Understanding Network Attacks
A network attack can be defined as any method, process, or means used to maliciously attempt to compromise network security.
There are a number of reasons that an individual(s) would want to attack corporate networks. The individuals performing network attacks are commonly referred to as network attackers, hackers, or crackers.
A few different types of malicious activities that network attackers and hackers perform are summarized here:
- Illegally using user accounts and privileges
- Stealing hardware
- Stealing software
- Running code to damage systems
- Running code to damage and corrupt data
- Modifying stored data
- Stealing data
- Using data for financial gain or for industrial espionage
- Performing actions that prevent legitimate authorized users from accessing network services and resources.
- Performing actions to deplete network resources and bandwidth.
A few reasons for network attackers attempting to attack corporate networks are listed here:
- Individuals seeking fame or some sort of recognition. Script kiddies usually seek some form of fame when they attempt to crash Web sites and other public targets on the Internet. A script kiddie could also be looking for some form of acceptance or recognition from the hacker community or from black hat hackers.
- Possible motives for structured external threats include:
- Greed
- Industrial espionage
- Politics
- Terrorism
- Racism
- Criminal payoffs
- Displeased employees might seek to damage the organization’s data, reliability, or financial standing.
- There are some network attackers that simply enjoy the challenge of trying to compromise highly secured networks’ security systems. These types of attackers simply see their actions as a means of exposing existing security vulnerabilities.
Network attacks can be classified into the following four types:
- Internal threats
- External threats
- Unstructured threats
- Structured threats
Threats to the network can be initiated from a number of different sources, hence the reason for network attacks being classified as either external or internal network attacks/threats:
- External threats: Individuals carry out external threats or network attacks without assistance from internal employees or contractors. A malicious and experienced individual, a group of experienced individuals, an experienced malicious organization, or inexperienced attackers (script kiddies) carry out these attacks. Such attackers usually have a predefined plan and the technologies (tools) or techniques to carry out the attack. One of the main characteristics of external threats is that they usually involve scanning and gathering information. Users can therefore detect an external attack by scrutinizing existing firewall logs. Users can also install an Intrusion Detection System to quickly identify external threats.
External threats can be further categorized into either structured threats or unstructured threats:- Structured external threats: These threats originate from a malicious individual, a group of malicious individual(s), or a malicious organization. Structured threats are usually initiated from network attackers that have a premeditated thought on the actual damages and losses that they want to cause. Possible motives for structured external threats include greed, politics, terrorism, racism, and criminal payoffs. These attackers are highly skilled on network design, avoiding security measures, Intrusion Detection Systems (IDSs), access procedures, and hacking tools. They have the necessary skills to develop new network attack techniques and the ability to modify existing hacking tools for their exploitations. In certain cases, an internal authorized individual may assist the attacker.
- Unstructured external threats: These threats originate from an inexperienced attacker, typically from a script kiddie. Script kiddie refers to an inexperienced attacker who uses cracking tools or scripted tools readily available on the Internet to perform a network attack. Script kiddies are usually inadequately skilled to create the threats on their own. They can be considered bored individuals seeking some form of fame by attempting to crash websites and other public targets on the Internet.
External attacks can also occur either remotely or locally:
- Remote external attacks: These attacks are usually aimed at the services that an organization offers to the public. The various forms that remote external attacks can take are:
- Remote attacks aimed at the services available for internal users. This remote attack usually occurs when there is no firewall solution implemented to protect these internal services.
- Remote attacks aimed at locating modems to access the corporate network.
- Denial of service (DoS) attacks to place an exceptional processing load on servers in an attempt to prevent authorized user requests from being serviced.
- War dialing of the corporate private branch exchange (PBX).
- Attempts to brute force password authenticated systems.
- Local external attacks: These attacks typically originate from situations where computing facilities are shared and access to the system can be obtained.
- Internal threats: Internal attacks originate from dissatisfied or unhappy inside employees or contractors. Internal attackers have some form of access to the system and usually try to hide their attack as a normal process. For instance, internal disgruntled employees have local access to some resources on the internal network already. They could also have some administrative rights on the network. One of the best means to protect against internal attacks is to implement an Intrusion Detection System and to configure it to scan for both external and internal attacks. All forms of attacks should be logged and the logs should be reviewed and followed up.
With respect to network attacks, the core components that should be included when users design network security are:
- Network attack prevention
- Network attack detection
- Network attack isolation
- Network attack recovery