Common attacks and Exploits

Denial of Service (Dos)

Distributed Denial of Service (DDoS)
Back door
Spoofing
Man in the middle
Replay
Session hijacking
DNS poisoning
Password guessing
Software exploitation

1
Common attacks and Exploits
War dialing
War driving
Buffer overflow
SYN flood
ICMP flood
UDP flood
Smurfing
Sniffing
Ping of death

2
Common attacks and Exploits
Denial of Service (DoS)
A denial of service attack causes disruption of service to
legitimate users.
For example, causing a web server to overload, due to
which browsers would be unable to view the websites on
that web server, or overloading a file server so that users
are unable to access their home folders.
Work by:
Resource exhaustion
Application or OS crash

3
Denial of Service (DoS) attacks in the context of
information privacy and security can disrupt the
availability of data, services, or systems, thereby
compromising the confidentiality, integrity, and availability
of sensitive information. Here are some examples of how
DoS attacks can impact information privacy and security:
1. Server Overload (Traffic-based DoS):
In a web application or online service, an attacker floods
the server with a high volume of requests, causing it to
become overwhelmed. This can lead to the unavailability
of the service, potentially exposing sensitive data to
unauthorized access.
Computer Network Security 4
2. Resource Starvation (e.g., Memory or
CPU Exhaustion):
An attacker exploits vulnerabilities in a system or
application to consume its resources, such as memory or
CPU. This can result in the system becoming
unresponsive, affecting the availability of services and
potentially exposing sensitive data.

Computer Network Security 5

3. Network-based Attacks (e.g., SYN
Flood):

Attackers flood a network with a large number of

connection requests, consuming network resources
and making it difficult for legitimate users to
access network services. This can impact the
availability of sensitive data transmitted over the
network.

Computer Network Security 6

4. Distributed DoS (DDoS):

• In a DDoS attack, a network of

compromised devices, often referred to as a
botnet, is used to simultaneously flood a
target with a massive volume of traffic.
DDoS attacks can disrupt network services,
making sensitive information inaccessible.

Computer Network Security 7

5. API or Service Abuse:

Attackers repeatedly and maliciously use or

abuse legitimate APIs or web services to
generate excessive traffic, making it
difficult for authorized users to access the
services. This can impact the availability of
data and services.

Computer Network Security 8

6. DNS Reflection/Amplification Attacks:

Attackers exploit open DNS servers to send

requests to a target, resulting in a flood of
DNS responses. This can lead to service
unavailability, affecting the integrity and
availability of information.

Computer Network Security 9

 7. Application-Layer Attacks:

Attackers target specific applications

with complex and resource-intensive requests,
causing them to slow down or crash. For
example, XML and HTTP-based attacks can
affect web applications, potentially exposing
sensitive data.

Computer Network Security 10

8. Router and Infrastructure Attacks:

Attackers target the network infrastructure,

such as routers and switches, causing them
to become overwhelmed. This can lead to
service disruptions, affecting the availability
and confidentiality of data.

Computer Network Security 11

9. Botnet Attacks:

Attackers use botnets to orchestrate large-

scale DoS attacks. These attacks can target
critical infrastructure, affecting the
availability and confidentiality of sensitive
information.

Computer Network Security 12

10. Zero-Day Exploits:
• Attackers discover and exploit previously
unknown vulnerabilities in software or hardware,
causing system crashes or slowdowns. This can
impact the availability and integrity of data.

Computer Network Security 13

Mitigating and preventing DoS attacks is a
critical aspect of information privacy and
security. Organizations should implement
security measures, such as intrusion
detection systems, firewalls, content
delivery networks (CDNs), and traffic
filtering, to protect against and mitigate the
impact of DoS attacks.

Computer Network Security 14

Common attacks and Exploits
Distributed Denial of Service (DDoS)
A distributed denial of service attack is when
several machines taken over by an attacker launch
a coordinated denial of service attack against a
common target to achieve a far greater impact.
These are compromised machines.
See http://grc.com/dos/grcdos.htm for a good
example of this type of attack.

15
Common attacks and Exploits
Back door
A backdoor is an opening in a software which allows entry
into the system/application without the knowledge of the
owner.
Backdoors are sometimes left by the developer
intentionally, and sometimes exist by virtue of bad
programming logic and practices.
Spoofing
Some communication protocols use a host’s IP address as a
trust and authentication mechanism.
An attacker may forge the IP address of a trusted host to
fool the target into trusting the attacker’s machine

16
Common attacks and Exploits
Man in the middle
Man in the middle attacks are launched by placing oneself in the
middle of a communication session, so as to intercept the traffic.
The attacker may merely passively listen in on the conversation or may
introduce other information into the traffic.
Replay
The attacker uses a packet sniffer to capture packets on the wire and
extracting information from them.
For example, username and passwords, and later placing the same
information back on the wire so as to have the target believe that it is a
new legitimate session.
Session hijacking
This is when an attacker takes over a communication session between
two hosts.

17
Common attacks and Exploits
DNS poisoning
Wrong information may be added to your DNS files. Your host will be
directed to the wrong direction due to DNS poisoning.
Password guessing
Password guessing is an attack on the authentication credentials on any
system.
One form of password guessing is brute force attacks in which an
attacker uses every single possible key to try and crack the passwords.
In another form, known as dictionary attack, all words in a dictionary
file are tried as passwords.
Software exploitation
These are attacks against a system’s software bugs or flawed code.

18
Common attacks and Exploits
War dialing
In order to gain access into a network, the organization’s range of PBX
numbers is used as input to a war dialer program, which dials all those
phone numbers using a modem, and logs whether or not the call was
answered by a modem.
War driving
These are attacks against wireless networks, which work by passing
from outside the building with a wireless Ethernet card in promiscuous
mode.
Buffer overflow
Buffer overflow attacks are due to poorly written code which does not
check the length of variable arguments.

19
Common attacks and Exploits
SYN flood
Occurs when a network becomes so overwhelmed by SYN packets
initiating incomplete connection requests that it can no longer process
legitimate connection request causing high CPU, memory, and NIC
usage.
ICMP flood
An ICMP flood occurs when ICMP pings overload a system with so
many echo requests that the system expends all its resources
responding until it can no longer process valid network traffic.
UDP flood
Similar to the ICMP flood, UDP flooding occurs when UDP packets
are sent with the purpose of slowing down the system to the point that
it can no longer handle valid connections.

20
Common attacks and Exploits
Smurfing
An ICMP echo request is sent to a network’s broadcast
address with a spoofed source IP address.
The spoofed machine is then overwhelmed with a large
number of echo replies.
Sniffing
Sniffing uses protocol analyzers or packet sniffers to
capture network traffic for passwords or other data.
Ping of death
Ping of death attack uses oversized ICMP echo requests to
a hosts in an attempt to crash it.

21
TCP Three-way handshake

22
Security implementation
Identify what you are trying to protect.
Determine what you are trying to protect them
from.
Determine how likely the threats are.
Implement steps that protect your assets in a cost
effective manner
Review the process continuously making
improvements when you find a weakness

23
Assets needing to be protected
Physical resources
Intellectual resources
Time resources
Perception resources

24
Physical resources
Anything that has a physical form
Routers, hubs, switches, servers etc

25
Intellectual resources
Sometimes harder to identify
Exist in electronic form only
Any information that plays a vital role in
your organization’s business
Software, financial records, database
records, schematics, emails etc

26
Time resources
An important resources which is overlooked
quite often in a risk analysis.
To evaluate what lost time costs your
organization, make sure to include all
consequences of lost time

27
Perception resources
Risk of damage to perception is the cause of
significant trouble
Following the DoS attacks of February
2000, the stock prices of the affected
companies fell
Following breach of Microsoft’s system
followed speculation about the credibility of
products

28
Sources to protect from
Internal network
Access from field offices
Access from WAN link to the business
partners
Access through the Internet
Access through modem pools

Computer Network Security 29

Internal systems
A vast majority of attacks originate from
within the organization
Using firewalls protects from external
threats, but it is still the employees that are
responsible for the greatest amount of
damage or compromise of data, because
they have the insider’s view of how your
network operates

30
Internal attacks
Disgruntled employee or ex-employee
Not so computer literate management with
access privileges
A company’s CEO insisted on having
administrative privileges on the NetWare
server and inadvertently deleted the cc:Mail
directory

31
External attacks
Competitors
Stealing designs, financial statements, making network resources
unavailable
Shorten development time
Equip their products with better features
Second lowest price website DoS
Militant viewpoints
If your organization has controversial viewpoints
High profile
An organization with high visibility is a good candidate for an attack
for merely the sake of notoriety or a wider audience

32
Threat assessment
Network security attacks are malicious or
unintentional attempts to use or modify
resources available through a network in a
way they were not intended to be used
The goal of network security is to protect its
assets from network attacks.

33
Network attack types
Unauthorized access to resources or
information through the use of a network
Unauthorized manipulation and alteration of
information on a network
Denial of service

34
Network security goals
Based on the three types of attacks, the
goals of network security are to:
Ascertain data confidentiality
Maintain data integrity
Maintain data availability

35
Risk assessment
After threat identification, the likelihood must be
determined
Security is expensive
It is not feasible to protect against all types of
attacks
It is wise to protect against the most likely threats
Two things are important in risk assessment:
The likelihood of a particular attack against the
resource.
The cost in terms of damages to the network in case of
a successful attack

36
Risk assessment
It is often useful to divide the risk analysis into three
categories:
Confidentiality
Integrity
Availability
If an asset’s availability is critical and the likelihood of an
attack is high, the asset’s risk level can be considered high
e.g., a high visibility web server is a high risk asset in
terms of availability
An FTP server used internally, which is not visible from
the outside has a lower risk level in terms of availability
but a high risk level in terms of confidentiality
Note that all risk assessments are relative

37
Network security policy
Having determined the risk level of various assets, the next
step is to formulate a security policy
A security policy must prioritize mitigation of threats
against high risk assets and then spend the rest of its
resources to protecting the lower risk assets
Defines a framework for protecting the assets connected to
a network
Defines access rules and limitations for accessing various
assets
A source of information for users and administrators as
they:
Setup, Use and Audit the network

Computer Network Security 38

Network security policy
Should be broad and general in scope
Provide a high level view of the principles on which
security related decisions should be taken
Should not go into the details of how security is to be
implemented
The details can change overnight, but the general
principles of what these details are trying to achieve should
remain the same
Roles played by the policy:
Clarify what is being protected and why
State who is responsible for providing the protection
Provide grounds on which to interpret and resolve any future
conflicts

39
Network security policy
The first point is an offshoot of the asset identification and
risk analysis
Those responsible for the protection can be one or more of
the following:
Users
Administrators and managers
Network usage auditors
Managers who have overall ownership of the network and its
associate resources
The third point places responsibility on shoulders of a
particular person to resolve any conflicts
A network policy should be such that it can be
implemented using existing technology, it shouldn’t
contain elements that are not technically enforceable

40
Network security policy
In terms of ease of use there are two types of
network security policies:
Permissive: that which is not expressly prohibited is
allowed
Restrictive: that which is not expressly allowed is
prohibited
It is better to have a restrictive policy and then
based on usage open it up for legitimate uses
A permissive policy will have holes in it no matter
how hard you try to plug all holes

41
Network security policy
A security policy must balance:
Ease of use
Network performance
Security aspects
An overly restrictive policy costs more than a
slightly more lenient one might make up for it in
terms of performance gains
Minimum security requirements as identified by
risk analysis must be met for a security policy to
be practical.

42
Implementation
Implementation of Network security
involves technical and non-technical aspects
It is important to come up with a design
agreeable for all involved parties
The following points must be kept in mind
before implementation:
All stakeholders (including users and
management) must agree on the policy

43
Implementation
It is crucial to educate all parties including
management on why security is necessary. This
education must continue in case of newcomers
Management and financial people must be
educated about the cost and risk analysis
because security is expensive and is not a one-
time expense
Responsibilities of people and their reporting
relationship must be clearly defined

44
Implementation
The next step is network security design
Translate security policy into procedures
which are usually laid out tasks that must be
completed to implement the security policy
Execution of these procedures results in a
network design that can be implemented
using various devices

45
Implementation
The following are components of network
security design:
Device security features such as administrative
password
Firewalls
Remote access VPN concentrators
Intrusion detection
Access control and limiting mechanisms

46
Audit and improvement
It is important to continually analyze, test and
improve the security policy after implementation
This can be done through:
Formal security audits
Day-to-day checks based on operational measurements
Audits can also be done using automated tools
An important purpose of audits is to keep the users
aware of implications of their actions

47
Audit and improvement
Can help identify bad user habits
There should be schedule and random audits
A random audit will help:
Catch the organization with its guards down
Reveal weakness during maintenance etc
If the audit reveals technical issues, they can be
fixed by technical means
Other issues can be addressed by user education
programs

48
Audit and improvement
Education programs should not go into
minute details, but focus on the goals of the
policy and how the user can help in its
implementation
Using examples of what they did wrong
would cause the users to think that they can
not do any wrong unless they are caught
doing wrong

49