Friday, April 27, 2012

Common networking attack threats and solutions

Network attacks can be classified into four basic groups. Namely

  • Reconnaissance Attacks
  • Access attack
  • Denial of Service Attack
  • Worms, Viruses and Trojan Horses
The purpose of an attack would be to compromise and cripple a system such that it would take a long time to be able to fully repair to system. 

A reconnaissance attack would be mainly about learning information relating to a target network by using publicly available resources, eg: Company's website, employee's profile, etc. Gaining the IP address of the company as well as the domain name would also be part of such an attack. 

Although such an attack seems fairly harmless, it allows the perpetrator to gain information about the network such as which IP addresses are in use, the times of inactivity and which ports are active. Furthermore, the intruder would also be able to determine to type of application and operating system used by querying the ports. With this information, the attacker would then be able to plot an attack at the times of lowest security i.e. times of inactivity and hence perform a DoS attack such as a ping of death.

Reconnaissance attacks cannot be prevented entirely, but there will be signs of recon attacks that intrusion detection systems (IDS)  can determine such as ping sweeps and port scans, and hence the administrator would be able to minimize the damage done to the system in the actual event of a DoS attack preceding the recon. 

This is an example of port scanning.                            


















This is an example of an intruder gaining IP address and domain name information about an organization.


Posted by at 1 comment:

Security Policy

A security policy can be defined by by a formal set of rules established by a company in which employees who have access to the organization's technology, information assets must follow strictly to ensure that the employees do not accidentally reveal classified information pertaining to the organization.

A security policy would also ensure that there is a proper set of guidelines that the staff can follow in the events of security incidents and hence the staff would not be at a loss of how to react if such an incident, eg: unauthorized entry, fires, etc. The policy would also address security mechanisms in the company such as the implementation of proper up-to-date locks and electronic doors that the company would have.

A security policy can be composed of many factors. Two main elements which make up the policy would be network design factors and Internet threats.

Network Design Factors

This factor can be branched out into

  • Data Assessment
  • Host Addressing
  • Application Definition
  • Usage Guidelines
  • Topology/ Trust Model


Internet Threats


This section contains the type of threat vectors that could come from the Internet

  • Vulnerabilities
  • Denial of Service
  • Misuse
  • Reconnaissance
In conclusion, security in an organization can be related to both the employees, as well as the proper implementation of security devices, these can only be done if there is a proper security policy established in the company.
Posted by at No comments:
Subscribe to: Posts (Atom)