Businesses, government entities, and individuals alike all have to pay careful attention to dangers to their computers and networks. Network security threats are a growing problem for people and organizations the world over, and they only become worse and multiply with every passing day.
Introduction to Network Security Threats
Worms, Trojan horses, and DoS, also known as denial of service types of attacks are usually utilized malevolently to destroy and consume a given network’s resources. At times, poorly configured hosts and accompanying servers act like threats to network security, since they do eat up available resources for no good reason.
To be capable of correctly identifying and mitigating such potential threats, a person, company, or other organization has to be ready with the proper security protocols and tools to do the job. A number of the most efficient means for finding and eliminating these types of threats are explored below.
Kinds of Different Network Threats
The majority of security professionals group the various threats to network security in one of two significant categories. Either they are logic attacks or resource attacks.
Logic attacks are famed for taking advantage of already extant vulnerabilities and bugs in programs with the stated intention of causing a system to crash. There are cyber criminals who exploit this attack with the intention of willfully gaining illegal access to the system, or alternatively of downgrading the performance of a given network.
An example of this type of exploiting weaknesses inherent in platforms and software includes the Microsoft PNP MS05-039 vulnerability to overflow. Such an attack revolves around the intruder taking advantage of a stack overflow found in the Windows Plug and Play, or PnP, service. This can be carried out against the Windows 2000 operating system without possessing a legitimate user account.
A second example of such a threat to network security concerns the notorious ping of death. In this vile attack, the perpetrator dispatches ICMP packets off to a system which will be greater in size than the maximum allowed capacity.
The majority of these sorts of assaults are simply avoided by upgrading software which proves to be vulnerable or by filtering out particular packet sequences.
The second classification of network security threats are resource attacks. Such assaults are primarily meant to overwhelm important system resources, like RAM and CPU resources. This is principally accomplished via dispatching numerous forged requests or IP packets to the network in question.
The vile cyber-criminal is capable of launching a greater and more potent assault in compromising the integrity of a multitude of hosts and then installing malicious forms of software. This type of exploit typically results in what is well-known as a botnet or a zombie. Once the botnet attack has been successful, the assailant is then capable of launching off additional later assaults from literally thousands of these zombie infected machines, all with the end goal of compromising a single target victim.
Such malicious programs typically hold the code for starting a myriad of different attacks, along with a typical infrastructure for communications which allows them to successfully operate under a remote control feature.
Trojan Horse Viruses
A Trojan Horse proves to be malware which is not self replicating. Typically, such viruses are terribly cunning, in that they seem like they are performing a desirable task for the user. In reality though, they are making possible illegal access on to the user in question’s computer system. The term itself comes from the Trojan Horse story in Homer’s Illiad from Greek mythology.
These viruses are intended solely to permit the computer hacker the ability to remotely access the targeted computer. This is accomplished easily after such a Trojan horse is installed on the computer. Such operations which the cyber hacker is then able to engage in on the machine are limited by the Trojan horse’s design, as well as by user privileges on the computer in question. They include the following:
- Stealing of data, such as credit card data or passwords
- Utilization of the computer as a portion of a botnet attack, for spamming or creating Denial of service attacks
- Uploading or downloading of files
- Software installation, such as additional malware
- Keystroke logging
- Deletion or modification of files
- Wasting of computer storage and memory resources
- Viewing the screen of the user
- Causing the computer to crash
Computer worms are computer program malware which are self-replicating. They utilize a computer network in order to dispatch copies of themselves to other computers using the network. They are different from computer viruses in that they are not required to be attached to any existing programs.
Worms practically always create some harm for a computer network, even if it is just in eating-up available bandwidth. This is different from viruses, which typically modify files or corrupt them entirely on the computer in question.
Worms are far more harmful when they do more than simply replicate themselves onto other computers. In these cases, they may eliminate files on the host system, as with ExploreZip worms; execute a crypto-viral extortion attack, in which they encrypt various files on a computer; or even dispatch out documents using the email system. A common use for worms lies in their installing back doors on the harmed computer for the purpose of creating a zombie computer which the worm author then controls.
Seek Out and Destroy
The first thing which must be done in training a person’s employees lies in uncovering network security threats through attaining network visibility. Although this sounds intuitive, it is not always. One can not hope to defend against something, or eliminate something, that he or she is not able to even see. Such a necessary level of visibility in a network is able to be attained utilizing features which already exist in devices that a person already possesses.
Alternatively, the individual could develop strategic diagrams which completely illustrate packet flows, as well as the locations within a network where the user could succeed in putting into place security mechanisms that will clearly and correctly ascertain and deal with possible threats to security.
The company or organization has to set up a baseline for normal patterns and activity of the network so that unusual and atypical activities may be detected, along with possible threats to network security.
NetFlow, and other similar types of mechanisms, may be integrated into the organization’s infrastructure in order to aid in efficiently and properly ascertaining and classifying the different types of problems. Before beginning to put this kind of system into place, the user ought to conduct some form of network traffic analysis in order to truly appreciate the patterns and rates of typical traffic on his or her network. With a successful detection system, such learning happens over a significant amount of time that encompasses both the valleys and the peaks of all network activities.
In the end, the very best defense for typical network security threats revolves around creating a system, and having training for security followed by all persons involved in the network. Also, the user is able to improve his or her security levels by using dependable software solutions which ensure that such a process becomes significantly easier to implement, and maintain.