In: Categories » Computers and technology » VPN » Attacks can be divided into three main categories
Attacks can be divided into three main categories:
- Reconnaissance Attacks Hackers attempt to discover systems and gather information. In most cases, these attacks are used to gather information to set up an access or a Denial of Service (DoS) attack. A typical reconnaissance attack might consist of a hacker pinging Internet Protocol (IP) addresses to discover what is alive on a network.The hacker might then perform a port scan on the system to see which applications are running, and to try to determine the operating system (OS) and version on a target machine.
- Access Attacks An access attack is one in which an intruder attempts to gain unauthorized access to a system to retrieve information. Sometimes the attacker has to gain access to a system by cracking passwords or using an exploit. At other times, the attacker already has access to the system, but needs to escalate his or her privileges.
- DoS Attacks Hackers use DoS attacks to disable or corrupt access to networks, systems, or services.The intent is to deny authorized or valid users access to these resources. DoS attacks typically involve running a script or a tool, and the attacker does not require access to the target system, only the means to reach it. In a Distributed DoS (DDoS) attack, the source consists of many computers that are usually spread across a large geographic boundary.
Recognizing Network Security Threats
In order to effectively protect your network, you must consider the following question: From who or what are you protecting it? In this section, we approach the answer to that question from three perspectives:
- Who are the people that break into networks?
- Why do they do what they do?
- What are the types of network attacks and how do they work? First we look at intruder motivations and classify the various types of people who have the skill and desire to hack into others’ computers and networks.
Understanding Intruder Motivations
There are probably as many different specific motives as there are hackers, but the most common intruder motivations can be broken down into a few broad categories:
- Recreation Those who hack into networks “just for fun” or to prove
their technical prowess; often young people or “antiestablishment” types.
- Remuneration People who invade the network for personal gain, such as those who attempt to transfer funds to their own bank accounts or erase records of their debts, and “hackers for hire” who are paid by others to break into the network. Corporate espionage is also included in this category.
- Revenge Dissatisfied customers, disgruntled former employees, angry competitors, or people who have a personal grudge against someone in the organization. The scope of damage and the extent of the intrusion are often tied to the intruder’s motivation.
Recreational Hackers
Teen hackers who hack primarily for the thrill of accomplishment, often do little or no permanent damage, perhaps only leaving “I was here” messages to “stake their claims” and prove to their peers that they were able to penetrate your network’s security. There are also more malevolent versions of the fun-seeking hacker.These cybervandals get their kicks out of destroying as much of your data as possible or causing your systems to crash.
Profit-motivated Hackers
Hackers who break into your network for remuneration of some kind either directly or indirectly are more dangerous. Because money is at stake, they are more motivated than other hackers to accomplish their objective. Unfortunately, the number of these hackers is increasing dramatically, especially with the profitability of identity theft. Furthermore, because many of them are “professionals”, their hacking techniques could be more sophisticated than those of the average teenage recreational hacker. Monetary motivations include:
- Personal financial gain
- Corporate espionage
- Third-party payment for the information obtained
Those motivated by the last goal are almost always the most sophisticated, and the most dangerous. Money is often involved in the theft of identity information. Identity thieves can be employees who have been approached by any number of malicious organizations and offered money or merchandise or even threatened with blackmail or physical harm. In some instances, hackers go “undercover” and seek a job with a company in order to steal data that they can give to their own organizations.To add insult to injury, these “stealth spies” are then paid by your company at the same time they’re working against you. There are also “professional” freelance corporate spies that can be contracted to obtain company secrets, or they might do it on their own and auction the data off to competitors. These corporate espionage agents are often highly skilled.They are technically savvy and intelligent enough to avoid being caught or detected. Fields that are especially vulnerable to the threat of corporate espionage include:
- Oil and energy
- Engineering
- Computer technology
- Research medicine
- Law
Any company on the verge of a breakthrough that could result in large monetary rewards or worldwide recognition, should be aware of the possibility of espionage and take steps to guard against it.
legal notice
Our website is not responsible for the information contained by this article. Web-articles is a free articles resource.
Suggestion: If you need fresh, daily updated content for your website, feel free to use our service. Click here for more information.
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above.
related articles
Who Needs Remote Access? Determining who needs to use your VPNs is not an easy task that can be done in just minutes. It is not uncommon for almost every employee to need some form of VPN access at one point or another.This introduces many challenges from user management to the auditing of your systems and individual access logs.This is an area in which your user groups and centralized user management systems will play an important role. It will help ensure your access rights are secure and grant...
2. System and Software Exploits
System and software exploits allow hackers to take advantage of weaknesses of particular OSs and applications (often called bugs). Like protocol exploits, they are used by intruders to gain unauthorized access to computers or networks, or to crash or clog up the systems to deny service to others. Common bugs can be categorized as follows: - Buffer Overflows Many common security holes are based on buffer overflow problems. Buffer overflows occur when the number ...
3. Types of attack and protocols
Phishing, the new information gathering technique, is spreading and becoming more sophisticated. Phishing e-mails either ask the victim to fill out a form or direct them to a Web page designed to look like a legitimate banking site.The victim is asked for personal information such as credit card numbers, social security number, or other data that can then be used for identity theft.There has been at least one insidious phishing scheme that uses a Secure Sockets Layer (SSL) certificate so that the data...
4. Attacks over TCP and UDP ports
TCP/UDP Ports A port number is a virtual “mail slot” on each of these machines. Applications running on computers listen to the Internet for incoming information on these ports. Certain applications listen on certain ports.The Internet Assigned Numbers Authority (IANA [www.iana.org]) defines these ports (e.g.,Web servers listen on ports 80 and 443 and File Transfer Protocol (FTP) servers listen on port 21. Hypertext Transfer Protocol (HTTP), Hyper-Text Transfer Protocol Secure socke...
5. Application Proxy and Gateway Firewalls
Firewall Types There are two basic types of firewalls: Application Proxy and Gateway. Gateways are divided into packet filters and stateful inspection firewalls.These differ in function and design and have different uses in network architecture. Never try to have one type of firewall do the duty of another type. It is better to have a well-run and securely configured firewall doing its intended job, than to have something doing a job for which it wasn’t designed.This is an invitati...
6. The inspection of TCP IP packets
The Inspection Process The inspection of TCP/IP packets is a multi-step procedure. What follows is a summary of the steps, not necessarily in order : 1. A packet arrives at the outside interface. It is checked for permitted or denied ports and IP addresses. Note that stateful inspection firewalls require both a port and an IP address. IP addresses can be in the form of a single machine, group of IP addresses, or “any,” meaning any valid IP address on the spec...
7. Lower Data Transfer Rates Than a Packet Filter
Networking Standard A stateful inspection firewall is the de facto standard for network protection at this time. Installing less is not a wise move without good reason (e.g., a requirement for the fastest possible data transfer while maintaining some protection for the internal network). Performance and Protection The balance of performance versus protection between a packet filter and an application proxy is excellent. Since stateful inspection is the curre...
8. RFC 959 specifies the commands that a minimum implementation
Minimum Implementation RFC 959 specifies the commands that a minimum implementation of FTP must support, and RFC 1123 updates this list with additional commands. The implementation specified by RFC 1123 is more capable in handling communications between computers that may use different operating systems, file systems, and firewall protection. However, RFC 1123 says that computers whose operating system or file system doesn’t allow or support a command aren’t obligated to add support for it. So f...