What is Threat?
Threat: A threat is a potential violation of security. A threat is a circumstance that has the potential to cause loss or damage whereas an attack is an attempted to cause damage. e.g. a DoS attack.
The threats to applications can be exploited via input validation
- SQL injection
- Buffer overflow
- HTTP header manipulation
- Cookie manipulation etc.
Types of Network Security Threats
Internal Threats are performed by the inside employee within the organization and harm the organization intentionally or by accident. Most of the attacks are performed by the authorized user of the network. The main reason of inside attacks can be disrespect or lack of security awareness. Internal attacks are more dangerous than the external attacks because external attacks are familiar with security policies or regulations of the organization.
External attacks can be any user who is well known with the compromising techniques or a number of users who can work together to destroy the Goodwill, of the prestigious company. Attackers who performed external attacks have predefined and specialized tools techniques, procedures, processes to successfully gain access of the network.
External Threats are of two types
- Structured external threats
- Unstructured external threats
Structured External threats
External Threats are done by highly skilled professionals who quickly identify the vulnerabilities which are already existed or newer ones, can perform the exploits to compromise their own network. Structured external Threats can be done by the individuals of the group of users.
Unstructured External Threats
Are done by inexperienced or script kiddies who are working with available hacking tools and scripts to perform the attack and see what is happening with that attack. These types of attacks are generally executed to gain knowledge of their hacking skills and testing their skills. These kinds of threats can lead harm to the organization
What is Vulnerability?
Weakness or implementation error that can compromise the security of the system. Any discovered vulnerability must be addressed to mitigate any threat that could take advantage of the vulnerability. Vulnerabilities are the gaps or weaknesses that undermine an organization’s IT security efforts, e.g. a firewall flaw that lets hackers into a network. Vulnerabilities can be physical or electronic, such as software or operating system glitch.
Vulnerabilities can be either intentional or unintentional and, in some cases, automated, eg. when hackers use bots. Within the context of IT security, vulnerabilities are known as weaknesses.
3 Types of Network Security Vulnerabilities:
The technological vulnerability exists due to pain and weakness in the operating system like printer scanners or other network devices. Undertaker can detect the loopholes/ back doors in the protocols like FTP, ICMP. Attackers also find the authentication weaknesses in the network devices like router and switches. To remove the technological vulnerabilities the regular security audits done by the network administrator or information security officers that will help them to keep track off of unauthorized or irrelevant activities on the network of the organization.
Configuration vulnerabilities occurred due to the misconfiguration of network devices. These kinds of vulnerabilities exist when an administrator configures the system services in securely or working on the default settings or improper password Management etc.
System account vulnerability – like we set a weak password to the system accounts.
Default password and setting- sometimes network devices and products are installed with the default passwords and the default configuration
Network device misconfiguration- the device is misconfigured itself by the administrator
User account type of vulnerabilities– user shares the of login details like username and the password over the network insecurely
3. Security Policy
Security policy vulnerabilities occur due to improper creation and enforcement of the security policy. If the security policy is present in the organization but it is not regularly monitored or upgrade by the administrator, it can lead to who exploits the systems.
5 Main Reasons For Network Security Breaches:
- Hardware/software misconfiguration:
Security loopholes are created for a secure configuration of the hardware/ software in the network e.g. misconfigured or the use of unencrypted data may lead to network intrusion resulting in a leak of sensitive information configuration of the hardware may allow the attacker to compromise the system.
2.Insecure design of the network:
Improper and insecure design of the network may cause a number of threats and the probability of data loss e.g. if firewalls, IPS, IDS, or VPN technologies are not properly aligned securely they will expose the network to the different threats
3. Parent’s tech weakness:
Hardware or software is not capable of defending the network against a certain type of attacks then it will be vulnerable to the attack e.g. if an earlier version of a browser is running on the system then there will be a higher chance of being vulnerable to the different types of attacks if the system is not updated a small malicious code will force to the attacker to format all the data from the system
4. The intentional approach of any user:
if a person is intentionally creating a problem with the system it can lead to loss to the data and company for example if an ex-employee still have the access of the shared drive and it can misuse that company sensitive information/data it is lead to the intentional user approach
5. Careless handling of the devices:
Users carelessness create the biggest impact on network security, various social engineering techniques can be used to impact the company if any user share account information or login details this will forward to the loss of data and disclosure of the information and also making a connection to an unsecured network lead to the attack from the third party.
Network Security Attacks
Reconnaissance is where an attacker enumerates information about a target environment before completing their later objectives in the attack such as elevating their privileges or stealing sensitive information.
- Social engineering attacks
Social engineering is a technique where targets accidentally share their conditions for their private information on the network. The attacker uses this information to perform the attack. An attacker gathers information about the target in organizations from the various resources like official websites of the target organization where they uploaded employees ID, names, email addresses extra.
- Port scanning
Running a port scanning technique gives the attackers attack to vulnerable ports on the target machines, when they access the port positively they can exploit the system.
- DNS footprinting
DNS footprints think is a technique that can help of DNS query processing of the tools like DNS lookup and who is. These queries result in the information about a specific domain or the IP address
- Ping sweep
Ping Sweep is a technique that can help to locate the open or Live Port in the network through the ICMP request. ICMP sweep can be stopped by configuring ACL in the network
- ICMP scanning
The attackers send the ICMP packet to the system and gather information about it, ICMP scanning helps an attacker to find out the host are running in the network or not. They using the technique by scanning them with the help of scanning tools like NMAP
Denial of services is an attack that restricts authorized users to accept the computer on the network. Dos attack target network connectivity and network bandwidth. Connectivity attack overflows a server with the huge number of connection request to consume all system resources so the computer cannot process the legitimate user request
A distributed denial of service attack is a large scale attack on the availability of the services on the target system or network device. Distributed denial of service attack is launched indirectly through many compromises on the network
- Password attacks
Password attacks are performed to gain unauthorized access or control the target computer system. Attackers try to gain users’ passwords with Different techniques and authenticate with the system to get access to a root user they perform Different techniques to crack the passwords of servers and routers to get access. The use their techniques like brute-force social engineering spoofing phishing malware and key loggers etc.
- Network sniffing
Network sniffing includes capturing inspecting decoding and interpreting the information inside a packet on a network the main purpose of the sniffing is to steal information like user id password network details etc. Sniffing is generally known as a passive type of attack where protector attacks on the network sitting invisible. The TCP IP packet contains sensitive information required for two network interfaces to commute with each other
Related Books: CEH v9: Certified Ethical Hacker Version 9 Study Guide
- MITM attack
The MITM is also known as the man in the middle attack it is basically a type of is dropping attack where the communication between two networks is monitored for altered by third unauthorized user with the help of man in the middle attack, an attacker can exploit the conversation for transfer of other data it is like session hijacking attack
Must Read: What is MITM? Types of MITM
- DHCP Starvation
In the DHCP starvation attack, an attacker continuously sends the DHCP request to the DHCP server so that all the available IPS are used by the attacker. As a result DHCP server cannot able to issue IP addresses to users and those clients are unable to renew their IP addresses
DHCP starvation attacks the attacker floods number of DHCP requests with fake MAC addresses. This attack is similar to the synchronization flood attack.
To preventing the DHCP starvation attack the port security Method can be used it can limit the number of Mac addresses that can access the port. DHCP snooping is another method that can prevent the DHCP starvation attack
- MAC Spoofing/ duplication
Mac duplication attack is performed by sniffing a network for Mac addresses of users/ clients which are actively connected with the switch port and reusing one of those addresses. Mac duplicating attack allows the attacker to gain access or connect to the network by duplicating another client’s identity that is already connected to the network.
This attack allows attackers to bypass authentication checks or steal sensitive information or spread the malicious code. In this attack, the attacker first gains the MAC address of the connected client and duplicates his own MAC address with gained MAC address. If this process is successful then the attacker can receive all the traffic to his own machine.
- Malicious code attacks
Malware is the malicious program that can install on the system without giving any information to the user it can disrupt services, gather sensitive information, corrupt the files, damaged system files, etc. Examples of Malware are viruses, Trojan horses, adware, rootkit, backdoor, etc. The virus is a self-replicating program that attaches to another file for boot sector or to a document itself. A trojan is a program that appears to be good or useful software but contains hidden and malicious code.
Adware is a software program that tracks the users browsing patterns for digital Marketing purposes and showing advertisements. It collects the information/ data such as what type of internet sites the user visits, what kind of products the user searches on the internet.