Tuesday, January 5, 2021

Different Types Of Network Attacks And Security Threats And Counter Measures

Different Types Of Network Attacks And Security Threats And Counter Measures





There are at least seven types of network attacks. Any internet connected device necessarily sends IP datagrams into the network. Such internet data packets carry the sender's IP address as well as application-layer data. If the attacker obtains control over the software software running on a network device, they can then easily modify the device's protocols to place an arbitrary IP address into the data packet's source address field. This is known as IP spoofing, which makes any payload appear to come from any source. With a spoofed source IP address on a datagram, it is difficult to find the host that actually sent the datagram. The countermeasure for spoofing is ingress filtering. Routers usually perform this. Routers that perform ingress filtering check the IP address of incoming datagrams and determine whether the source addresses that are known to be reachable via that interface. If the source addresses that are known to be reachable via that interface.





If the source address is not in the valid range, then such packets will be discarded. Packet sniffing is the interception of data packets traversing a network. A sniffer program works at the Ethernet layer in combination with network interface cards (NIC) to capture all traffic traveling to and from internet host site. Further, if any of the Ethernet NIC cards are in promiscuous mode, the sniffer program will pick up all communication packets floating by anywhere near the internet host site. A sniffer placed on any backbone device, inter-network link or network aggregation point will therefore be able to monitor a whole lot of traffic. Most of packet sniffers are passive and they listen all data link layer frames passing by the device's network interface. There are dozens of freely available packet sniffer programs on the internet. The more sophisticated ones allow more active intrusion. The key to detecting packet sniffing is to detect network interfaces that are running in promiscuous mode.





Host-based : Software commands exist that can be run on individual host machines to tell if the NIC is running in promiscuous mode. Network-based : Solutions tend to check for the presence of running processes and log files, which sniffer programs consume a lot of. However, sophisticated intruders almost always hide their tracks by disguising the process and cleaning up the log files. The best countermeasure against sniffing is end-to-end or user-to-user encryption. Before attacking a network, attackers would like to know the IP address of machines on the network, the operating systems they use, and the services that they offer. With this information, their attacks can be more focused and are less likely to cause alarm. The process of gathering this information is known as mapping. In general, the majority of network communications occur in an unsecured or "clear text" format, which allows an attacker who has gained access to data paths in your network to "listen in" or interpret the traffic.





When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Counter measures are strong encryption services that are based on cryptography only. Otherwise your data can be read by others as it traverses the network. This is a technique that takes advantage of a weakness in the TCP/IP protocol stack, and the way headers are constructed. Hijacking occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data. Man-in-middle attacks are like someone assuming your identity in order to read your message.