Common Networking Attacks Threats and Solution
There are at least seven types of network attacks.
- Spoofing.
- Sniffing.
- Mapping.
Spoofing
Any internet connected device necessarily sends IP datagrams into the
network. Such internet data packets carry the sender's IP address as
well as application-layer data. If the attacker obtains control over the
software software running on a network device, they can then easily
modify the device's protocols to place an arbitrary IP address into the
data packet's source address field. This is known as IP spoofing, which
makes any payload appear to come from any source. With a spoofed source
IP address on a datagram, it is difficult to find the host that actually
sent the datagram.
The solution for spoofing is ingress filtering. Routers usually
perform this. Routers that perform ingress filtering check the IP
address of incoming datagrams and determine whether the source addresses
that are known to be reachable via that interface. If the source
addresses that are known to be reachable via that interface. If the
source address is not in the valid range, then such packets will be
discarded.
Sniffing
Packet sniffing is the interception of data packets traversing a
network. A sniffer program works at the Ethernet layer in combination
with network interface cards (NIC) to capture all traffic traveling to
and from internet host site. Further, if any of the Ethernet NIC cards
are in promiscuous mode, the sniffer program will pick up all
communication packets floating by anywhere near the internet host site. A
sniffer placed on any backbone device, inter-network link or network
aggregation point will therefore be able to monitor a whole lot of
traffic. Most of packet sniffers are passive and they listen all data
link layer frames passing by the device's network interface. There are
dozens of freely available packet sniffer programs on the internet. The
more sophisticated ones allow more active intrusion.
Mapping
Before attacking a network, attackers would like to know the IP
address of machines on the network, the operating systems they use, and
the services that they offer. With this information, their attacks can
be more focused and are less likely to cause alarm. The process of
gathering this information is known as mapping.
In general, the
majority of network communications occur in an unsecured or "clear text"
format, which allows an attacker who has gained access to data paths in
your network to "listen in" or interpret the traffic. When an attacker
is eavesdropping on your communications, it is referred to as sniffing or snooping.
The ability of an eavesdropper to monitor the network is generally the
biggest security problem that administrators face in an enterprise.
Counter
measures are strong encryption services that are based on cryptography
only. Otherwise your data can be read by others as it traverses the
network.
Security Policy
Security policy is a definition of what it means to be secure for a system,
organization or other entity. For an organization, it addresses the
constraints on behavior of its members as well as constraints imposed on
adversaries by mechanisms such as doors, locks, keys and walls. For
systems, the security policy addresses constraints on functions and flow
among them, constraints on access by external systems and adversaries
including programs and access to data by people.
Remote access policy is a document which outlines and defines
acceptable methods of remotely connecting to the internal network. It is
essential in large organization where networks are geographically
dispersed and extend into insecure network locations such as public
networks or unmanaged home networks. It should cover all available
methods to remotely access internal resources:
dial-in (SLIP, PPP)
ISDN/Frame Relay
telnet access from Internet
Cable modem
This remote access policy defines standards for connecting to the
organizational network and security standards for computers that are
allowed to connect to the organizational network.
A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security
environment. The document itself is usually several pages long and
written by a committee. A security policy goes far beyond the simple
idea of "keep the bad guys out". It's a very complex document, meant to
govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.
Security policy should keep the malicious users out and also exert
control over potential risky users within your organization. The first
step in creating a policy is to understand what information and services
are available (and to which users), what the potential is for damage
and whether any protection is already in place to prevent misuse.
