Network administrators are always faced with security breaches. A network, by its very nature, is susceptible to many kinds of attacks. In this article, we look at a few common network security problems.
As advances in technology take place, the level of sophistication in network security threats increased proportionally. Usually security measures are reactionary, in that these measures are implemented only when the attack breaches existing defenses. Unfortunately there is no security system that is completely secure or foolproof against attacks, therefore the only solution is to implement stringent policies, constantly review and update them, and lastly be vigilant of network activity.
There are a number of network security problems, which can be guarded against with the right implementation of security policies. The following are the most common problems for networks.
Compromised Key Attacks
The key in this case refers to an encryption key. In the case of encrypted communications, an important part of the process is a key. If the key is viewed by an unauthorized individual, all the encrypted communication is considered compromised.
A rather insidious network security threat, data modification is very difficult to detect. In these cases, the intent is merely to cause losses rather than to actually gain from compromising a network. Data modification is not necessarily restricted to confidential information either; it can be as simple as changing dates on an electronic communication.
Commonly known as DoS, denial of service attacks essentially clog up an organizational to the point that it cannot provide service to its customers. These attacks are usually perpetrated by disgruntled individuals, like ex-employees, or by those with malicious intent. Denial of service attacks can severely cripple a business and, if the attack lasts long enough, they can cause significant losses.
Although a great deal of emphasis is placed on creating secure passwords for logins, quite a number of servers send the passwords back and forth in unencrypted form. This cleartext is easily visible to any user listening in at the right port. Once the login and password details are available, unauthorized access becomes easy.
One of the more popular forms of attack, email-based attacks carry malware right into the network, past all the defenses that are put in place. There are mechanisms that scan email attachments, and even some email programs that refuse to attach executable files, however the protection is still at its weakest with emails.
Most network components identify themselves through the use of IP addresses. IP addresses are also used to validate data that has been received from a legitimate source or destination. Identity spoofing essentially means that a hacker can pretend to have a computer with that IP address, thereby becoming trusted by the network. Once this happens, then all the data intended for or received from the original machine is compromised.
As the name suggests, the man-in-the-middle attack refers to a third party placing themselves in the middle of a communication. The communication from both ends is intercepted and therefore compromised. There is no way of knowing whether the communications received are authentic or have been altered in some way.
Password-Based Attacks/Unauthorized Access
Most hackers want access into a system for either control or information retrieval. One of the easiest ways to gain unauthorized access into a system is to hijack the identity of an authorized user. The system then remains unaware that the individual is not the identified one, and therefore they have access to the system, depending on the permissions set on the account that was hijacked. Unauthorized access also includes accessing parts of the system that the user is not allowed to view.
Worms and Trojans
Worms and Trojans are examples of malicious malware, designed to infect a system insidiously, extract information and send it across to an outside source. This way the hacker can view what is inside the system without being anywhere close. This sort of malware is difficult to detect without strong antimalware applications.