Network Threats

written by: Randy Groegel; article published: year 2007, month 09;



In: Categories » Electronics and communication » Network security » Network Threats

The threats to a network should be known in advance of the design. The threats outlined here are organized into three categories:

· External attacks

· Internal attacks

· Physical attacks

Understanding the threats posed to a network connected to the Internet has several key benefits. This knowledge allows the network designers to protect against attack and compromise of systems, limit the effects of vulnerabilities, and isolate their interactions. The secure network architecture affects the ability of an organization to react quickly to an incident and to recover safely without loss while also adding to reliability and performance. The threats to a network and its systems are partially mitigated with a secure network architecture. Other factors that help alleviate risk are good security maintenance and diligence with regard to analysis of new and better security technologies.

External Attacks

External attacks are those that originate either from the Internet or from systems beyond the access device and target internal or external systems. External attacks are the most publicized and the most well-known form of attack. Stories of Web page defacements, viruses, Trojan programs, and denial of service by malicious system crackers and cyber-terrorists are common. Although invasive, reconnaissance probes and scans are not attacks. They are often precursors to an attack, however, because they provide vulnerability information to the attacker. The network components and their organization can minimize the risk associated with these attacks. External attacks occur against accessible services, systems, and networks; protection against external attacks includes the use of firewalls, network monitoring devices, distribution of services across multiple networks, and the establishment of bandwidth restrictions by protocol and service.

To protect against external attacks, it is useful to run services such as domain name servers, Web servers, and mail servers on separate systems and to restrict network access to them with a firewall. It is also beneficial to isolate these systems so they are unable to access any other system.

These methods protect the systems from compromise by establishing only one point of access to each system. Multiple services on a single system might present higher risk for denial of service and system compromise because there are several points to attack and the compromise of one service can provide access to the data for all other services on that system. The example of a single system that acts as a mail, Web, and domain name server establishes three targets for attack. Denial of service against any of these targets results in a loss of service to all of them, and compromise of any one service provides the attacker with access to the data of the remaining two.

Internal Attacks

As the name implies, internal attacks originate from inside the organization. Despite the media attention given to external attacks, internal attacks are more widespread and frequent than those committed by outsiders. Disgruntled employees, curious users, or accidental misuse all contribute to the frequency of internal attacks. Defense against these attacks is more complex because designers attempt to provide high security without restricting the needed functionality of the network. Users should only be given enough access and privileges to accomplish their work and to protect against internal threats. Examining network data paths and splitting services across multiple networks and systems help provide higher security and minimize the effects of attack.

Users should not, for example, be given full network access to all systems, servers, and network equipment. Most organizations do not want all users to have access to financial systems, or for all users to have access to sensitive project materials. The use of multiple networks and servers to differentiate between groups and departments allows enforcement of these restrictions.

Physical Attacks

Physical access is the final threat category. The ability to walk up to a system or piece of network equipment is the most dangerous of the risks. Simple actions such as unplugging equipment, rearranging cables, or physically damaging components can render the network unusable for long periods of time and at a high expense for repair. The location and access to the equipment that provides network service should be organized and secured. Aside from physical damage to network equipment, another aspect of physical attacks is the ability for a user to see and analyze network traffic that travels over the same network wires of the user's desktop computer. If the network is not physically laid out safely, the user can use a packet sniffer to intercept and read the passwords and private information of other users. This can be prevented by physically isolating network traffic, based on the needs of a particular system.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. 802.11i Wireless Security Standard and WPA
Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (RSN) as compared to traditional security network (TSN). The "i" IEEE task group was supposed to produce a new wireless security standard that should have completely replaced legacy WEP by the end of 2003. In the meantime, some bits and pieces of the incoming 802.11i standard have been implemented by wireless equipment and software vendor...

2. Proprietary Improvements to WEP and WEP Usage
The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards. The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues: All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design,...

3. Penetration Testing as Your First Line of Defense
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...

4. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...

5. Examples and Analysis of Common Wireless Attack Signatures
The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source on wireless network intrusion tool detection and attack signatures we are aware of is Joshua Wright's "Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection" and "Detecting Wireless LAN MAC Address Spoofing" papers. A large part of this tutorial is inspired by these brilliant articles and our experience of analyzing WLAN tr...

6. Deploying a Wireless IDS Solution for Your WLAN
How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none. There are many wireless IDS solutions that look for illicit MAC addresses and ESSIDs on the monitored WLAN. Some of these solutions are even implemented as specialized hardware devices. Although something is better than nothing, in our opinion such "solutions" are a waste of both money and time. They might also give you a false sense of security. Let's...

7. Hash Functions Their Performance and HMACs
Other widely used hash functions include 128-bit MD5 from RSA Data Security, Inc., which is a very fast and commonly implemented hash. MD5 is traditionally used to encrypt Linux user passwords (hashes start with the "$1$" character), authenticate routing protocols like RIPv2 and OSPF, create checksums of binaries in RPMs, and verify the integrity of Free/OpenBSD ports files. The specifications of MD5 are available in RFC 1321. Host intrusion detection tools like Tripwire (http://www.tripwire.com) use MD5 to take snapshots of a syst...

8. Introduction to Applied Cryptography and Steganography
One can set up a reasonably secure wireless or wired network without knowing which ciphers are used and how the passwords are encrypted. This, however, is not an approach endorsed by us and discussed here. Hacking is about understanding, not blindly following instructions; pressing the buttons without knowing what goes on behind the scenes is a path that leads nowhere. Besides, security and quality of service are tightly interwoven, incorrect selection of the cipher and its implementation method can lead to a secure but sluggish...

9. Streaming Ciphers and Wireless Security
Streaming algorithms were designed to avoid speed and throughput penalties due to the implementation of block symmetric ciphers in CFB and OFB modes when bit-by-bit data encryption is required. Streaming ciphers are based on generating identical keystreams on both encrypting and decrypting sides. The plaintext is XORed with these keystreams to encrypt and decrypt data. To generate the keystream, pseudo-random generators (PRNGs) are used, thus placing stream algorithms somewhere between easy-to-break simple XORing with a predefi...

10. Deploying a Linux Based Custom Built Hardened Wireless Gateway
We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stateful or proxy firewall that treats the interface connected to the WLAN side as an interface connecting the LAN to an insecure public network. The only specific requirement for the gateway is a capability to forward VPN traffic if VPN is implemented on the WLAN. Alternatively, the gateway can be a VPN concentrator if you want to cut s...