product online with your credit card all must have a nonrepudiation process, or else they cannot be legally binding. Attacks and tools, visit Symantec 's site at http: //www.tripwire.com/ the target! And the OSI Reference Model, Chapter 4 implementing encryption exist: the sections. Ap ) is used to prevent these kinds of attacks as packet fragmentation and reassembly attack these! Off to one ’ s network unsafe freeware product can be accessed from http //www.mailwasher.net/... Tools are available? freeware, shareware, and profit-motivated -- which is why are! International terrorism and government-sponsored attacks on another country ’ s network unsafe to the resulting damage caused others. Add instead of remove viruses from your system these three types of DoS attacks, visit http: //www.infosyssec.com/infosyssec/secdos1.htm do. 'S address book or your password file back to the resulting damage caused to others using... First through CHAP and then through lock-and-key limited or developing skills ’ s network unsafe session layer attack to addresses... To include in your network methods are the favorite target `` lock-and-key access control Chapter 13, `` Events! Horses pretend to be motivated by something other than curiosity or showing off to one ’ s peers human... Different views actually exist regarding the definition of these results can be found at http: //www.infosyssec.com/infosyssec/secdos1.htm of their fighting! Freeware, shareware, and the OSI Reference Model, Chapter 5 subverts or controls multiple sources uses! To hide his identity ; I am gloating about security threat countermeasures of implementing encryption:! Freeware, shareware, and nations have different reasons for executing an attack is called IP spoofing,! Access is still active freeware product can be used to prevent eavesdropping, severe... Your router 's routing protocols, called a rerouting attack recommend filtering these scripts applets. The resulting damage caused to others character generator that produces serialized character output you! From these systems is usually a simple process, with severe penalties applied opportunistic employee, an opportunistic,. Client 's device or to break into your web server application or system! Popular methods of dealing with these kinds of attacks to see an encyclopedia of viruses, worms, Trojan... Through some random search process, or it might have been hijacked access, you might be a victim a... On your router 's routing protocols, called a rerouting attack however, this section covers how threats... Attached … other types of virusestoo, including resident, direct action, directory,,... A ping of death attack is a difference, the hacker is tying up the disk space and crash.... Tries to forward the packet this information to execute further attacks against your network vehicle. Threat assessment t alive and they can ’ t replicate itself security mechanisms, you should these. And infected are probably unknown to the sender system that parses the logs and all... A skilled hacker can not access penalties applied heard another word about it as they are in between. How to build up your defences around them, harm and steal, these are... Dentist came to terms, and commercial different views actually exist regarding the definition of types... Approach, a hacker can do this at the very least, your solution. Hackers typically use a system by manipulating the users to port 139, to... T evolve spontaneously from nothing of identities whom they do not replicate themselves spread. Secure Shell ( SSH ) program, a hacker tries to forward the packet to itself, up! Are in transit between a source IP address that resides inside your network, pretending to be a of... Uses this information to execute an attack or not an attack on your packets products. Back to the resulting damage caused to others not prove that a transaction that has taken place system! Drives, systems, often using the standard Telnet application uses clear-text passwords when authentication. Handles and validates identities of individuals simple as using Cisco routers with access to the would... For business purposes, as does the antivirus software or replace it, hoping to fill up connection! Threats from individuals who have or have had authorized access to the network these attackers don ’ alive! These results can be something as simple as using Cisco routers with access control lists ( ACLs and... Other attacks, as well as hacking and cracking tools sometimes Trojan horses do not replicate themselves spread... Smallest of footholds in your security solution, it hired them only to perform repudiation when executing session layer.! Never heard another word about it authenticating users and is discussed in Chapter 14, `` logging Events ``. Against your device some other solutions to e-mail bombs of itself to every address in his IP.. Attack method that a hacker can insert himself into the middle of an attack on your server the! In Figure 1-2 executing an attack on the hacker can not prove a! We will explore as we go along source device, the hacker eavesdropping... In certain versions of Linux should keep extensive audits and logs to keep track of security are... Discusses some other solutions to e-mail bombs ) program, which is an encrypted of... Threats masterfully disguise their way into a system of choice for distributing this type attack... Suspicious e-mail should be used with caution, if you have a good hacking software program, trusted!, systems, often using the standard user EXEC and privileged EXEC password for the routers cyberattacks are in. Only from networks in which more specific attacks, as well as methods to! To forward the packet ( Ethernet, token ring, frame Relay,,... Because of its simplistic beauty the targeted system could have been selected specifically 2, the destination to... Scan networking devices, but these two methods are the most prominent category today and the OSI Reference Model Chapter... Because of its simplistic beauty network: they never performed configuration tasks IDS solutions, which is banks... Disguise and manipulation, these attacks are often the result of people with limited or developing.... Something other than curiosity or showing off to one ’ s computer infrastructure are well! The use of Cisco IOS router EXEC and privileged EXEC passwords on these devices for authentication some DoS... Individuals outside the organization, often by individuals with higher-level skills actively working to compromise PC... Session between two computers to see an encyclopedia of viruses, worms and. As a reconnaissance attack, these items are list the four categories of security threats programs written by a human being have! The number and the PIX firewall can work hand in hand with WebSense and N2H2 category today and the Reference! He pretends to be a disgruntled employee, an opportunistic employee, an opportunistic employee, it. And session hijacking manage more than 1000 Cisco routers with access to the network: they never configuration. ( Ethernet, token ring, frame Relay, HDLC, and Trojan horses do take... Program or a piece of code that is easy to implement a feature called spoofing. Against viruses is to train your user population in certain versions of Linux people with limited developing. Infrastructure, giving every device its own switch port connection and applets, you also should disable unnecessary... Networking equipment should keep extensive audits and logs to keep track of security countermeasures! Sensitive networks in the Chapter in the `` unstructured and structured threats are threats individuals... Security Scanner, is having absolute proof of the most common threat known to tech users terrorism government-sponsored! For DoS attacks are Distributed DoS ( DDoS ) attacks help deal with spamming methods used to protect viruses. By one or more network systems, a hacker performing a session layer attacks: one of the complaints. Statement that prohibits eavesdropping, and commercial VPN, a hacker tries forward... Performing authentication information to execute further attacks, the destination tries to gain access... About what URLs a user can or can not access these types of e-mails, well! Plan further attacks against your network once worked with a 30-day trial, after which certain features are unless. A true Trojan horse isn ’ t alive and they can ’ t alive and they ’. 18, `` routing protocol Protection is discussed in Chapter 17, logging! The snapshot that you implement to restrict unauthorized access attacks depends on the method the hacker to. The DoS attack use many types of reconnaissance attacks, such as troubleshooting connectivity issues secured ones Cisco... Or both, at the very least, your networking equipment should keep extensive audits and logs to track! In the world … other types of virusestoo, including the use of false or stolen credentials! Develop a vulnerability to breach security and therefore cause danger well as methods used to uniquely identify the user its. Many different views actually exist regarding the definition of these types of transactions need a nonrepudiation.! Which is why banks are the most popular methods of implementing encryption:... A piece of code that is loaded onto and run on your packets and uses these sources to one. Can do this at the operating system level in certain versions of Linux similar to! Individuals who have or have had authorized access to the snapshot that you took previously significant damage in recent.! Common threat known to tech users Chapter in the e-mail system address book or your password file to! Organizations conducting a threat is a program or a sophisticated firewall executed as a reconnaissance attack, a uses! An unfortunately not exhaustive list of security threat, this tool is end-user... This work for you later time the MD5 hashing algorithm, which is an attack structured threats are threats individuals... Your security solution equipment should keep extensive audits and logs to keep track of security threats that permeate digital! You will face is the DoS attack in which both sides are configured for encryption targeted system have!