Recognizing External Threats

Now that we've discussed a model for classifying network threats, we can look at some of the common attacks in more detail. Entire books can be (and have been) written that solely discuss the kinds of threats that we look at in this section, so we'll be giving you a "birds-eye" view of the kinds of attacks that your network security design will need to guard against.

Denial-of-Service Attacks

As we've already mentioned, the DoS attack (and its first cousin, the DDoS attack) works to disrupt services on a network so that legitimate users cannot access resources they need. Some examples include attempts to disrupt the connection between two specific machines, or more commonly, attempts to flood an entire network with traffic, thereby overloading the network and preventing legitimate traffic from being transmitted. There can also be instances in which an illegitimate use of resources can result in denial of service. For example, if an intruder uses a vulnerability in your FTP server to upload and store illegal software, this can consume all available disk space on the FTP server and prevent legitimate users from storing their files. A DoS attack can effectively disable a single computer or an entire network.

A common venue of attack for DoS is against an organization's network bandwidth and connectivity; the attacker's goal is to prevent other machines from communicating due to the traffic flood. An example of this type of attack is the SYN flood attack. In a SYN flood, the attacker begins to establish a connection to the victim machine but in such a way that the connection is never completed. Since even the most powerful server has only a certain amount of memory and number processor cycles to devote to its workload, legitimate connection attempts can be denied while the victim machine is trying to complete these fake "half-open" connections.

Another common DoS is the so-called Ping of Death, where an attacker sends so many PING requests to a target machine that it is overloaded and unable to process legitimate network requests. An intruder might also attempt to consume network resources in other ways, including generating a massive number of e-mail messages, intentionally generating system errors that need to be included in Event Viewer logs, or misusing FTP directories or network shares to overload available disk space. Basically, anything that allows data, whether on a network cable or hard drive, to be written at will (without any type of control mechanism) can create a DoS when the attack has exhausted a system's finite resources.

Distributed Denial-of-Service Attacks

Distributed denial-of-service (DDoS) attacks are a relatively new development, made possible (and attractive to attackers) by the ever-expanding number of machines that are attached to the Internet.The first major wave of DDoS attacks on the Internet appeared in early 2000 and targeted such major e-commerce and news sites as Yahoo!, eBay, Amazon, Datek, and CNN. In each case, the Web sites belonging to these companies were unreachable for several hours at a time, causing a severe disruption to their online presence and effectiveness. Many more DDoS attacks have occurred since then, affecting networks and Web sites large and small.

Warning

Most publicity surrounding DDoS attacks has focused on Web servers as a target, but remember that any computer attached to the Internet can fall victim to the effects of a DDoS attack. This can include everything from file servers or e-mail servers to your users' desktop workstations.

The DDoS attack begins with a human attacker using a small number of computers, called masters. The master computers use network scanners to find as many weakly secured computers as it can, and they use system vulnerabilities (usually well-known ones) to install a small script or a service (referred to in the UNIX world as a daemon) onto the insecure computer. This machine becomes a zombie and can now be triggered by the master computer to attack any computer or network attached to the Internet. Once the organizer of the DDoS attack has a sufficient number of zombie machines under control, he or she will use the "zombi-fied" machines to send a stream of packets to a designated target computer or network, called the victim. For most of these attacks, these packets are directed at the victim machine.The distributed nature of the DDoS attack makes it extremely difficult to track down the person or persons who began it; the actual attacks are coming from zombie machines, and the owners of these machines are often not even aware that their machines have been compromised. Making matters even more difficult, most network packets used in DDoS attacks use forged source addresses, which means that they are essentially lying about where the attack is coming from.

Viruses, Worms, and Trojan Horses

Viruses,Trojans, and worms are quite possibly the most disruptive of all security threats that we discuss in this section. These three types of threats, working alone or in combination, can alter or delete data files and executable programs on your network shares, flood e-mail servers and network connections with malicious traffic, and even create a "back door" into your systems that can allow a remote attacker to entirely take over control of a computer.You'll often hear these three terms used interchangeably, but each type of threat is slightly different. A virus is a piece of code that will alter an existing file and then use that alteration to recreate itself many times over. A worm simply makes copies of itself over and over again for the purpose of exhausting available system resources. A worm can target both hard drive space and processor cycles.

Business intelligence...

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment