Search this blog

Monday, February 15, 2010

Day 5: Security Threats

These are some common techniques that focus on the user as the weak link:
  • Pretexting: an attacker masquerades as the helpdesk or creates a legitimate-sounding scenario to convince the user to reveal sensitive network information.
  • Phishing: an attacker sends an email posing as a legitimate organization and requests verification of account username and passwords.
  • Vishing/phone phishing: an attacker uses Voice over Internet Protocol (VoIP) to leave a message with a user that claims to be from a banking service with a callback number.
Attackers can also use software in many forms to gain access to a network:
  • Virus: typically attached to and activated within another legitimate program.
  • Worm: runs independently to send copies of itself.
  • Trojan horse: looks like a legitimate program to trick the user into intalling.
  • Denial of service (DoS): attackers also use bandwith and available connections to affect the network's operation. A DoS attack floods a network or server with traffic, preventing any legitimate connections or use.
Overview of various Network Service Attacks:
  • DoS - Synchronous (SYN) flooding: flooding a server with requests from a fake IP address and cause the server to use resources responding to these requests.
  • DoS - Ping of death: attackers send a ping greater than the maximum allowed and causes a system to shut down.
  • DDoS - Distributed Denial of Service: attackers use multiple hosts to attack a single server or servcie. Usually there'll be botnets used to attack a target site.
  • Brute force: repeated attempts to crack usernames/passwords with software that uses combinations.
Besides all these there are also spyware, cookies, spam, even randomware nowadays:

Don't forget that internal users can also (un)intentionally harm a network and an ISP should be the first line of defence!

Here are some common methods for protecting our networks:
  • Patch
  • Update
  • Virus protection
  • Spyware protection
  • Spam blocker
  • Popup blocker
  • Firewall

No comments:

Post a Comment