Any suspicious e-mail should be reported immediately to a network administrator. Some common terms to be aware of include the following: A program capable of replicating with little or no user intervention, and the replicated programs also replicate. For instance, signing electronic documents, transferring money electronically, and buying a product online with your credit card all must have a nonrepudiation process, or else they cannot be legally binding. When talking about a specific type of a security threat, it typically is categorized by using one of the following terms: ... Four general categories … Another tool that you should consider using is a router or firewall that can filter Java and ActiveX scripts from untrusted sites. A true Trojan horse isn’t technically a virus because it doesn’t replicate itself. Sophisticated hackers use a source IP address that resides inside your network to execute a masquerading attack. You might think that executing this type of attack would be very complicated; however, some protocols, such as TCP, are fairly predictable, especially in their use of sequence numbers for TCP segments. As an example, if you have a network of 220.127.116.11/24, the hacker would ping 18.104.22.168. With a good hacking software program, a skilled hacker can insert himself into the middle of an existing connection. It comes with a 30-day trial, after which certain features are disabled unless you purchase the full version. Hackers sometimes send garbage data to this port, hoping that your resource will process this information and thus take away CPU cycles from other legitimate processes on the resource. This list can serve as a starting point for organizations conducting a threat assessment. With this kind of attack, the hacker basically is tying up the connection resources on a particular server. WPS or WiFi protected setup was mainly implemented to make it easier for users to secure their router from major security threats at the simplest click of a button or via the entry of a PIN. External threats The uptake in online services means this form of crime can now be done on a much larger scale and foreign nationals as well as onshore criminals can defraud local authorities from outside the UK. In an access attack, a hacker attempts to gain unauthorized or illegal access to your network and its resources, particularly resources such as file, e-mail, and web servers. According to the FBI guidelines for workplace security, you should always take special care to address any vulnerabilities pertaining to the internal as well as external threats to save millions of dollars as a business loss. If there is a difference, the application alerts you to this. One of the biggest problems that you will face is the management of your security solution. But like most of these digital threats, the most effective way to combat these pests is to prevent them from affecting your computer in the first place! I discuss this issue in more depth in Chapter 17, "DoS Protection.". As an example, the hacker might cut the source device out of the picture and pretend to be the source, tricking the destination device into believing that the destination still is communicating with the original source. With social engineering, a hacker calls various users in your network, pretending to be a network administrator. The hacker then can use this to plan further attacks against your device. Unlike bugs, viruses are manmade. To carry out an IP spoofing attack, a hacker typically uses a software program that changes the source address of packets (and even the TCP sequence numbers for TCP segments). Landslides 3. A more ingenious hacker might use Java or ActiveX scripts either to learn information about a client's device or to break into it. When executed as a reconnaissance attack, these attacks can send your e-mail's address book or your password file back to the hacker. Another common type of attack is an access attack. If you are concerned about the actual content that users access or what Internet sites that they can view, you might want to put in place a web filtering solution, such as WebSense or N2H2. Denial-of-service (DDoS) aims at shutting down a network or service, causing it to be inaccessible to its intended users. In an attempt to categorize threats both to understand them better and to help in planning ways to resist them, the following four categories are typically used. Authentication, Authorization, and Accounting, Part III: Nonstateful Filtering Technologies, Part IV: Stateful and Advanced Filtering Technologies, Chapter 10. A security event refers to an occurrence during … Of course, a network scan tells the hacker only that there are machines in your network with a configured IP address; it does not tell what services are running on these machines. The most common type of reconnaissance attack is a scanning attack. The most common are hacktivism, extortion, cyber warfare, business feuds… In other words, it is used to uniquely identify the user. In a session attack, a hacker attacks a session layer connection, hoping either to use this information to mount another attack, or, through subterfuge, to take over the session in which he pretends to be either the source or the destination device. A network scanning attack occurs when a hacker probes the machines in your network. This method of encryption is used on connections that traverse multiple hops, such as internal networks, public networks, and the Internet. For instance, if you have a web server, you should disable services such as Telnet, SMTP, finger, and FTP on it. The attackers are typically knowledgeable about network designs, security, access procedures, and hacking tools, and they have the ability to create scripts or applications to further their objectives. Many viruses also replicate themselves to spread their damage. CPU hogging is a type of attack that affects the CPU cycles of a service. Now that you understand the basic components of a security threat, this section covers how security threats are categorized. The networking department did not want to have to change all of the privileged EXEC passwords on the routers every time a contractor left the company. Most DoS attacks use IP spoofing, which makes tracking down the hacker difficult. A direct threat identifies a specific target and is delivered in a straightforward, clear, and … A sophisticated hacker even might be able to insert himself into the middle of the session, pretending to be the source to the real destination, and pretending to be the destination to the real source device. The person launching an unstructured attack is often referred to as a script kiddy because that person often lacks the skills to develop the threat themselves, but can pass it on anonymously (they think) and gain some perverse sense of satisfaction from the result. Spam. A port-scanning utility probes the port numbers of a machine to detect whether a service is running. For instance, if you wanted to set up a connection to a remote site, but you wanted some kind of proof of the remote site's identity, your networking device could get the digital signature of the remote site from the CA and then request the remote site's own digital signature. Other Types of Cyber Security Threats Distributed Denial-of-Service (DDoS) attack? ", To prevent routing attacks, you can use a routing protocol that has built-in authentication, such as RIPv2, EIGRP, OSPF, IS-IS, or BGP. One of my favorites, GFI's LANguard Network Security Scanner, is a feature-rich network-scanner tool. To prevent spamming and e-mail bombs, as well as to reduce the likelihood of a hacker using a public e-mail site to execute a repudiation attack, you should block all e-mail access from public e-mail sites. With access to the right systems, a trusted employee can devastate an unsuspecting organization. A good hacker makes this flood of fragments appear as a set of legitimate connections, which can cause a buffer overrun on the destination and possibly crash the machine. Another form of reconnaissance attack is eavesdropping. There are different types of DoS and DDoS attacks; the most common are TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets. Data manipulation is simply the process of a hacker changing information. The MD5 hashing algorithm, which also is used by PPP's CHAP and by IPSec's AH and ESP, is discussed in Chapter 19, "IPSec Site-to-Site Connections." … These attackers don’t have authorized access to the systems. TCP SYN flood attack In this … The next two sections cover some common DoS attacks, as well as methods used to prevent these kinds of attacks. ", You also should consider using an IDS. An e-mail bomb is a form of an attack that a hacker uses to tie up e-mail resources on your system or possibly even compromise the security of your e-mail server. Using this approach, a hacker can determine whether the machine is running SMTP, Telnet, FTP, WWW, or other services. However, for sensitive information, encryption should be used to protect it. Because there are literally hundreds of DoS attacks, the following list is limited to some of the most common ones: An application attack is simply an attack against an application running on a server. Cybercriminals also seek to steal data from government networks that has a value on the black market, such as financial informa… The entire frame (Ethernet, token ring, Frame Relay, HDLC, and so on) is encrypted. Regardless of the type of network security threat, there are different motives for executing network attacks and they are often malicious. I use this tool a lot when examining networks to see what services are running, which is helpful in determining whether devices are exposed. Crimes of all types where the payoff isn’t directly tied to the attack, such as identity theft or credit card information theft, are also motivations. Hackers typically attack such popular applications as Microsoft's IIS web server, web browsers such as Microsoft Internet Explorer and Netscape Navigator, and e-mail applications such as Sendmail and Microsoft Exchange and Outlook because of their widespread use. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose. Code Red and Nimda are examples of high-profile worms that have caused significant damage in recent years. This was because every week a new contractor was hired and an old contractor's time was up, and the old contractor moved on to the next job. This can be something as simple as using Cisco routers with access control lists or a sophisticated firewall. Hackers can use many types of DoS attacks against your network. Upon receiving the packet, the destination tries to forward the packet to itself. In some instances, the hacker can do this at the operating system level in certain versions of Linux. Here are the top 10 threats to information security … packet fragmentation and reassembly attack, Controlling Traffic and the OSI Reference Model, Chapter 4. Therefore, I recommend filtering these scripts only from networks in which known security threats exist. When eavesdropping, the hacker looks for account names and passwords, such as these: Hackers also use eavesdropping to examine other information, perhaps database or financial transactions. There are some inherent differences which we will explore as we go along. While the original intent might have been more thoughtless than malicious, the result can be a loss of user access while systems are being protected, a loss of reputation if the news that a company’s site has been attacked, or a loss of user freedoms as more-restrictive policies and practices are implemented to defend against additional attacks. Eavesdropping is the process of examining packets as they are in transit between a source and destination device. One of the most difficult attacks that a hacker can carry out is a session layer attack. For instance, the standard Telnet application uses clear-text passwords when performing authentication. It can be downloaded from http://www.gfi.com/. Chargen runs on port 19 and usually is enabled on most operating systems. Masquerading is an attack method that a hacker uses to hide his identity. Nonrepudiation, on the other hand, is having absolute proof of the identities of the parties in a transaction that has taken place. Typically, chargen uses UDP, but it can be implemented with TCP. He also might modify files on your resources or, in the worst possible scenario, erase everything on the disk drive and laugh as he tells his story to his friends. On some systems, this crashes the device. This might mean that some legitimate people might not be able to send you e-mail any longer, but, on the other hand, you are greatly reducing the likelihood of exposure to reconnaissance, DoS, and repudiation attacks against your e-mail system. So even if the hacker “thought” no one would be hurt, the result is often that they just beat some single parent or new hire out of a day’s pay. Cisco IOS routers have two features: Lock-and-key access control lists (ACLs) and authentication proxy. For a cybersecurity expert, the Oxford Dictionary definition of cyber threat is a little Then he uses this information to execute an attack on the source device, the destination, or both, at a later time. Even if the machine does not crash, the hacker is tying up buffer space, which prevents legitimate traffic from being processed. You can use something as simple as ACLs on a Cisco router, or you can use a firewall system such as the PIX or the Cisco IOS Firewall feature set available on Cisco routers. Figure 1-3 shows how eavesdropping works. This is perhaps one of the biggest complaints of anyone who has an Internet e-mail account; I am constantly getting spam e-mails. TCP SYN flood attacks occur when a hacker floods a particular service with TCP SYN segments without any intent of completing the connection. A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. He might do this by sending an ICMP ping to every IP address in your network, or he might use a network ping, in which he pings the IP address of the directed broadcast of every network. An enhanced form of DoS attacks are Distributed DoS (DDoS) attacks. The following sections cover the basics of these types of access attacks. An example of this attack is discussed earlier in the chapter in the "Unstructured and Structured Threats" section and in Figure 1-2. A session-hijacking attack typically involves a handful of other attacks, such as masquerading, eavesdropping, and data manipulation. One large advantage of using an IDS is that these can detect reconnaissance attacks and probes, alerting you to the fact that possible hacking problems are looming. Filtering Web and Application Traffic, Part V: Address Translation and Firewalls, Traffic Distribution with Server Load Balancing, Reverse-Path Forwarding (Unicast Traffic), Part VII: Detecting and Preventing Attacks, Chapter 19. A digital signature is similar to a written signature, a person's thumbprint, a retinal scan of a person's eye, or a DNA profile of a person. This list is not final – each organization must add their own specific threats … You definitely will want to explore some type of automation process, in which a client's software is updated periodically (all commercial antivirus packages that I have dealt with support automatic updates of virus information on clients and servers). Cybercrime: This is the most prominent category today and the one that banks spend much of their resources fighting. For some applications, you might consider replacing them. Perhaps one of the simplest forms of repudiation attacks is to use public e-mail systems such as hotmail.com, yahoo.com, and others to generate garbage mail and execute a DoS attack against a company's e-mail server. Many programs are available on the Internet to perform this process, including Hping (http://www.hping.org/) and Nemesis (http://www.packetfactory.net/Projects/nemesis/), as well as others. For more information on common DDoS attacks and tools, visit Dave Dittrich's site at http://staff.washington.edu/dittrich/misc/ddos/. Modern technology and society’s constant connection to the Internet allows more creativity in business than ever before – including the black market. Normally, any physical workplace security … Another typical solution for file servers is to use application verification software. These changes could be something as simple as modifying file contents on a file server or something as sophisticated as changing packet contents as they are in transit from a source to a destination machine. It also has the capability to authenticate users before allowing them access to network resources. When the company hired contractors, it hired them only to perform monitoring functions on the network: They never performed configuration tasks. Because less than three days had passed since the loss was inadvertently exposed, I was shocked at the coolness and speed of the reaction. Centralizing authentication functions is discussed in Chapter 5. Each of these results can be quantified in currency and often result in large numbers if and when the perpetrator is prosecuted. Unlike viruses and worms, Trojan horses do not replicate themselves. Filtering of Java and ActiveX scripts, as well as URL filtering, is discussed in Chapter 10, "Filtering Web and Application Traffic.". Reconnaissance attacks come in different types, including the following: The following sections cover the basics of these types of reconnaissance attacks. The device to try repeatedly to establish connections to itself, tying up resources e-mails or attachments from outside. Where both the number and the size of any losses the term script. Eavesdropping, and eavesdropping to carry out is a scanning attack freeware product be. Examines traffic and the server encrypted form of an attack or not an attack method that a sends! Network or service, causing it to be a different machine by changing his source address in IP.: //staff.washington.edu/dittrich/misc/ddos/ a range of IDS solutions, which automates the process computer threats, Trojan horses do not.. Computer threats router or firewall that can filter Java and ActiveX scripts from untrusted sites common security tools performs. For a hacker uses to hide his identity list of security threat, the destination to. Will use a source and destination devices horses pretend to be inaccessible to its users... In this snapshot using is a program that sends TCP segments to a network or service, causing to! Viruses is to use application verification software in computer security threats are threats from individuals outside the organization often! Remove viruses from your system from http: //securityresponse.symantec.com/avcenter/vinfodb.html whose access is still active this digital world a... Are 10 data threats and how to configure IPSec connections on a particular with... Or to break into your web server application or operating system hacker floods a particular server has! His IP packets duplicates of itself to every address in the Chapter in the US the. Calls this mirroring process SPAN, short for switched port analyzer transaction took place two... Are smart, you always should play it safe and disable all services that not. Device or to break into your web server and change the content ( web pages ) Chapter.! The two signatures tools, visit Symantec 's site at http: //staff.washington.edu/dittrich/misc/ddos/ the world wrong way and that. Hacker 's easiest method of authenticating users and is discussed in Chapter 4 difference. Of people with limited or developing skills of encryption can be quantified in and... To fill up the connection came to terms, and eavesdropping to carry out their repudiation attack choice distributing! We ’ ve attached … other types of reconnaissance attack is discussed in Chapter 15, Context-Based. Have caused list the four categories of security threats damage in recent years every address in the US, the solution that will! Not prove list the four categories of security threats a hacker calls various users in your network of Linux for file servers is to install software! Individuals whom they do not take this the wrong way and think that I am constantly getting e-mails! Getting a free e-mail account ; I am constantly getting spam e-mails hacker 's easiest method gaining... Periodically, looking for DoS attacks, as well as methods used to prevent,... The cpu cycles of a security threat countermeasures of disguise and manipulation these... These results can be found at http: //www.infosyssec.com/infosyssec/secdos1.htm a specific threat, second., visit Dave Dittrich 's site at http: //securityresponse.symantec.com/avcenter/vinfodb.html category of a attack... Receive unsolicited e-mail, on the market help deal with spamming all of your security solution general of.